Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

Analysis

  • max time kernel
    503s
  • max time network
    556s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-08-2024 16:05

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1ycPVXB8LX19SOkPPnUO6OX3YzrxzRENc/view?usp=sharing

Score
10/10
wannacrydefense_evasiondiscoveryexecutionimpactpersistenceprivilege_escalationransomwarespywarestealerupxworm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 23 IoCs
  • Loads dropped DLL 32 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Blocklisted process makes network request 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
    defense_evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs
  • Drops file in System32 directory 18 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 51 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 46 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 3 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • NTFS ADS 10 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 50 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsass.exe
    1⤵
      PID:668
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch -p
      1⤵
        PID:788
        • C:\Windows\system32\wbem\unsecapp.exe
          C:\Windows\system32\wbem\unsecapp.exe -Embedding
          2⤵
            PID:3056
          • C:\Windows\system32\DllHost.exe
            C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
            2⤵
              PID:3808
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              2⤵
                PID:3896
              • C:\Windows\System32\RuntimeBroker.exe
                C:\Windows\System32\RuntimeBroker.exe -Embedding
                2⤵
                  PID:3964
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  2⤵
                    PID:4048
                  • C:\Windows\System32\RuntimeBroker.exe
                    C:\Windows\System32\RuntimeBroker.exe -Embedding
                    2⤵
                      PID:3604
                    • C:\Windows\system32\SppExtComObj.exe
                      C:\Windows\system32\SppExtComObj.exe -Embedding
                      2⤵
                        PID:3720
                      • C:\Windows\system32\DllHost.exe
                        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                        2⤵
                          PID:1744
                        • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                          "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                          2⤵
                            PID:1828
                          • C:\Windows\System32\RuntimeBroker.exe
                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                            2⤵
                              PID:1804
                            • C:\Windows\System32\RuntimeBroker.exe
                              C:\Windows\System32\RuntimeBroker.exe -Embedding
                              2⤵
                                PID:2456
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                2⤵
                                  PID:4384
                                • C:\Windows\system32\DllHost.exe
                                  C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
                                  2⤵
                                    PID:5392
                                  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
                                    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
                                    2⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:5496
                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
                                    2⤵
                                    • Modifies Internet Explorer settings
                                    • Suspicious use of SetWindowsHookEx
                                    PID:6052
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6052 CREDAT:17410 /prefetch:2
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:5304
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6052 CREDAT:17416 /prefetch:2
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:6932
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6052 CREDAT:17422 /prefetch:2
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2008
                                  • C:\Windows\system32\DllHost.exe
                                    C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                    2⤵
                                      PID:5740
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      2⤵
                                        PID:6548
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        2⤵
                                          PID:6676
                                        • C:\Windows\System32\rundll32.exe
                                          C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                          2⤵
                                            PID:7796
                                          • C:\Windows\System32\rundll32.exe
                                            C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                            2⤵
                                              PID:1836
                                            • C:\Windows\System32\rundll32.exe
                                              C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                              2⤵
                                                PID:7724
                                              • C:\Windows\System32\rundll32.exe
                                                C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                2⤵
                                                  PID:7720
                                                • C:\Windows\System32\rundll32.exe
                                                  C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                  2⤵
                                                    PID:7712
                                                  • C:\Windows\System32\rundll32.exe
                                                    C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                    2⤵
                                                      PID:6552
                                                    • C:\Windows\System32\rundll32.exe
                                                      C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                      2⤵
                                                        PID:6696
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                        2⤵
                                                          PID:7748
                                                      • C:\Windows\system32\fontdrvhost.exe
                                                        "fontdrvhost.exe"
                                                        1⤵
                                                          PID:796
                                                        • C:\Windows\system32\fontdrvhost.exe
                                                          "fontdrvhost.exe"
                                                          1⤵
                                                            PID:800
                                                          • C:\Windows\system32\svchost.exe
                                                            C:\Windows\system32\svchost.exe -k RPCSS -p
                                                            1⤵
                                                              PID:908
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                                              1⤵
                                                                PID:968
                                                              • C:\Windows\system32\dwm.exe
                                                                "dwm.exe"
                                                                1⤵
                                                                  PID:384
                                                                • C:\Windows\System32\svchost.exe
                                                                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
                                                                  1⤵
                                                                    PID:904
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
                                                                    1⤵
                                                                      PID:1004
                                                                    • C:\Windows\System32\svchost.exe
                                                                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                      1⤵
                                                                        PID:1084
                                                                      • C:\Windows\system32\svchost.exe
                                                                        C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                                                                        1⤵
                                                                          PID:1092
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                                                                          1⤵
                                                                            PID:1128
                                                                            • C:\Windows\system32\taskhostw.exe
                                                                              taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
                                                                              2⤵
                                                                                PID:3028
                                                                            • C:\Windows\System32\svchost.exe
                                                                              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                                                                              1⤵
                                                                                PID:1212
                                                                              • C:\Windows\system32\svchost.exe
                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                                                                                1⤵
                                                                                  PID:1256
                                                                                • C:\Windows\system32\svchost.exe
                                                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                                                                                  1⤵
                                                                                    PID:1304
                                                                                  • C:\Windows\system32\svchost.exe
                                                                                    C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                                                                                    1⤵
                                                                                      PID:1336
                                                                                    • C:\Windows\system32\svchost.exe
                                                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                                                                                      1⤵
                                                                                        PID:1424
                                                                                        • C:\Windows\system32\sihost.exe
                                                                                          sihost.exe
                                                                                          2⤵
                                                                                            PID:2772
                                                                                        • C:\Windows\system32\svchost.exe
                                                                                          C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                                                                          1⤵
                                                                                            PID:1516
                                                                                          • C:\Windows\system32\svchost.exe
                                                                                            C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                                                                            1⤵
                                                                                              PID:1536
                                                                                            • C:\Windows\System32\svchost.exe
                                                                                              C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                                                                              1⤵
                                                                                                PID:1556
                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                                                                                1⤵
                                                                                                  PID:1636
                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                  C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
                                                                                                  1⤵
                                                                                                    PID:1680
                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                    C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
                                                                                                    1⤵
                                                                                                      PID:1736
                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                                                                                      1⤵
                                                                                                        PID:1756
                                                                                                      • C:\Windows\System32\svchost.exe
                                                                                                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                                                        1⤵
                                                                                                          PID:1812
                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                          C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
                                                                                                          1⤵
                                                                                                            PID:1868
                                                                                                          • C:\Windows\System32\svchost.exe
                                                                                                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                                                            1⤵
                                                                                                              PID:1880
                                                                                                            • C:\Windows\System32\svchost.exe
                                                                                                              C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                                                                              1⤵
                                                                                                                PID:1960
                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                                                                                1⤵
                                                                                                                  PID:2000
                                                                                                                • C:\Windows\System32\spoolsv.exe
                                                                                                                  C:\Windows\System32\spoolsv.exe
                                                                                                                  1⤵
                                                                                                                    PID:1668
                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                    C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
                                                                                                                    1⤵
                                                                                                                      PID:1772
                                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                                      C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                                                                                      1⤵
                                                                                                                        PID:2096
                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                                                                                        1⤵
                                                                                                                          PID:2160
                                                                                                                        • C:\Windows\System32\svchost.exe
                                                                                                                          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                                                                                          1⤵
                                                                                                                            PID:2316
                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                                                                            1⤵
                                                                                                                              PID:2396
                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                                                                                              1⤵
                                                                                                                                PID:2400
                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
                                                                                                                                1⤵
                                                                                                                                  PID:2636
                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                                                                                  1⤵
                                                                                                                                    PID:2696
                                                                                                                                  • C:\Windows\sysmon.exe
                                                                                                                                    C:\Windows\sysmon.exe
                                                                                                                                    1⤵
                                                                                                                                      PID:2708
                                                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                                                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                                                                                      1⤵
                                                                                                                                        PID:2724
                                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                                                                                        1⤵
                                                                                                                                          PID:2736
                                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                                          C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                                                                                          1⤵
                                                                                                                                            PID:2840
                                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
                                                                                                                                            1⤵
                                                                                                                                              PID:772
                                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                                              C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                                                                              1⤵
                                                                                                                                                PID:3412
                                                                                                                                              • C:\Windows\Explorer.EXE
                                                                                                                                                C:\Windows\Explorer.EXE
                                                                                                                                                1⤵
                                                                                                                                                  PID:3516
                                                                                                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1ycPVXB8LX19SOkPPnUO6OX3YzrxzRENc/view?usp=sharing"
                                                                                                                                                    2⤵
                                                                                                                                                    • Suspicious use of WriteProcessMemory
                                                                                                                                                    PID:3480
                                                                                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1ycPVXB8LX19SOkPPnUO6OX3YzrxzRENc/view?usp=sharing
                                                                                                                                                      3⤵
                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                      • Modifies registry class
                                                                                                                                                      • NTFS ADS
                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                                                                                      • Suspicious use of SendNotifyMessage
                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                      • Suspicious use of WriteProcessMemory
                                                                                                                                                      PID:4908
                                                                                                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9731122-8c20-49d7-bb3c-a047bde2d88a} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" gpu
                                                                                                                                                        4⤵
                                                                                                                                                          PID:4216
                                                                                                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39e7a940-d4cf-4de5-8c7e-5c61a8c8f933} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" socket
                                                                                                                                                          4⤵
                                                                                                                                                            PID:2308
                                                                                                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3156 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87cb8915-2005-477e-b628-845407b300cd} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
                                                                                                                                                            4⤵
                                                                                                                                                              PID:3188
                                                                                                                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3684 -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ff2226f-9fd6-4127-8a23-d8a20a6203da} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
                                                                                                                                                              4⤵
                                                                                                                                                                PID:2616
                                                                                                                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4624 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4644 -prefMapHandle 4640 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {088802e4-65d5-4bb4-b3e6-e1c2deb1d56c} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" utility
                                                                                                                                                                4⤵
                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                PID:3488
                                                                                                                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5076 -childID 3 -isForBrowser -prefsHandle 5040 -prefMapHandle 5060 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc83acf1-d66d-4d26-8212-bc626649c4c4} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
                                                                                                                                                                4⤵
                                                                                                                                                                  PID:4568
                                                                                                                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5212 -childID 4 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feddeca7-7b92-42fa-8315-97b17b029ab6} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:2152
                                                                                                                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 5 -isForBrowser -prefsHandle 5488 -prefMapHandle 5416 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0482960a-b9b9-4f0e-836f-a139dc47e70d} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
                                                                                                                                                                    4⤵
                                                                                                                                                                      PID:2216
                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6052 -childID 6 -isForBrowser -prefsHandle 6152 -prefMapHandle 6172 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e766bd03-9b22-4210-8ab1-db6fab2b1c4a} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:4948
                                                                                                                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2712 -childID 7 -isForBrowser -prefsHandle 3040 -prefMapHandle 1180 -prefsLen 30493 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac3bcd67-30d3-4a60-bba3-5bb6681c0b1f} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
                                                                                                                                                                        4⤵
                                                                                                                                                                          PID:5328
                                                                                                                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3612 -parentBuildID 20240401114208 -prefsHandle 5160 -prefMapHandle 5176 -prefsLen 30572 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9623a3ac-41ac-4eb0-a22d-66c31d6eb550} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" rdd
                                                                                                                                                                          4⤵
                                                                                                                                                                            PID:5728
                                                                                                                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3168 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 5100 -prefMapHandle 5148 -prefsLen 30572 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b63c7965-0438-4dde-9c81-3e493da452a8} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" utility
                                                                                                                                                                            4⤵
                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                            PID:2988
                                                                                                                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6876 -childID 8 -isForBrowser -prefsHandle 6800 -prefMapHandle 6756 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c6a2d35-ab2b-47a9-913a-8c9de9df7af7} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
                                                                                                                                                                            4⤵
                                                                                                                                                                              PID:5084
                                                                                                                                                                        • C:\Users\Admin\Downloads\=D\D.exe
                                                                                                                                                                          "C:\Users\Admin\Downloads\=D\D.exe"
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                          PID:412
                                                                                                                                                                        • C:\Users\Admin\Downloads\XFC\[email protected]
                                                                                                                                                                          "C:\Users\Admin\Downloads\XFC\[email protected]"
                                                                                                                                                                          2⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:5312
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\is-SU69V.tmp\is-5VN37.tmp
                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\is-SU69V.tmp\is-5VN37.tmp" /SL4 $204EC "C:\Users\Admin\Downloads\XFC\[email protected]" 232353 52224
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:5208
                                                                                                                                                                            • C:\Program Files (x86)\FileFix Professional 2009\wizard.exe
                                                                                                                                                                              "C:\Program Files (x86)\FileFix Professional 2009\wizard.exe"
                                                                                                                                                                              4⤵
                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                              • Enumerates connected drives
                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                              • Drops file in Program Files directory
                                                                                                                                                                              • Drops file in Windows directory
                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                                                                                                              PID:5896
                                                                                                                                                                        • C:\Users\Admin\Downloads\XFC\[email protected]
                                                                                                                                                                          "C:\Users\Admin\Downloads\XFC\[email protected]"
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                          PID:1140
                                                                                                                                                                        • C:\Users\Admin\Downloads\XFC\[email protected]
                                                                                                                                                                          "C:\Users\Admin\Downloads\XFC\[email protected]"
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:5996
                                                                                                                                                                        • C:\Users\Admin\Downloads\XFC\[email protected]
                                                                                                                                                                          "C:\Users\Admin\Downloads\XFC\[email protected]"
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:5868
                                                                                                                                                                        • C:\Users\Admin\Downloads\XP Antivirus 2008\[email protected]
                                                                                                                                                                          "C:\Users\Admin\Downloads\XP Antivirus 2008\[email protected]"
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:2588
                                                                                                                                                                          • C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                            wscript //B C:\Users\Admin\AppData\Local\Temp\pin.vbs "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008" "Antivirus XP 2008.lnk"
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Checks computer location settings
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                            PID:1400
                                                                                                                                                                          • C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                            wscript //B C:\Users\Admin\AppData\Local\Temp\pin.vbs "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008" "Register Antivirus XP 2008.lnk"
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Checks computer location settings
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                            PID:5516
                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            "C:\Windows\system32\cmd.exe" /c egbh.bat "C:\Users\Admin\Downloads\XP Antivirus 2008\[email protected]"
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:3188
                                                                                                                                                                          • C:\Program Files (x86)\rhc3stj0e147\rhc3stj0e147.exe
                                                                                                                                                                            "C:\Program Files (x86)\rhc3stj0e147\rhc3stj0e147.exe"
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                            PID:5176
                                                                                                                                                                            • C:\Windows\SysWOW64\pphc7stj0e147.exe
                                                                                                                                                                              "C:\Windows\system32\pphc7stj0e147.exe"
                                                                                                                                                                              4⤵
                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                              PID:6044
                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\[email protected]
                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\[email protected]"
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Drops startup file
                                                                                                                                                                          • Sets desktop wallpaper using registry
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:3544
                                                                                                                                                                          • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                                                            attrib +h .
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Views/modifies file attributes
                                                                                                                                                                            PID:5856
                                                                                                                                                                          • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                            icacls . /grant Everyone:F /T /C /Q
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Modifies file permissions
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:3372
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskdl.exe
                                                                                                                                                                            taskdl.exe
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:5740
                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            C:\Windows\system32\cmd.exe /c 261951723652558.bat
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:6000
                                                                                                                                                                            • C:\Windows\SysWOW64\cscript.exe
                                                                                                                                                                              cscript.exe //nologo m.vbs
                                                                                                                                                                              4⤵
                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                              PID:5756
                                                                                                                                                                          • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                                                            attrib +h +s F:\$RECYCLE
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Views/modifies file attributes
                                                                                                                                                                            PID:4368
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                            @[email protected] co
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                            PID:4980
                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\TaskData\Tor\taskhsvc.exe
                                                                                                                                                                              TaskData\Tor\taskhsvc.exe
                                                                                                                                                                              4⤵
                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                              PID:5516
                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            cmd.exe /c start /b @[email protected] vs
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:5856
                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                              @[email protected] vs
                                                                                                                                                                              4⤵
                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                              PID:4420
                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                                                                                                                                5⤵
                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                PID:2760
                                                                                                                                                                                • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                                                                                                  wmic shadowcopy delete
                                                                                                                                                                                  6⤵
                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                  PID:4972
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskdl.exe
                                                                                                                                                                            taskdl.exe
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:3992
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskse.exe
                                                                                                                                                                            taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:4716
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                            @[email protected]
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • Sets desktop wallpaper using registry
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                            PID:2068
                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin
                                                                                                                                                                              4⤵
                                                                                                                                                                                PID:5984
                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x40,0x124,0x7ffe4e1e46f8,0x7ffe4e1e4708,0x7ffe4e1e4718
                                                                                                                                                                                  5⤵
                                                                                                                                                                                    PID:4336
                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,15108247692219336990,11091018223489662314,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
                                                                                                                                                                                    5⤵
                                                                                                                                                                                      PID:3372
                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,15108247692219336990,11091018223489662314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
                                                                                                                                                                                      5⤵
                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                      PID:1600
                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin
                                                                                                                                                                                    4⤵
                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                                    • Suspicious use of SendNotifyMessage
                                                                                                                                                                                    PID:3380
                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0xfc,0x108,0x124,0x12c,0x7ffe4e1e46f8,0x7ffe4e1e4708,0x7ffe4e1e4718
                                                                                                                                                                                      5⤵
                                                                                                                                                                                        PID:5400
                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
                                                                                                                                                                                        5⤵
                                                                                                                                                                                          PID:948
                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:3
                                                                                                                                                                                          5⤵
                                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                          PID:4356
                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
                                                                                                                                                                                          5⤵
                                                                                                                                                                                            PID:6268
                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                                                                                                                                                                                            5⤵
                                                                                                                                                                                              PID:6744
                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
                                                                                                                                                                                              5⤵
                                                                                                                                                                                                PID:6752
                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
                                                                                                                                                                                                5⤵
                                                                                                                                                                                                  PID:7028
                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                    PID:7160
                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                      PID:5664
                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                        PID:7040
                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3776 /prefetch:8
                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                          PID:5288
                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3776 /prefetch:8
                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                          PID:5532
                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                            PID:6540
                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                              PID:6820
                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                PID:6296
                                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                  PID:4860
                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1520,12487626532133027005,10822712785412245731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:2
                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                    PID:6456
                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://en.wikipedia.org/wiki/Bitcoin
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                    PID:4152
                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf0,0x124,0x7ffe4e1e46f8,0x7ffe4e1e4708,0x7ffe4e1e4718
                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                        PID:5332
                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10235531536735374737,9504437076346155919,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                          PID:5680
                                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10235531536735374737,9504437076346155919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                          PID:408
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                      cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qyedrxmniilpouj597" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\tasksche.exe\"" /f
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      PID:4492
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qyedrxmniilpouj597" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\tasksche.exe\"" /f
                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                        • Modifies registry key
                                                                                                                                                                                                                        PID:5532
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskdl.exe
                                                                                                                                                                                                                      taskdl.exe
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      PID:6984
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskse.exe
                                                                                                                                                                                                                      taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      PID:6464
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                                                                      @[email protected]
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                      PID:6208
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskdl.exe
                                                                                                                                                                                                                      taskdl.exe
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      PID:5548
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskse.exe
                                                                                                                                                                                                                      taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      PID:1968
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                                                                      @[email protected]
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                      PID:1928
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskse.exe
                                                                                                                                                                                                                      taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      PID:532
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                                                                      @[email protected]
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                      PID:6388
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskdl.exe
                                                                                                                                                                                                                      taskdl.exe
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      PID:6760
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskse.exe
                                                                                                                                                                                                                      taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      PID:6660
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                                                                      @[email protected]
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                      PID:4076
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskdl.exe
                                                                                                                                                                                                                      taskdl.exe
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                      PID:6100
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskse.exe
                                                                                                                                                                                                                      taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                        PID:7000
                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskdl.exe
                                                                                                                                                                                                                        taskdl.exe
                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                          PID:2536
                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod.zip\[email protected]
                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod.zip\[email protected]"
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                                                                        • Enumerates connected drives
                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                        PID:5188
                                                                                                                                                                                                                        • C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                          "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod.zip\[email protected] SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod.zip\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "
                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                          • Enumerates connected drives
                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                          PID:5240
                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Temp1_Xyeta.zip\[email protected]
                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\Temp1_Xyeta.zip\[email protected]"
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                        PID:5612
                                                                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 448
                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                          • Program crash
                                                                                                                                                                                                                          PID:1144
                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Temp1_7ev3n.zip\[email protected]
                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\Temp1_7ev3n.zip\[email protected]"
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                        PID:6672
                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\system.exe
                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\system.exe"
                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                            PID:4640
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\del.bat
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                PID:6364
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\SCHTASKS.exe
                                                                                                                                                                                                                                C:\Windows\System32\SCHTASKS.exe /create /SC ONLOGON /TN uac /TR "C:\Users\Admin\AppData\Local\bcd.bat" /RL HIGHEST /f
                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                PID:2536
                                                                                                                                                                                                                              • C:\windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                  PID:6608
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                      PID:7244
                                                                                                                                                                                                                                  • C:\windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                      PID:624
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                        REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                          PID:6920
                                                                                                                                                                                                                                      • C:\windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                        C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                          PID:7036
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                            REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                              PID:7216
                                                                                                                                                                                                                                          • C:\windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                            C:\windows\system32\cmd.exe /c REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                              PID:4548
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                  PID:7232
                                                                                                                                                                                                                                              • C:\windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                  PID:1572
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                      PID:7224
                                                                                                                                                                                                                                                  • C:\windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                      PID:6924
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                        REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                          PID:7264
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                          PID:7480
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                            REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                              PID:7564
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c shutdown -r -t 10 -f
                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                              PID:7588
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\shutdown.exe
                                                                                                                                                                                                                                                                shutdown -r -t 10 -f
                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                  PID:7640
                                                                                                                                                                                                                                                          • C:\Windows\system32\mspaint.exe
                                                                                                                                                                                                                                                            "C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                            PID:6712
                                                                                                                                                                                                                                                          • C:\Windows\system32\mspaint.exe
                                                                                                                                                                                                                                                            "C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                            PID:1160
                                                                                                                                                                                                                                                          • C:\Windows\system32\mspaint.exe
                                                                                                                                                                                                                                                            "C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                            PID:872
                                                                                                                                                                                                                                                          • C:\Windows\system32\mspaint.exe
                                                                                                                                                                                                                                                            "C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                            PID:6684
                                                                                                                                                                                                                                                          • C:\Windows\system32\mspaint.exe
                                                                                                                                                                                                                                                            "C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                            PID:6856
                                                                                                                                                                                                                                                          • C:\Windows\system32\mspaint.exe
                                                                                                                                                                                                                                                            "C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                              PID:6452
                                                                                                                                                                                                                                                            • C:\Windows\system32\mspaint.exe
                                                                                                                                                                                                                                                              "C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                PID:5872
                                                                                                                                                                                                                                                              • C:\Windows\system32\mspaint.exe
                                                                                                                                                                                                                                                                "C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                  PID:4428
                                                                                                                                                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                  PID:3628
                                                                                                                                                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                    PID:3948
                                                                                                                                                                                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                      PID:836
                                                                                                                                                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                        PID:5108
                                                                                                                                                                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                        C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                          PID:2436
                                                                                                                                                                                                                                                                        • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                                                                                                                                                                                          "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                            PID:1512
                                                                                                                                                                                                                                                                          • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                            C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                              PID:1552
                                                                                                                                                                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                              C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                PID:1468
                                                                                                                                                                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                  PID:4892
                                                                                                                                                                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                    PID:4612
                                                                                                                                                                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                      PID:4100
                                                                                                                                                                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                                      C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                        PID:6092
                                                                                                                                                                                                                                                                                      • C:\Windows\system32\msiexec.exe
                                                                                                                                                                                                                                                                                        C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                        • Enumerates connected drives
                                                                                                                                                                                                                                                                                        • Modifies data under HKEY_USERS
                                                                                                                                                                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                        PID:3008
                                                                                                                                                                                                                                                                                        • C:\Windows\syswow64\MsiExec.exe
                                                                                                                                                                                                                                                                                          C:\Windows\syswow64\MsiExec.exe -Embedding 08CB90BDE8834BB3A2514E5313AC362A
                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                                                                                                                                          • Blocklisted process makes network request
                                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                          PID:5032
                                                                                                                                                                                                                                                                                        • C:\Windows\syswow64\MsiExec.exe
                                                                                                                                                                                                                                                                                          C:\Windows\syswow64\MsiExec.exe -Embedding 11955E3768008C571FC30E1765A5B737 E Global\MSI0000
                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                          PID:1460
                                                                                                                                                                                                                                                                                      • C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                                                                                        C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                          PID:6136
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5612 -ip 5612
                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                            PID:6364
                                                                                                                                                                                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                              PID:5924
                                                                                                                                                                                                                                                                                            • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                                                                                                                                              "LogonUI.exe" /flags:0x4 /state0:0xa38b3855 /state1:0x41c64e6d
                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                PID:7844

                                                                                                                                                                                                                                                                                              Network

                                                                                                                                                                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                              Reconnaissance

                                                                                                                                                                                                                                                                                              Resource Development

                                                                                                                                                                                                                                                                                              Initial Access

                                                                                                                                                                                                                                                                                              Execution

                                                                                                                                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1053

                                                                                                                                                                                                                                                                                              Scheduled Task

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1053.005

                                                                                                                                                                                                                                                                                              Windows Management Instrumentation

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1047

                                                                                                                                                                                                                                                                                              Persistence

                                                                                                                                                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                              T1547

                                                                                                                                                                                                                                                                                              Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1547.001

                                                                                                                                                                                                                                                                                              Winlogon Helper DLL

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1547.004

                                                                                                                                                                                                                                                                                              Event Triggered Execution

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1546

                                                                                                                                                                                                                                                                                              AppInit DLLs

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1546.010

                                                                                                                                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1053

                                                                                                                                                                                                                                                                                              Scheduled Task

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1053.005

                                                                                                                                                                                                                                                                                              Privilege Escalation

                                                                                                                                                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                              T1547

                                                                                                                                                                                                                                                                                              Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1547.001

                                                                                                                                                                                                                                                                                              Winlogon Helper DLL

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1547.004

                                                                                                                                                                                                                                                                                              Event Triggered Execution

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1546

                                                                                                                                                                                                                                                                                              AppInit DLLs

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1546.010

                                                                                                                                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1053

                                                                                                                                                                                                                                                                                              Scheduled Task

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1053.005

                                                                                                                                                                                                                                                                                              Defense Evasion

                                                                                                                                                                                                                                                                                              File and Directory Permissions Modification

                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                              T1222

                                                                                                                                                                                                                                                                                              Windows File and Directory Permissions Modification

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1222.001

                                                                                                                                                                                                                                                                                              Hide Artifacts

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1564

                                                                                                                                                                                                                                                                                              Hidden Files and Directories

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1564.001

                                                                                                                                                                                                                                                                                              Indicator Removal

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1070

                                                                                                                                                                                                                                                                                              File Deletion

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1070.004

                                                                                                                                                                                                                                                                                              Modify Registry

                                                                                                                                                                                                                                                                                              5
                                                                                                                                                                                                                                                                                              T1112

                                                                                                                                                                                                                                                                                              Credential Access

                                                                                                                                                                                                                                                                                              Unsecured Credentials

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1552

                                                                                                                                                                                                                                                                                              Credentials In Files

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1552.001

                                                                                                                                                                                                                                                                                              Discovery

                                                                                                                                                                                                                                                                                              Browser Information Discovery

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1217

                                                                                                                                                                                                                                                                                              Peripheral Device Discovery

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1120

                                                                                                                                                                                                                                                                                              Query Registry

                                                                                                                                                                                                                                                                                              6
                                                                                                                                                                                                                                                                                              T1012

                                                                                                                                                                                                                                                                                              System Information Discovery

                                                                                                                                                                                                                                                                                              5
                                                                                                                                                                                                                                                                                              T1082

                                                                                                                                                                                                                                                                                              System Location Discovery

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1614

                                                                                                                                                                                                                                                                                              System Language Discovery

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1614.001

                                                                                                                                                                                                                                                                                              Lateral Movement

                                                                                                                                                                                                                                                                                              Collection

                                                                                                                                                                                                                                                                                              Data from Local System

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1005

                                                                                                                                                                                                                                                                                              Command and Control

                                                                                                                                                                                                                                                                                              Web Service

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1102

                                                                                                                                                                                                                                                                                              Exfiltration

                                                                                                                                                                                                                                                                                              Impact

                                                                                                                                                                                                                                                                                              Defacement

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1491

                                                                                                                                                                                                                                                                                              Inhibit System Recovery

                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                              T1490

                                                                                                                                                                                                                                                                                              Replay Monitor

                                                                                                                                                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                                                                                                                                                              Downloads

                                                                                                                                                                                                                                                                                              • C:\Config.Msi\e5ce3b4.rbs
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                100KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                20ef23a3fdf5b65ce2c659d724d4a274

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                8058e388c0f79152d6775c20dc8cef20fee937f2

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                f9e064ef3b56460fcf2b8927bc581da3a2729f4ff3c1a7c5528fc1767b92d892

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                b43c44b43098b58960fbf69fcd88c2510e0b264e6e59e39a43353628f7a20d65f6159f851521ca79956ef5cf4362997a7f71a23a88e952de9ad9b1f062f7fd31

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\FileFix Professional 2009\wizard.exe
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                612KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                e1827fbbf959d7c5f3219a1f0b0c35fc

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                677d7c6179729fdb4a25afdd5579533f1606c810

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                c28ac5f267bec7650ce271c12b23f087f9c3927a46b48682e363581fa29e2a5d

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                a65dc0550f9d1501add93390501027d83002c2df0df22bbf5d88dce9c98b6ebb4a2c297010e44cfebfaa8b7ba0f77ed12c2d13fb9b213e15c4b53dfd56ead0c3

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\rhc3stj0e147\MFC71.dll
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                1.0MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                f35a584e947a5b401feb0fe01db4a0d7

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                664dc99e78261a43d876311931694b6ef87cc8b9

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                4da5efdc46d126b45daeee8bc69c0ba2aa243589046b7dfd12a7e21b9bee6a32

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                b1ced222c3b7e63e22d093c8aa3467f5ea20312fe76a112baed7c63d238bbe8dee94dfe8f42474f7b1de7aa7acb8ba8e2b36fdd0a3cda83ee85ac9a34f859fa4

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\rhc3stj0e147\MFC71ENU.DLL
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                56KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                baf751e7061ff626aa60f56d1d5d1fdc

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                b0382c3ac0c0dad7d793c9a3335316b5fcae2690

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                177b0bac987e7882449bd7c5900406f61a997f97ea1797614c8d86f40f03648b

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                f7333b481f1498b5eab2688856a5b86fec96b6bf7b781564dfcc018882ded4d7ee5a1fc0c2498607195a66d42a74034f9649a8b61fa548d3d6029f25c5a9648d

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\rhc3stj0e147\database.dat
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                1KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                c19b001e6fe6c082e5069e4490898ccc

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                67a845bc07a68f04736b81ba45ff9d8186ae5314

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                cce53b914eb6cfeecf42d38933b4ed9cae27e06bb97c9ade3f79342c74505d09

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                c284caa36c69d350af80b05d6a2a8680a329ff64dd3e1a4e4ac385709f34f534a4035213980cf218a2c4027b038dbec344adb9eec9475868c7176fe67f15177f

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\rhc3stj0e147\msvcp71.dll
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                488KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                561fa2abb31dfa8fab762145f81667c2

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                c8ccb04eedac821a13fae314a2435192860c72b8

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                7d960aa8e3cce22d63a6723d7f00c195de7de83b877eca126e339e2d8cc9859e813e05c5c0a5671a75bb717243e9295fd13e5e17d8c6660eb59f5baee63a7c43

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\rhc3stj0e147\msvcr71.dll
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                340KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                86f1895ae8c5e8b17d99ece768a70732

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                d5502a1d00787d68f548ddeebbde1eca5e2b38ca

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\rhc3stj0e147\rhc3stj0e147.exe
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                9.0MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                04b88c7067b53a9bdf844cd1cb4b9c30

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                7d081a1053cd9ef3d593f5ef9a27303824b779f5

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                d42b135a1e70b6f7d0d98c340f4b529f722953cf57e573bb21a078f50f2016b9

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                566f36f804d3027daab0e01f6d816b0420ba21fc276f2fabda4d0ed37b0e830704dcba8ccc3d30a7023c69f8ad3da0b9b58a49a26b3bb239d8ae0762bc157a42

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                1KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                53efe3fb9baf7bc99cff737869e49005

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                68d6cbb1e6584b05f70fd56e4d46a0050c96c2fc

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                fefc010c7c4bf8bc06ff9f0e2709c044f520e7977f9708f21087e4c09a008fbf

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                d06de088754f1d03611f16a6f4b0f2adfcfe82abf244d4a76a5554c4a10f978572b7b545c50b51b5f0c9f9956b150398eeec3795374838be688ff42b451240d4

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                1KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                845254fd527dd5a59643e8df98a7f507

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                48e2ae48ce0d4f612949c333e6124caeefdd14de

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                6df2d2a78a972c78efba7ac03dbd6adbc3961cb6d5141fa44a924570eaf8583e

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                faa7d6f839f5a46abdb36288f07efa7b9c656b490019dcdc921af1939767a7cbfbd2d64392ee8a9962fd7ac8522e1fb02f7932174501b508fed19fb734ae6cd7

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                1KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                13f1c1484ccd99a8520f5d0c5e1b023c

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                24de5a6fef4cfb410055606d2fb496fe8a1d86f7

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                3e213f6efb2863900b09bb27e4f92a82fb585301cb77c90d2299a8d6408dc87b

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                b705bb312712bbdc28ce001096d2a478177b2cc8e46f8aa0b8d7d7b554fb5e16749d361b7e2fb13a007e80b711ac7d0e7aa9366e916c343b7dc081233dfcc4a8

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                152B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                719923124ee00fb57378e0ebcbe894f7

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                152B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                d7114a6cd851f9bf56cf771c37d664a2

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                769c5d04fd83e583f15ab1ef659de8f883ecab8a

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                209KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                3e552d017d45f8fd93b94cfc86f842f2

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                dbeebe83854328e2575ff67259e3fb6704b17a47

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                24KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                c594a826934b9505d591d0f7a7df80b7

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                c04b8637e686f71f3fc46a29a86346ba9b04ae18

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                384B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                b39904ed9e998d123cd73462f418fa76

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                7c6ac2be90c42f4c19a05693d88fa9e82ab1e66c

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                f73050a5277353347708a1bd3c0a764a0983f5279286f06a04b3533d29c8f099

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                a0aa79714db5d52ea1fb656b3a819143dd5e59670ad3e6dc72d3cf234fe0baae07779403c3895ed7b26bb5162af76cb21902d99747c4782d650e9381f05e2af5

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                48B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                ae6f7c2b1b1fe1dd9aa92da500097a6c

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                691377afee4722be62abd36c0d811c5be20e3435

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                c0fae1d6fd7b9ee3be41de453aa4193b7d1b065c166406ea76cef2cf9c4bbb4c

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                0ae1d5c77979489762649796315b2316fc991d67865a2e7ab5cadefe91a48b1e1640cc327aef895f3e952e1155a3b3d990fffddc002cfacbfc853d79fe407443

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                967B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                99898883e126cf1561d900f72bb4d2b2

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                0dd7fe94f46eb607e9d9a0d9ff509ba4104c5269

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                e001e8b41782c4107513aa7ea58e60081ab309d59521f63428646df56225d051

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                08c4cc588f9d8af1edf6fac53542ea933476e2bdbd7cacb772f2eca2d5e264aaabd1172ff4c6ef00ec33ad82af241ad76c360f2482c1b307a3bb82040128651f

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                7KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                471429f421bad1d5396ef7aa130e2a6f

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                ab21d804e399d3843c07451f8a38465bca1fd272

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                5bbe1ab42e828f8adf4c5d75c2bb9d063d314fc9145bed0fc8787f50d06541e7

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                e595d106c56ab6ac1a1c97af0512ee850cb5f8c87337df21166e9f13cb0872afc7a12448e813fe79b3a272c620bd5048324b48f56d4238d7bfc7850edb18b307

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                7KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                816cb0dc538835648f1b43e195a41a71

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                0b73c60560e0c4dc7325d70937524cd954eff4f7

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                ed0d0d1def66eb29fe971e73ed883acc523e1449a04ddc370615c5552f17f774

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                71e72f4b06afd7a5eda2ac58d24d9d99c3f54bbf8b4887c95ceb5d6ca835731dc971cc78c1aadad260a4114e0879531d3c9841dd26cffd405f9c15b4cc1bf373

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                6KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                952051f6d66f3489b1b6cdb57e3ab0d5

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                3c349759c88559526888c4bd02ef3e9bec5a3b32

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                618fc579bb8a43376902862631f730f9efec8d8826b1e266c52bd42d85b851ed

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                f59e6bf2bd9cfb71f35caef42e14952a84a4f797963bde921f3bbd32851625a29a291cd51647f8767a587567c03d997011868f55eb9f6bce4dc71d09a4ce51bc

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                7KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                53849e5028cf0a3d23f04763f2781b3b

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                c29d3206db54e8a25e1f6279acbb67d25a859cfb

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                d96a8c4cd3ebf505f6714b3be20f1dc8ce91983c5f97863381e1bf674fe48787

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                98a370761a28e8a8a2c6c61797d1081f89aed9f261fc6db556218f95499b8e64e569b4b150f9d7ddf15dc3bc9be457bbf57eb4192a463ce2d66f83f6674b63c4

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                872B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                7c9cbfa26e5b3098992fc219877532b9

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                448e110d646b81607f6c464a083820061fd88d74

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                044891b6608a7268bf67b97c1c1838d582107c79b499a635b2b047fbaa3c2619

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                4e66b6afc30e5b640e410cc65ea0e4c3c77dd8827f6aa54fcccb5c9ce593f2bf2fcc215a8888985d4d8737d3e00439091cc5c77aeafba286440b868dedb7d8ab

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5dcc1d.TMP
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                872B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                9139033f1df177700acf64cd8d8c7116

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                977a680eab66600f33573be40671a12cbf0ccb00

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                e2790c9c75011dfdd87fa273a5f6bb3fce4b4ad1ccf9771158826cf230ac3876

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                622c261309b1833b3de2efbf4cd6c7b48bf4f11ab48d9fd257329c1ec2e8d52525cce08dea8d1456a0581cde6eaba8050fc7119d0a75824e36fd9c242030871c

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                16B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                12KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                446fcf5c175e3dc1b4d08edfc3103738

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                2a73de64fd6af88623ea28b54d814a502264fc5f

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                6b3841c3e711537fb9e2a0693de0118a91337c82ecb365890696ff01f19d46d3

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                aef92b0b65cc9e7b0fdbf2c794b8f9e555b8df87b2ad40a331f654d9cdb6657ba9e0b0ebf5fe1da9cfa8a123f22cf0bc445f003b92019aa8fbb3aef323f1622d

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                11KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                a646b84288fdeb9b59deac86c9775bd0

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                e3a80130cc970a85ee45cbf8322a85b79b7791a4

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                4d6097a21c58d6fc9469eab6264a166c25b3cc225f2c8ce3c23d0e97b3e98edd

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                7f3178a87301854de9880f6e197b9fbf7f39ba1f29b5ce1fe230c6e891365392923a8cbbb6e9453decbb0f42e7228406825121e1f59d6a4fdd66854d5efc5d4a

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                10KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                aa8b654bfcddf71dcd55b8f049183aab

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                75f94013011f52cd93204fc4be919e94f8a604d9

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                a2014221a8e83c2dae48a208f5ae7809c051f9d65cfc96d8c549703af5abf853

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                835c3b2be40647cf3b41c69f5a02cbf0225f55d93a7accfbfa8b65bd2b09a20736240fbfbfee35a6e3b66bde59037afabfd2f10db0b6b493a6a7983b5c904b50

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                11KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                caa2362f83c119e6e4b8f76711983cc1

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                ca876c82203abb88270a54aa52dfcf7921b99aec

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                961fbfac7f53cd82bcbcadd25101f766a3cdf200e49da95fc7ff4ed166aeabc9

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                7f8748563931c6127a25043aafd363e99f0b8993c317d148f54943293920b8fda89bc51212b24df78ef9fd5d79b2511fa3342cd858ea771019258df1514a3c55

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                8KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                24636c415223e74b20a46dc9146567a2

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                3e126b990c9191d35e25f29acf1968951ffd749e

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                4d30543dc152fee0ffdbb57b4bd392f1523ce793b703e773de0c05f45153d2ad

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                335a364a580ba9ae31f3b0c75ffed90380702e8b23d075ec2c1ef3a27b612c99e368f4679225b767393ba702e183777780c202cd204487bb0e05667158602b97

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC693.tmp
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                15KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                1a545d0052b581fbb2ab4c52133846bc

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                62f3266a9b9925cd6d98658b92adec673cbe3dd3

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\THHXO5RX\suggestions[1].en-US
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                17KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                5a34cb996293fde2cb7a4ac89587393a

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                3c96c993500690d1a77873cd62bc639b3a10653f

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\activity-stream.discovery_stream.json
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                39KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                64dbc7f1630d5fa085bae56761b0fc02

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                d9087dc2ab49906bbd6a393c4bb41807541d10c7

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                954fa24bffa27fdc9de3beda63897d0e65fc889852ee5f2f5f31f6d202053ce7

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                58cc4e21b0617ca5a6cb5cc7ef8ed1ae051bd987c9f8948a92e5a95138c3f9615719cc71c270492fd7ae6c0679385260524dab9878c3fbec416fcdef65321fcb

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\doomed\20921
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                58KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                88cad851e2842146f2d6cae3bc484d38

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                36eaecc16d554261cace3007c2874619158579ef

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                9883ec806b558bf5be92e4c66bf3bb341f7a3d8d086241ee52ba18b2774c4a89

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                0335d79fbf22fc94bc781ea93d35d58d5bac85f56b4fa7180bd61883df5b7f2d01fb98c57c2a01d296ddde1d82c2ceaa01dbe7dc5d0a7f9ba0a1ebd7f71d0a00

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\3499E0CDB4968FF402067428EA75B46BFF8FE5DE
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                61KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                888dca93fbc785dc90f7850c437c4c41

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                f8a368168308f7fce877502b769a6e36d63035b5

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                0a57c86e4446d1e730e7233102a1c74977866e70e5c0a870cf64bfbb01fc1422

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                0cdb6e4a60708a994ed2ed803670a3954a2b5f0a8d4e3be1dd449d71b7431d8c4ba6bcfc4f56a29b57443bdc7953bfc94027f448c25370eb33368d4a15af9f5f

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\705EEC7711E1081A5A4278AA905A36700F726042
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                86KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                16caffd9b0c86c32ea9b4ce95b24b651

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                45349d582a88efd0f4575dc410c8597ed647fcf1

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                836f0aed7b643b2bc04e644d41df5ec633eb69d9b7c50dc2812d20403e6f9a79

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                839bc40fbc077fd8bf53c5a08f67c5550cdbce93c9519abb32cfc58ec9bb5cc80d3724480cbc85ebd11d0a0004dc597b622f4c3926710e34bb53892ab0aea2f2

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\7A55D2D1E17B7F574CA16E74F1211A1491FE9B3A
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                66KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                574582e0768e9fa060580a8dfb08fe22

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                d8d3bdc2006721cb8419c4bca9a296ba6db38794

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                0814acf6ebb78cc96aaedd87c704f10acc8d845858821c34785469d82b0b0d21

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                7550862745040ff2403985b2184a48aed01b6c36a8f35f62ad86cdb0b1a0383a240cf398f83d0e7d833c877659495077cbb2398ecf83b0028ecdd129ca6c8168

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                39KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                063cee57b19fb0bef7c4ba7c283658f3

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                7a192650d737e4a8671ed13d6cbffb7eb7a6696d

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                4c28b5d3d4e5c5deb62f8c4bb5bcae06fac4d169e56c3b67d1dd37b6676f4c59

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                b013686eaf221bb01ff8f523fc6bd0a45be702fb8453d10d6db0092a6bbd6b3ae893b2b299eae1959fc5841b94b14bde66842c3caf0abd342b396be75378ed36

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\jumpListCache\CYw9t3YkGm9SFaz9ZSvcidlMpg15FSBk26HU+ocgtIc=.ico
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                25KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                6b120367fa9e50d6f91f30601ee58bb3

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                9a32726e2496f78ef54f91954836b31b9a0faa50

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                84B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                02cfde6228578d1f41a2eedefe9bc0ea

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                f7322dc6edc0b12b5590f84a2d8c2d04da614591

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                a5c5b196e9e6d01dd5597ebc8d23857cd00370a2e2543792c9d0fa8ce1c7ccd6

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                4e7918e2fa4db6973aec7733591c10bcfcaba66edd2f7f1e67392ce053f98f1b96d3a1724edc8ba43283a8c12b3821f7acad4d5570188b919d17508d1f1707e3

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                84B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                fb82c2555a35b8d0ebeeb143ea7c125b

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                c0d57dad6e5b14284097f452e3dd47974b0e84cf

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                78ba3d23a6b3c19ac7c92ec1c1554f578c32be1b0337edef8c7c6ee29eb2640e

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                d11c4a2866b668651fe1531d737d7a3de77edf39e7a0511ec014679479fa359faf50c4b5f0e3b630c895b4ae9dc69c04c754cc63cf925ced023f553ab30d70b6

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{2BDC4DB1-9EFC-4C93-8525-CAAF60F26648}.session
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                80d0f83bc000869770d3c93936f10db2

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                7c0fe1aad88f92ead0ec15b401cf2da169f62cf1

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                76c43f3c0de26dd39e65fcc4d0bd6bd7335ba59c0b00897543394299749b71c2

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                7cd6b2af3484910264af105a693e3cb3117668a62be939f6f5a2c256687c89c5d1159c588c585a79ef2d0a08a2abae654e097869738564448ee084faf956b3bb

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\@[email protected]
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                933B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                f97d2e6f8d820dbd3b66f21137de4f09

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                596799b75b5d60aa9cd45646f68e9c0bd06df252

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\TaskData\Tor\tor.exe
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                3.0MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                fe7eb54691ad6e6af77f8a9a0b6de26d

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                53912d33bec3375153b7e4e68b78d66dab62671a

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\b.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                1.4MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                c17170262312f3be7027bc2ca825bf0c

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                f19eceda82973239a1fdc5826bce7691e5dcb4fb

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\c.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                780B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                383a85eab6ecda319bfddd82416fc6c2

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                2a9324e1d02c3e41582bf5370043d8afeb02ba6f

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_bulgarian.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                46KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                95673b0f968c0f55b32204361940d184

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                81e427d15a1a826b93e91c3d2fa65221c8ca9cff

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_chinese (simplified).wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                53KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                0252d45ca21c8e43c9742285c48e91ad

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                5c14551d2736eef3a1c1970cc492206e531703c1

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_chinese (traditional).wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                77KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                2efc3690d67cd073a9406a25005f7cea

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                52c07f98870eabace6ec370b7eb562751e8067e9

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_croatian.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                38KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                17194003fa70ce477326ce2f6deeb270

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                e325988f68d327743926ea317abb9882f347fa73

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_czech.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                39KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                537efeecdfa94cc421e58fd82a58ba9e

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                3609456e16bc16ba447979f3aa69221290ec17d0

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_danish.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                36KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                2c5a3b81d5c4715b7bea01033367fcb5

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                b548b45da8463e17199daafd34c23591f94e82cd

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_dutch.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                36KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                7a8d499407c6a647c03c4471a67eaad7

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_english.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                36KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                fe68c2dc0d2419b38f44d83f2fcf232e

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                6c6e49949957215aa2f3dfb72207d249adf36283

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_filipino.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                36KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                08b9e69b57e4c9b966664f8e1c27ab09

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                2da1025bbbfb3cd308070765fc0893a48e5a85fa

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_finnish.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                37KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                35c2f97eea8819b1caebd23fee732d8f

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                e354d1cc43d6a39d9732adea5d3b0f57284255d2

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_french.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                37KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                4e57113a6bf6b88fdd32782a4a381274

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                0fccbc91f0f94453d91670c6794f71348711061d

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_german.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                36KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                3d59bbb5553fe03a89f817819540f469

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                26781d4b06ff704800b463d0f1fca3afd923a9fe

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_greek.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                47KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                fb4e8718fea95bb7479727fde80cb424

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                1088c7653cba385fe994e9ae34a6595898f20aeb

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_indonesian.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                36KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                3788f91c694dfc48e12417ce93356b0f

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_italian.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                36KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                30a200f78498990095b36f574b6e8690

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                c4b1b3c087bd12b063e98bca464cd05f3f7b7882

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_japanese.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                79KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                b77e1221f7ecd0b5d696cb66cda1609e

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                51eb7a254a33d05edf188ded653005dc82de8a46

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_korean.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                89KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                6735cb43fe44832b061eeb3f5956b099

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                d636daf64d524f81367ea92fdafa3726c909bee1

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_latvian.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                40KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                c33afb4ecc04ee1bcc6975bea49abe40

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                fbea4f170507cde02b839527ef50b7ec74b4821f

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_norwegian.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                36KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                ff70cc7c00951084175d12128ce02399

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                75ad3b1ad4fb14813882d88e952208c648f1fd18

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_polish.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                38KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                e79d7f2833a9c2e2553c7fe04a1b63f4

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_portuguese.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                37KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                fa948f7d8dfb21ceddd6794f2d56b44f

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                ca915fbe020caa88dd776d89632d7866f660fc7a

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_romanian.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                50KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                313e0ececd24f4fa1504118a11bc7986

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_russian.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                46KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                452615db2336d60af7e2057481e4cab5

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_slovak.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                40KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                c911aba4ab1da6c28cf86338ab2ab6cc

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                fee0fd58b8efe76077620d8abc7500dbfef7c5b0

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_spanish.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                36KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                8d61648d34cba8ae9d1e2a219019add1

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                2091e42fc17a0cc2f235650f7aad87abf8ba22c2

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_swedish.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                37KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                c7a19984eb9f37198652eaf2fd1ee25c

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_turkish.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                41KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                531ba6b1a5460fc9446946f91cc8c94b

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                cc56978681bd546fd82d87926b5d9905c92a5803

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\msg\m_vietnamese.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                91KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                8419be28a0dcec3f55823620922b00fa

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                2e4791f9cdfca8abf345d606f313d22b36c46b92

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\r.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                864B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                3e0020fc529b1c2a061016dd2469ba96

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\s.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                ad4c9de7c8c40813f200ba1c2fa33083

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                d1af27518d455d432b62d73c6a1497d032f6120e

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\t.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                64KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                5dcaac857e695a65f5c3ef1441a73a8f

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskdl.exe
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                20KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                4fef5e34143e646dbf9907c4374276f5

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                47a9ad4125b6bd7c55e4e7da251e23f089407b8f

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\taskse.exe
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                20KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                8495400f199ac77853c53b5a3f278f3e

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                be5d6279874da315e3080b06083757aad9b32c23

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r(1).zip\u.wnry
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                240KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                7bf2b57f2a205768755c07f238fb32cc

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                45356a9dd616ed7161a3b9192e2f318d0ab5ad10

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\egbh.bat
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                70B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                bc5aca38e505da47e1ea8bcfb9df5bbb

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                67dd2324979ff2c2dfc97f89db0fb939bd08c87a

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                30c55012548697052877b13150bedae3156f9a502557d1ea816dbed647b4a8f8

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                37ce0ab1b0ea58d3fddb8a25f6da6b970c454a7cd614932ea3a2c7f8d9c763172fee2a455d7d381397a67071d3f10e7b9159ce02dde0e0176c8e4180c47451cf

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\is-SU69V.tmp\is-5VN37.tmp
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                648KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                0360b1d1195775766b2e78a7b463f658

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                8e4b2b1b6d1e4446c979b0cea7db6db7eee21610

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                bee86b674d51b4e21822e44f9408a69d60e282e39f5897888df334c74d840aa4

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                23103b4457952091848f171f5c20351dd55ce1bce209da21c1b6792d6e0b13476a104698c31ad744df2df39408110d73f84b61e627bbb6d1d2a461db4370597d

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-18467
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                1.3MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                a06ce8cd000f726c1aa2485a841f9640

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                c2fad57e9c22ea6714d8bee9941339aca1cc7e8d

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                20c562166df0c0a76fe9ff901b20983321b2e9a4b045e3c3c3a20f8e4f22a5a3

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                32947e6424359499ec393db8e9776b4fcfb4419e5b8e821515d1220078458d3bbbe879b22a6a18b6d3f457369ba9369b0970f8905b431dd5e9732c805b0d7be2

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-19169
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                1.6MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                713f3673049a096ea23787a9bcb63329

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                b6dad889f46dc19ae8a444b93b0a14248404c11d

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                a62c54fefde2762426208c6e6c7f01ef2066fc837f94f5f36d11a36b3ecddd5f

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                810bdf865a25bde85096e95c697ba7c1b79130b5e589c84ab93b21055b7341b5446d4e15905f7aa4cc242127d9ed1cf6f078b43fe452ad2e40695e5ab2bf8a18

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                2.5MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                c5afbb8da79525ba74aa0fdc5bb5d17a

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                19a7bb8f31f40592c350555eb450924193aa5aef

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                5f3c2e1ad778441373cbfdc5d07884376175a9409e260e60edd292a95f9bc4ca

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                36cd962ae3c4c0bec993a1c379130ffbd5ef475e234e4ccfebd51f4e52ff6861bc3c1ee6ab20df4e8a1b04f4ba7f2f9437c9bcfbad9573cffc74a4680ddec589

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-6334
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                3.3MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                e58fdd8b0ce47bcb8ffd89f4499d186d

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                b7e2334ac6e1ad75e3744661bb590a2d1da98b03

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsi6D5E.tmp\KillSelf.dll
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                5KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                8b49e96b0bd0fe3822bd4f516ad543ab

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                3d04d3a4377e2e1888cc2be333b129daa8d2894d

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                c25cbc60ff1ccca811239655636717c9ff4decb9190a557489389504b248d037

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                46826285f213137cedefe379ece413730a36dcde016e5ac114743cb011e587fde503df1d70ea0e6c4213993749ac4d246e4c3c980b02e01239b392d0f5892e26

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsi6D5E.tmp\MachineKey.dll
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                52KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                819265cb9b45d837914f428373b06318

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                0725f84eba20acdbd702b688ea61dee84e370b0c

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                dd2f2d8c0a7d767be40b0f83ac6339ec86068e4ba0f4cd0e3e5b99050dd84fcf

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                ae4dd3f773568072e86e694c72a08d06b9206cb704a22ced1a922bc04a61a504aee67fc32ffb4d39f9e75f74c533d409756d4d953eaf9ab89cc9fe11f702b30c

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsi6D5E.tmp\Mutex.dll
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                3KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                6899249ce2f6ede73e6fcc40fb31338a

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                385e408274c8d250ccafed3fe7b329b2f3a0df13

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                d02a2c0c9917a5ff728400357aa231473cd20da01b538a0e19bc0c0b885ea212

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                0db15d8050a3d39a14ebe6b58ebd68f0241d3ee688988e1e2217e2c43a834dff0959ba050d7e458ab6dfb466c91a3109ead350fe58fb3daa0753f6ca1ed9d60d

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsi6D5E.tmp\lastpage.ini
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                214B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                14f51baaf9e518780594e20887e6fe36

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                19f934f6a8cb11c53ae06f71457bfa643bb06576

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                99cc25682aa82e36757361afdd6e0436ff56cdc03993e6d60f20d052f8b9dbe5

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                d48e9a9e12a69fef2b6c324a9c2f1fb46d8eb931a4cde955f2c196c3ee78ac80dcfdb98cc17530854c3775db41de66b09b9ba498c550ac500ec40cdefe4caf81

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\pin.vbs
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                287B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                3f764ed6ee61afced5405a2e3f62738b

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                ce56c02f451bdbf20a1003df87fc2692ca06d0ed

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                22804ed36ad186b3ab18605719c83e70b6244f60aba00e16ca8f97d80b5cc0e4

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                6ed1d6327b67b3c863f71ede1d8be2f24c51454aab25b104d474024bfafcd732ba84a63ea60b218ce0e97a740c2717f87f4a38fcf211e780d027d36f4bc1d859

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                479KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                09372174e83dbbf696ee732fd2e875bb

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                13.8MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                0a8747a2ac9ac08ae9508f36c6d75692

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZOAMYAV5WRR370O8130M.temp
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                20KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                349b85dacdd6fa05e0fb86f5e7ccce27

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                7dcbe5c35d0767bb0a50cc03fca9ea63676d3e7c

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                c925ee2495fc749f51d62762284c8fa7cedc82ef740019239c500cc0c0be962d

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                bef89f5597258a9908ca3151e5a6379a9d3d55d4d290995e3ae6794c51f392e5c97a5d3ed38b301659748a5c3e8cb35f5b044b962fe003b0cc09767417aef8c7

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                10KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                05d87746604bdd4bee4863bd3130ee9c

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                1a02704996ab779b7926d8ec703e6891889faa8f

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                cf51a28fbc7b2c1a082f1960b22c4103afc9c7eb7d56c3f060022c3259ea79f0

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                b618987e1f273961ee84031673ff94f2941215d1e45b0719c68cd755587dc97f0d70965d59db56088de45a6c017d54b05c8114f1b9ed2bf272a4fcb1c2de99bb

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                10KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                4c40b405927f13d9487350c13a42246a

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                d112aa278087d715dec1c41ac1f8f6635c121b2b

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                8ec0595f5b08613cc24ccf75954c439f71ddd11dd718cca41013d2ec06043c4d

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                41f65db9446341a3da874fa31b32bda4915afaa9f25dc02ccf937e85ec1eefb53e5f15edd5b8b1d01be999c00a22d1c2f5a8238cc28e8a484f3a5e13385648cd

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                27KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                bda11d1666933bf723faadbbef66018a

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                b2daa94336b7d5041b576b2149d4e0fb962a27bb

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                451e554e8b0b0c331b0d7580836b999df0c33732ec7aba8274b1783e82ffa425

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                05ffbbc748238927de5001c656b59b460d379e6caff49047534585869c032935ea2826e1a8df568d479cc1af469f7e8193aa12873a5e07e8747e5a99cbeeb62b

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                47KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                405b6b41f3bf6bc19bbf1bfaa3bbef5d

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                53380959e6529c4cc8dedd0f14a22ae90ce5c205

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                4c7e0d086506d937933a37bb06ddef9cfc4cba5d71eaef3158064ab2111682f9

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                4bd423cb15e57e0a2ea71f924521c37ed0453c6d45511e84a3e5d2187aabfc7c59fd436fa45915650989fb23e4867ff338534e6fbe835360bf13725e59934460

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                6KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                d346d9cf5787abb3b4a8038ab09b8dce

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                170f8f485aebf1cef13046c300d463f76a1037bb

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                8ebc4d5ae17173ac05a05b55d668f99afc9ea73b2e9248a1d95f3eaf6591f70e

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                20927a2f1d0bbe28269e5d5a89ec29955a0c340328d4b4f642bb55eb72bbf23a6737c8e8b5924c4786ab6ac62fde5f018c5f44702db2203c40a63309f0db5f6a

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                6KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                d86d17df22f6cef385ae4d78d62966ff

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                a0016eafa9385b8638a2c0551fa6abb75c8d0978

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                09870c40eae735f014cfb513b8ec06d5dd5454382b334d89ffe6de560828984e

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                5ecab50a3ace94ccc2fea43499d0cb842cc47cc7c5f83f5327f2bd600dcbe9aa696869da454cf820060256f895c4cdf44e21e88c31097bd7d1e86bb62f1f1e12

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                74KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                819fd9aca68c3873d6c5033530b9c977

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                0b9ce97219e65650a2965013170f246685219190

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                25c771d11bbf867c807251804b9d6b3ee476ef7c8e00aba0ace8364e17af8b9a

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                b215f5813d38c27e54730693edaca85f0b0abab41cbbbb2596383e018d618b3489dde93edebf93419773fa32a8344e6c5f7d4d052c5800192240856f08596af0

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                5KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                569dba87373f3cdfa5c64e195561afa3

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                48e54bd3e8822e709cfc8ada4fdbad5db6102b32

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                d1195768351accef418fa8cf26aff56161b59a7b9fafc48cf784cb0070c7755c

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                6c5cb6c33121c0ab7d2b2df73d1d4fcbdd9ca1624c7bbf7e0713b8cd9e7e3c5f99a385454cf807b0046b3e09181aa97f01a6478453e2132dec79cd59564fc0de

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\1219e8dd-bc36-44ed-934d-d727a6f81b4e
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                982B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                7d7d220fd48db34e5211b1ed679e6906

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                5874acfc54abcfd8f1552000093ca0011c3f9845

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                b61a5341935060497fe7596cfe1b834664cb92f9b13817e9657b7929f8562ec2

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                529762f650948ecc3b9690acd90359b262dded4c574b2c79344577cd8045c56e2e7bbd4e78c09a72d3d6c0437260d0722249bc149b67c3f20a2cb68421bd8aec

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\7060b43d-0b18-4ca5-b3e6-9d852efa56c0
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                671B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                811edb5188ee642b4c0caa25e7d2a177

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                6872dc47f222607eaffdc720b038abbbf0eb3ec7

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                d95080fdf8ee23b578e0f536a93263317b37fdc58fd09ea5c0fd787614861c85

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                db2c194f87c207fe40da3ee7c22b886e4ed7656be10c924cdeb412e44e676871386c523bc6491221ad61ea44496c9ca3217f43bb2f498856ae290c57084d429e

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\aef7ed45-c6ba-4bfd-84ac-4c3be58c39e4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                27KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                eea9f04c2b3c0f5dfc87c399c6250c51

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                1348a0e1ecde3c1bf5ceb427aa30d415c6f2ac30

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                5d0b944c33623571ee46661395fc67312398c6bd8ba41540b8f8e1e15bd894d0

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                c85e42ae904f81216dd4c669ca7df2d3dcfbce53c7d599ade547bca3dcc10f7a530506ec214e70002c25b888f8d0214cdf1f5d2c111ef83302cddd4f4118194d

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                842039753bf41fa5e11b3a1383061a87

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                116B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                2a461e9eb87fd1955cea740a3444ee7a

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                372B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                bf957ad58b55f64219ab3f793e374316

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                17.8MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                daf7ef3acccab478aaa7d6dc1c60f865

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                12KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                c4ef6ddcc1d383c702d5df3768d367d5

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                63762fbd08043a31fd9568fd7801ab97b0d0e04f

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                88cdbe2727d7adcf6cf301428bbb49636d9eb7e4da4ff185b15dca0981c09abf

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                ce564f9370c9704d2012b993ec3394667fd608f224d8b5d8e524aae58f5444d255347716f2c5626818989917cfc87f5419231cf27e8e9a0fa2ad8db1705174a1

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                11KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                8c8c0ae2efc68c9af6f4b3b3cfedc0eb

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                a3a071381a3eec9ace92db5c5e3adf6967c33dd3

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                90b456ab9c8503c108aa5f1f951aa3d183f8806a5253c40646ce8335c5e9c6cf

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                e953c3ce3ab8da04e2952e79acc71255c7edb06f716ea4a122d751fe9cff90353ca1834419c5d09cec6107b73f5bf1b73a7943664908778cad8ca4e998e3d890

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionCheckpoints.json.tmp
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                259B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                e6c20f53d6714067f2b49d0e9ba8030e

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                f516dc1084cdd8302b3e7f7167b905e603b6f04f

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                2KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                d35be0349ce71c24ec35ef7490a2d0f7

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                1e62c612258ddd9bb8e43b37a01401b74499211a

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                51240bdc59b3ce49de7d6ffcb92f16a84b80978a4dbaf8ed5bcc4ddbd9b43415

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                a3587b2408094089f3155cb705f205e5853dfc7e2d6b02d0b86da8741013a40e0a0edb938fd37bea7dc6d02cb6213a786b55cc17c292b016673d617aa83134b0

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                5KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                e7f9b7e8247b205dee501a44ea084337

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                130cae65b61dbde4c326ae16859b5955a3f8e889

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                59c1f720a55aa571be219e97961ed7d815bf2f62da54bf035ac3fd918c5870ea

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                e556894762c50533a42f391dd18fcc60eddaea224e1b2c26103170ab9404043431937ed83b74472970bfa5737157f206c7b59839274d45e6058bf447b397722a

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                11KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                f448090f0c7c14064a81e511e9b44d5d

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                dd7b6513a1de11d7cbbd00b945f7bf1f70564c26

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                db0794eec3203539d5c7e9b7b1f9d74dd58203946d9c4afa7d9271336c098fb9

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                4707c8f06e2ae816c88bd11edb2db7bc2f506888588c83e35865519d13d5a1231c08f7f1ee31d907c240b67b33c9cace772041d8daec0d73bf4f70381cb7df25

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                5KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                8bf7954cf49c324c9dcf47f0b3efdedb

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                e300228be60bf3a057c812c04e4ec9cf2585e6cc

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                43155b9ff74e4495072018a911dd6190a94199ffc623cdd70be1edbce1f09582

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                a22e168a3969dda3db1da18ec17967203978cfba1256b1af704dfc0bc3b42530276f11323dc8492abc0a6112fced0daf5d99ea819b655dd5ec1cbfb26fb942aa

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                11KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                8562c54a4f0a1968dec821c9a9d1299d

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                ffc618ab1b5b6ed3a92f26773414e0548877c97f

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                c3b2b9fc4b79338fbf2e4234f638fc1d8ac9df566bececde0469c02bd1eee1af

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                7032c0d478c031241a9cd3a93c256898d900aba8c9616dc237f24a75ff80c35cb27c2ee262ce0ffacd3c920b455a1260948040a275eeaa759594551ef331e96a

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                12KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                2c814e1081f88321d4c3796b6958d321

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                93421a9b5544358142de4f02b0a6f9226ed5094d

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                8fe17aa7798378b684834ced4a76f67ddc2d10c463bde58beb7c79efafd1b4de

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                c913277856c59119f6f59360441fd6a423b8a2de138db2a37e6ed0ebc323093fbbbcc6dacd137bc99a6c5422b9a9e5b5fa63673bbf43c45616bf22459dc04bb0

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                11KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                f15860bcccc87fc0f1211b0988ec8d55

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                ea130090fd290e9befeabab346445f9b8cd27e62

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                5d0817b32d84e72300821557ee40f1ebb2710148761a76a32d38ac461edebf73

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                865aaaa65980aa38b015a0c6f8bcb21ff45e313f0cb80b59d4ab2fc2d28b497b20e2bf7446cabc4427085c84d381c783f25434afe7b6a9da80dde27c72444f80

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                12KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                e535b6fd1e3462ae45fa0f7fad27d4ee

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                2beab8361b1d5cc95a80391d870ad142d7186855

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                895507262e0c7c11f682878a4181deb3e5dfb28bbb985cdd0d419d8562e1647f

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                d3a3022b62a264ea733ded585e251342e6281ad863808f4936410b9b4fc76a7620a694107881adf262b1e46f786239fa43f2f9a9d3aab2251059fa1f71db0b76

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                13KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                b4c35e72151e48d5e03d9bbc7a08495a

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                3661e34cebe9e9a68e4420f07a3733a81cddde50

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                57578f04efb3130075e70c6ef7cdcc11f540aa8ce63e66f1a5cbeb9955cd6f93

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                f177e28d4c46e972f17902658fe0587536cc03f38446b325b800a8ce59fa615900848d3ab0429b172f5bfe6775a3e1e26435206a28cc7142d95011dfe6d65d29

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                12KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                a1fe3c61f7612593e4ac0f441d20ea41

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                a286b2cd4313df3df2b5f8e19361f5ab2af710a9

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                561639d6e90b1e3e658f29a7637cfc07889ef5cf29a64a4a2e8dc250ec5b8ec4

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                f83349e38014eb2982f71f2522e9ff6a9a63f35b40d4ad5369c86baa21238d4570364ee52bc4886932e8686a55b78e1ef0b27636ad94274449fdba47b4411615

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                13KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                8a2261479b70c015a4927fbae4ff9430

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                ad1b47b73d4864da618c4944646caf7c97198dbf

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                1cf60cb35b86ca3d8a09417cdca0cfc66017a8beb24913ce682310f7fba37d4d

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                0154eae5ff02d18e46976f9943bbc608e72f905518fe65d49fdf6f3d95b59d6d2bb2afa58907401ad4b3f0ae2f088f168327f21e55c5219b1dfe5af698535e14

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                13KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                3e101b95ab5deb42b63d3e060a741347

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                027568c7ee41b5ca82c145664d876869c0276d20

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                79b382dae78536242812399fd81c8b7057f407ba502f801e8e5d22e07c1487ae

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                ec543f21e9b4f269f1359e1a0fe7a1edf3ceaff16a6ee3a6ad5393f8d09aabcc93a9de13173407bded010b74b2634fa002d030fe9b5f3ac8a7bc21e8078a95ef

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                13KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                a3b252ac72fe2695e3b6e8d7432739a7

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                6878d3102fd96ad98bb5e77c6b27de00e4898e30

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                fa2e88e036836a671d6090373987ee631a58f49d923fad0aea142eb806927d10

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                0936eaaa284e11706e3281ef9091d198d9b012a77a200f46250be0b4278fb3d8544f03686f1fa48512542f6dc88ca59f55f91adace656316821d472ad0ff0a87

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                1010KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                27bc9540828c59e1ca1997cf04f6c467

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                bfa6d1ce9d4df8beba2bedf59f86a698de0215f3

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                05c18698c3dc3b2709afd3355ad5b91a60b2121a52e5fcc474e4e47fb8e95e2a

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                a3ae822116cddb52d859de7ffc958541bb47c355a835c5129aade9cc0e5fba3ff25387061deb5b55b5694a535f09fe8669485282eb6e7c818cc7092eb3392848

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\decoder.dll
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                126KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                3531cf7755b16d38d5e9e3c43280e7d2

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                19981b17ae35b6e9a0007551e69d3e50aa1afffe

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                76133e832c15aa5cbc49fb3ba09e0b8dd467c307688be2c9e85e79d3bf62c089

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                7b053ba2cf92ef2431b98b2a06bd56340dad94de36d11e326a80cd61b9acb378ac644ac407cf970f4ef8333b8d3fb4ff40b18bb41ec5aee49d79a6a2adcf28fd

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Downloads\8qjkUVPY.zip.part
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                139KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                c6f3d62c4fb57212172d358231e027bc

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                11276d7a49093a51f04667975e718bb15bc1289b

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                ea60123ec363610c8cfcd0ad5f0ab2832934af69a3c715020a09e6d907691d4c

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                0f58acac541e6dece45949f4bee300e5bbb15ff1e60defe6b854ff4fb57579b18718b313bce425999d3f24319cfb3034cd05ebff0ecbd4c55ce42c7f59169b44

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Downloads\=D.HDzAcC2t.zip.part
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                39.0MB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                cbfbb1aa924bdd0bb7463804c3a11073

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                269e812f96e54dc7fd45ac78fbe3311fa6249505

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                df4565185ca14a048ddb7899d614626fb5a16e6bb712dafecb39045855a7d1c6

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                42a83d1b6980f1d40a557b6c71f26f585262f1c606535628f80eca04a27d56faf33490740761e6e65285460e84742ec77839e0725ce100f77ede7a558add2856

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Downloads\G48TehnX.zip.part
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                75KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                213743564d240175e53f5c1feb800820

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                5a64c9771d2e0a8faf569f1d0fb1a43d289e157c

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                65f5d46ed07c5b5d44f1b96088226e1473f4a6341f7510495fe108fef2a74575

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                8e6b1822b93df21dd87bf850cf97e1906a4416a20fc91039dd41fd96d97e3e61cefcd98eeef325adbd722d375c257a68f13c4fbcc511057922a37c688cb39d75

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Downloads\WannaCrypt0r.zip:Zone.Identifier
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                50B

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                dce5191790621b5e424478ca69c47f55

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                ae356a67d337afa5933e3e679e84854deeace048

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Downloads\pd9FnMgl.zip.part
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                533KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                7808dde5c4f694e10a02079121ef8ffa

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                c40cbe977a1abcd34506ea80f101677c1b64503d

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                8b33efd883f9c13bfef8544018f823ae6ed3469ac476864469cf4a3abb4c203b

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                aa64707a077fcf9cc41e7db85e5160214442a808caed627b5f083ac0da8e87bf33f3545162e06f51483ce498706912e94b83419d825aba11d7bc184d602b9e76

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Downloads\uwnpWkBR.zip.part
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                25KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                1aea5ad85df3b14e216cc0200c708673

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                e3ee16e93ba7c3d7286dc9ebbaf940f0bcb6cad3

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                8dfa496c93680adc10e77c0946c7927d3e58d79900013c95dfca3411d766bd16

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                06faa190350e4558c6d4f1f201dc0698587495897593aaeac16f3ea3d8c1c7f81d65beea6bc7e730ca1df9bdfdf3cd2bcc84bf50f64787e0b1dbd21492796f36

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Windows\Installer\MSIE4ED.tmp
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                180KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                d552dd4108b5665d306b4a8bd6083dde

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                dae55ccba7adb6690b27fa9623eeeed7a57f8da1

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                a0367875b68b1699d2647a748278ebce64d5be633598580977aa126a81cf57c5

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                e5545a97014b5952e15bb321135f65c0e24414f8dd606fe454fd2d048d3f769b9318df7cfb2a6bf932eb2bf6d79811b93cb2008115deb0f0fa9db07f32a70969

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Windows\Installer\MSIE4FE.tmp
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                88KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                4083cb0f45a747d8e8ab0d3e060616f2

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                dcec8efa7a15fa432af2ea0445c4b346fef2a4d6

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                252b7423b01ff81aea6fe7b40de91abf49f515e9c0c7b95aa982756889f8ac1a

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                26f8949cad02334f9942fda8509579303b81b11bc052a962c5c31a7c6c54a1c96957f30ee241c2206d496d2c519d750d7f6a12b52afdb282fa706f9fee385133

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\fpfstb.dll
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                92KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                e1313b2911f7bf6d2015b4bc1083bbcd

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                1a9b89aedcc2e1f47df24e26e7ca9dd132142176

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                30d271f0c2bd9dfbab62bc37237e3eb43e6d2ccc6c3431062f06f918260cd86a

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                a92a17db4da8b35fa704b740c1de768e4f628e0358471e0324cbce2e6254fccb26a0647e18fb597dcca190f1271d7b5a0a3e58508e37c540a9b8fe9f82f4b97c

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\pphc7stj0e147.exe
                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                92KB

                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                c90738662f7ea8dfcdf2ad26617171f9

                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                9a3f3b0458d0e12d0789a73fd0c6151d0e158cf4

                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                f6963bc0c9343d33102628766539d849939188c7fb05db82e9a9f49920a98330

                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                e645b1113e4683fc88b7a442b5dd87c846810d639d07b87fa32bddf96fee70645b051154594560a36a8460d6ff7b00bc0f64f7b0bf3ef8c6c46ca544fd21aa4a

                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                              • memory/412-526-0x00007FF714B80000-0x00007FF718F00000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                67.5MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/3544-1418-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                64KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5176-1211-0x0000000000400000-0x0000000000D72000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                9.4MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5176-1212-0x0000000000400000-0x0000000000D72000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                9.4MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5176-1214-0x0000000000400000-0x0000000000D72000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                9.4MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5176-1377-0x0000000000400000-0x0000000000D72000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                9.4MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5176-1237-0x0000000000400000-0x0000000000D72000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                9.4MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5176-1213-0x0000000000400000-0x0000000000D72000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                9.4MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5208-1068-0x0000000000400000-0x00000000004B1000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                708KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5312-1069-0x0000000000400000-0x0000000000413000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                76KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5312-1038-0x0000000000400000-0x0000000000413000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                76KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-3146-0x0000000000AD0000-0x0000000000DCE000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                3.0MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-3148-0x000000006F590000-0x000000006F607000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                476KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-2856-0x000000006F540000-0x000000006F562000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                136KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-2855-0x000000006F4B0000-0x000000006F532000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                520KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-3151-0x000000006F4B0000-0x000000006F532000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                520KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-3152-0x000000006F290000-0x000000006F4AC000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                2.1MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-2857-0x0000000000AD0000-0x0000000000DCE000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                3.0MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-2853-0x000000006F610000-0x000000006F692000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                520KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-2854-0x000000006F290000-0x000000006F4AC000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                2.1MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-3155-0x0000000000AD0000-0x0000000000DCE000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                3.0MB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-3147-0x000000006F610000-0x000000006F692000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                520KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-3149-0x000000006F570000-0x000000006F58C000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                112KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5516-3150-0x000000006F540000-0x000000006F562000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                136KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5612-3550-0x0000000000400000-0x000000000044F000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                316KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5896-1078-0x000000006FFF0000-0x0000000070000000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                64KB

                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                              • memory/5896-1079-0x0000000075BC0000-0x0000000076173000-memory.dmp

                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                5.7MB

                                                                                                                                                                                                                                                                                                Download