wannacry | db335ca81e16bd533ea035387ae3ee18fac29c3c172127e4b1682994f7ddeb2b

Analysis

max time kernel
902s
max time network
908s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
03-12-2024 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

2313c0228d82eb9bf907ae1f005902c8
SHA1

4d7799ec7238440aaca788a4be56df90558aaf27
SHA256

db335ca81e16bd533ea035387ae3ee18fac29c3c172127e4b1682994f7ddeb2b
SHA512

2d7dc1ec30f6a02e458ad98854c6e99261a7f9ed0085eff6a84de2dc073973c6104987604cbc1b6668443cc3f4fc2cdf2f17896854fa015de833dbd8a81ffb2c
SSDEEP

384:XLnE71ocy4G4lbGaxBvhpNXgdSIF0WlObz6r0sZafs1xCejiw:XY71ocy41EaXJpNQdZF0bbz6r0sZAmxN

Score

10^/10

wannacry defense_evasion discovery execution impact persistence privilege_escalation ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD1479.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD1480.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 43 IoCs

pid	Process
5300	taskdl.exe
2416	@[email protected]
6084	@[email protected]
5348	taskhsvc.exe
5592	taskdl.exe
4396	taskse.exe
6076	@[email protected]
6844	taskdl.exe
6860	taskse.exe
6868	@[email protected]
3008	taskse.exe
3000	@[email protected]
6060	taskdl.exe
6544	taskse.exe
6552	@[email protected]
6056	taskdl.exe
6320	taskse.exe
4148	@[email protected]
6128	taskdl.exe
6784	taskse.exe
6904	@[email protected]
6052	taskdl.exe
1972	taskse.exe
5680	@[email protected]
2152	taskdl.exe
2336	taskse.exe
6840	@[email protected]
6396	taskdl.exe
4032	taskse.exe
6288	@[email protected]
5340	taskdl.exe
5604	taskse.exe
6244	@[email protected]
6532	taskdl.exe
8060	taskse.exe
8068	@[email protected]
8096	taskdl.exe
8928	taskse.exe
8940	@[email protected]
8964	taskdl.exe
9436	taskse.exe
9452	@[email protected]
9472	taskdl.exe

Loads dropped DLL 8 IoCs

pid	Process
5348	taskhsvc.exe
5348	taskhsvc.exe
5348	taskhsvc.exe
5348	taskhsvc.exe
5348	taskhsvc.exe
5348	taskhsvc.exe
5348	taskhsvc.exe
5348	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2560	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fpoeqxjgeleu832 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Ransomware.WannaCry.zip\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
77	raw.githubusercontent.com
107	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

System Location Discovery: System Language Discovery 1 TTPs 56 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3828	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ransomware-Samples-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5408	vlc.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
2268	msedge.exe
2268	msedge.exe
4840	identity_helper.exe
4840	identity_helper.exe
3632	msedge.exe
3632	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
1016	msedge.exe
1016	msedge.exe
5348	taskhsvc.exe
5348	taskhsvc.exe
5348	taskhsvc.exe
5348	taskhsvc.exe
5348	taskhsvc.exe
5348	taskhsvc.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4792	OpenWith.exe
5408	vlc.exe
4448	xwizard.exe
6076	@[email protected]

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4796	firefox.exe
Token: SeDebugPrivilege	4796	firefox.exe
Token: SeIncreaseQuotaPrivilege	2324	WMIC.exe
Token: SeSecurityPrivilege	2324	WMIC.exe
Token: SeTakeOwnershipPrivilege	2324	WMIC.exe
Token: SeLoadDriverPrivilege	2324	WMIC.exe
Token: SeSystemProfilePrivilege	2324	WMIC.exe
Token: SeSystemtimePrivilege	2324	WMIC.exe
Token: SeProfSingleProcessPrivilege	2324	WMIC.exe
Token: SeIncBasePriorityPrivilege	2324	WMIC.exe
Token: SeCreatePagefilePrivilege	2324	WMIC.exe
Token: SeBackupPrivilege	2324	WMIC.exe
Token: SeRestorePrivilege	2324	WMIC.exe
Token: SeShutdownPrivilege	2324	WMIC.exe
Token: SeDebugPrivilege	2324	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2324	WMIC.exe
Token: SeRemoteShutdownPrivilege	2324	WMIC.exe
Token: SeUndockPrivilege	2324	WMIC.exe
Token: SeManageVolumePrivilege	2324	WMIC.exe
Token: 33	2324	WMIC.exe
Token: 34	2324	WMIC.exe
Token: 35	2324	WMIC.exe
Token: 36	2324	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2324	WMIC.exe
Token: SeSecurityPrivilege	2324	WMIC.exe
Token: SeTakeOwnershipPrivilege	2324	WMIC.exe
Token: SeLoadDriverPrivilege	2324	WMIC.exe
Token: SeSystemProfilePrivilege	2324	WMIC.exe
Token: SeSystemtimePrivilege	2324	WMIC.exe
Token: SeProfSingleProcessPrivilege	2324	WMIC.exe
Token: SeIncBasePriorityPrivilege	2324	WMIC.exe
Token: SeCreatePagefilePrivilege	2324	WMIC.exe
Token: SeBackupPrivilege	2324	WMIC.exe
Token: SeRestorePrivilege	2324	WMIC.exe
Token: SeShutdownPrivilege	2324	WMIC.exe
Token: SeDebugPrivilege	2324	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2324	WMIC.exe
Token: SeRemoteShutdownPrivilege	2324	WMIC.exe
Token: SeUndockPrivilege	2324	WMIC.exe
Token: SeManageVolumePrivilege	2324	WMIC.exe
Token: 33	2324	WMIC.exe
Token: 34	2324	WMIC.exe
Token: 35	2324	WMIC.exe
Token: 36	2324	WMIC.exe
Token: SeBackupPrivilege	5664	vssvc.exe
Token: SeRestorePrivilege	5664	vssvc.exe
Token: SeAuditPrivilege	5664	vssvc.exe
Token: SeTcbPrivilege	4396	taskse.exe
Token: SeTcbPrivilege	4396	taskse.exe
Token: SeTcbPrivilege	6860	taskse.exe
Token: SeTcbPrivilege	6860	taskse.exe
Token: SeDebugPrivilege	4796	firefox.exe
Token: SeDebugPrivilege	4796	firefox.exe
Token: SeDebugPrivilege	4796	firefox.exe
Token: SeTcbPrivilege	3008	taskse.exe
Token: SeTcbPrivilege	3008	taskse.exe
Token: SeTcbPrivilege	6544	taskse.exe
Token: SeTcbPrivilege	6544	taskse.exe
Token: SeBackupPrivilege	6764	SystemSettingsAdminFlows.exe
Token: SeRestorePrivilege	6764	SystemSettingsAdminFlows.exe
Token: SeSystemEnvironmentPrivilege	6764	SystemSettingsAdminFlows.exe
Token: SeTcbPrivilege	6320	taskse.exe
Token: SeTcbPrivilege	6320	taskse.exe
Token: SeBackupPrivilege	6764	SystemSettingsAdminFlows.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
5408	vlc.exe
5408	vlc.exe

Suspicious use of SendNotifyMessage 19 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
5408	vlc.exe
5408	vlc.exe
5408	vlc.exe
5408	vlc.exe
5408	vlc.exe
5408	vlc.exe
5408	vlc.exe

Suspicious use of SetWindowsHookEx 57 IoCs

pid	Process
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4792	OpenWith.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
4796	firefox.exe
5408	vlc.exe
2416	@[email protected]
6084	@[email protected]
6084	@[email protected]
2416	@[email protected]
4392	OpenWith.exe
5968	MiniSearchHost.exe
6076	@[email protected]
6076	@[email protected]
6868	@[email protected]
3000	@[email protected]
6552	@[email protected]
6764	SystemSettingsAdminFlows.exe
4148	@[email protected]
6516	SystemSettingsAdminFlows.exe
6904	@[email protected]
5680	@[email protected]
6840	@[email protected]
6288	@[email protected]
6092	osk.exe
6092	osk.exe
6092	osk.exe
6092	osk.exe
6244	@[email protected]
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
8068	@[email protected]
8940	@[email protected]
9452	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 4104	2268	msedge.exe	78
PID 2268 wrote to memory of 4104	2268	msedge.exe	78
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 2680	2268	msedge.exe	79
PID 2268 wrote to memory of 4708	2268	msedge.exe	80
PID 2268 wrote to memory of 4708	2268	msedge.exe	80
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81
PID 2268 wrote to memory of 3076	2268	msedge.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
1156	attrib.exe
4712	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff089f3cb8,0x7fff089f3cc8,0x7fff089f3cd8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=904 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1136 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12126765413323508046,12478151268416109064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
  2⤵
  PID:5460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1764

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E0
1⤵
PID:4488

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4792
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Locky.zip\Locky"
  2⤵
  PID:3352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Locky.zip\Locky
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:4796
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5477ecbc-5eda-406a-a7df-a8e7d8a8d31d} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" gpu
      4⤵
      PID:5084
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad82e48c-691d-45bf-8e9d-d423b5597e61} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" socket
      4⤵
      PID:4468
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2528 -childID 1 -isForBrowser -prefsHandle 1168 -prefMapHandle 3156 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fc8f8a8-e651-43d3-85bd-c65e6ebcd16c} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" tab
      4⤵
      PID:3968
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3204 -childID 2 -isForBrowser -prefsHandle 3216 -prefMapHandle 2948 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b94f3a77-28d0-4a6f-9e85-bc4568891d9b} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" tab
      4⤵
      PID:2972
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4392 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4360 -prefMapHandle 4416 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdf91ad5-b066-4fd5-87a6-60a12e33fe61} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" utility
      4⤵
      Checks processor information in registry
      PID:5236
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 3 -isForBrowser -prefsHandle 5604 -prefMapHandle 5524 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3da7c28-e81c-4af4-b352-6ea35aff1546} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" tab
      4⤵
      PID:2076
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 4 -isForBrowser -prefsHandle 5720 -prefMapHandle 5728 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1afe8c4a-80ed-46fa-84ca-f56801fa23ba} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" tab
      4⤵
      PID:648
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5888 -childID 5 -isForBrowser -prefsHandle 5896 -prefMapHandle 5900 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a67bd48-145c-4090-9e29-f3761fb98acb} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" tab
      4⤵
      PID:4388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Locky.zip\Locky
1⤵
PID:5168
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Locky.zip\Locky
  2⤵
  - Checks processor information in registry
  PID:5192

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Locky.zip\Locky
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5408

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:6132
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:1156
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:2560
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5300
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 112251733246357.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5260
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5384
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:4712
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5348
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6084
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:5280
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2324
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5592
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4396
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6076
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "fpoeqxjgeleu832" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6080
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "fpoeqxjgeleu832" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:3828
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6844
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:6860
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6868
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3008
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3000
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6060
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:6544
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6552
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6056
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:6320
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4148
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6128
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6784
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6904
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6052
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1972
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5680
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2152
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2336
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6840
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6396
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4032
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6288
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5340
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5604
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6244
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6532
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:8060
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:8068
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:8096
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:8928
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:8940
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:8964
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:9436
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:9452
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:9472

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4392

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5968

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:6268

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5788

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5268

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:6376

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6764

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC
1⤵
- Suspicious use of SetWindowsHookEx
PID:6516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://www.bing.com/search?q=create%20recovery%20drive%20windows%2011%20site:microsoft.com&form=B00032&ocid=SettingsHAQ-BingIA&mkt=en-US
1⤵
PID:6276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xa4,0x104,0x128,0xa0,0x12c,0x7fff089f3cb8,0x7fff089f3cc8,0x7fff089f3cd8
  2⤵
  PID:6300

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:6984

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:6892

C:\Windows\system32\xwizard.exe
"C:\Windows\system32\xwizard.exe" RunWizard {7071ECE0-663B-4bc1-A1FA-B97F3B917C55}
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.msftconnecttest.com/redirect
  2⤵
  PID:5932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7fff089f3cb8,0x7fff089f3cc8,0x7fff089f3cd8
    3⤵
    PID:5768

C:\Windows\system32\xwizard.exe
"C:\Windows\system32\xwizard.exe" RunWizard {7071ECE0-663B-4bc1-A1FA-B97F3B917C55}
1⤵
PID:4996

C:\Windows\System32\ATBroker.exe
C:\Windows\System32\ATBroker.exe /start osk
1⤵
PID:4176
- C:\Windows\System32\osk.exe
  "C:\Windows\System32\osk.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:6092

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E0
1⤵
PID:6648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
25KB

MD5
e29b448723134a2db688bf1a3bf70b37

SHA1
3c8eba27ac947808101fa09bfe83723f2ab8d6b0

SHA256
349cc041df29f65fd7ffe2944a8872f66b62653bbfbd1f38ce8e6b7947f99a69

SHA512
4ce801111cb1144cfd903a94fb9630354bf91a5d46bbbe46e820c98949f57d96ec243b655f2edeb252a4ec6a80167be106d71a4b56b402be264c13cc208f3e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
20KB

MD5
b3303bfe068961cafd193aee904f258d

SHA1
92e8a6f107eff1166d8f43e63632319b2e835835

SHA256
ffa6bc99a563c0f713a55babaf439e91c94361f01625e685bab7e9f018fe9910

SHA512
b6b67c80748fb54194850569217efdc0f47a07e4b95b0b9e2b0cb3cf9f4119d79957834a21fc292b2f9cfb504982f4a7943cad3133eeba2f68ad1d62573fdfdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000109

Filesize
34KB

MD5
cd28431242d66b4fc00615b887ac5805

SHA1
4c03d0ce1ddbd9e7e43be1a56149d0dbd0437ffc

SHA256
8eefb6c2900b6184c43c6844c1abcb416131953406d7e3077676b7c8a86009d6

SHA512
f59f4771144e39902a5af5aaad84865e2c946d1fe7d617190775ef136e8b9045ea1bc8754c78597e1809b75f74b6e7dd0f886299825aa80644bc6b7c7ffa3e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03e48d0f16865215_0

Filesize
200KB

MD5
cf0a55dba3a882fa971f3dc6842bea20

SHA1
cfaaa58fe42049b4f202a8631ca240ef94987cdd

SHA256
9910a6e014e052c84ebbb4e42f33e3270289dd494669d4d965b5d29b53d67e37

SHA512
0cd9095a4188f6e48c34a07d71ef8cf7786e0ea9921e4ee867228320690a07adc766a8f2c5d9f7184b8439a09fbfbca87374e924ec06a42c0a62fb9298a1a456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0

Filesize
6KB

MD5
7d12221cdb0451c3f14a170bc68ebd50

SHA1
b3b4a77a982701ec3d6c5733fd9196c3799594c0

SHA256
92c974ad2465beb97ecad3676ba677e08c3d126e2885566f55962e5bee56b081

SHA512
d9eb8d7581603e665e9fe41a4e1c975b07ba9218bd64b02dd1c4c8292b0550288371393e75af0ca5e3d4eeb51eb02a3331121f63bcf76c03da6c1aecc87743ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\055aa56c9a7693c4_0

Filesize
294B

MD5
0248e5b0918eb830ef94ee9686a31ccc

SHA1
1eed044dfa48e96c95c0271ad81f2fd3e9ae2d46

SHA256
d7cf8ed6c2537035000006589cac3d2a5ac652dd9bb163b53675adb56fb01c62

SHA512
03789dd60b65cbd4cf0d57707649237a3877b078de40e1f78218e5c8b8becc48d13d909c35acad6b26ba0923bfde87c6555fb7ef4f39dbc6c0d77d749e743944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0

Filesize
3KB

MD5
73b96bdbfdabf846990696e13ad874f0

SHA1
49a634132d4bf75fff796ffed95447c74f05db6c

SHA256
f4e01dabd65bd43dac9c54352d9c5b56cc3faae77b5ba9722eca0c7fb0b7d2c8

SHA512
488778bc129059f2c2999db7a3bc52c45c1b8a82e669dca6447c945a39b0debc480ca24fae6e7ae67378a32d7a590ec2a550ab5de6f3e20f0c7b6dcdf414fba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
6ce47771d607bc4fb152ad47762e56f9

SHA1
2c1c94ddbf50df7d4f8c8ce91eb552e48efc4a34

SHA256
d6861884e4dea1b25477c4ea0792674334ac986c6bb3057e0a597b57c2dcaaf9

SHA512
8a072aba17c9c5e0fdd68c707514bb775b4c97583cacbf7d2443bdafd79977bbf5ebf1027b3f409d9be5d8ee512852746b8470ef3b240955ba41fd9be497ad77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
e26381f1f90848e6d76cfed6e1b5f7a7

SHA1
8a11e42e4191cfaa3a541b974d03670cd2e01be4

SHA256
616cb346f1b8022e09e1ed9eba325c4ccc7ff493d4e63282195109e1f8a8ca5c

SHA512
4dae51f198fc83109599bf28b5740f8a89cfdcce6fcb1875142c30174e36f917bbca3f025d126c80413dca7652f6bb03a490d38e3c9ceddf687caf36554f2ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e3673adaeed829c_0

Filesize
12KB

MD5
fe2c37489689fbd97b91c927ec3e783e

SHA1
1df782cebc4c134ac55fd3bdc2182ebbe0d4463d

SHA256
42e70df2308df32429fc8a495fac348c3b8a7616ef32a8c7d9dad5c81f1cc0ac

SHA512
149e5df7374e73fb6edfca3ef81390217ccf2456b768318f0904ac7deffc9ca9d3364e36657038985cd666f8aefb057d6fb6921325324395b97c505e8f9e9d29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\242d87fe25e8b258_0

Filesize
2KB

MD5
52e300cdb974827b1f831407dc78d1b6

SHA1
829a7da2ba1082efbf5af5d93341d18cd5a4a841

SHA256
ed8137680a386bbf234eef91b9df9af70ba9696e1243fef4ef260c7b97053ea7

SHA512
a45577aac036cbb453e8ebe5c83ac5fec7b4d18ed168d5aa9de3fa07ef5cda550df16673761bfff1c6452ed26f980f2b539855321adab0e6b6a65b70d2f2da9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
d6338b7a3236b3c015073010982eabda

SHA1
98d18fe00053302f724b3b08a8cf34b9276b12cd

SHA256
0ae6c957676120752128de6694a27b7f359c417caa6b3f8808c536258bd467c6

SHA512
1ac472f67a604ee87164fcd58f184abcc4d3ce7a8f9e09909898d4dd352bbef7f047067771c406e56dbb4d9f29f5c512aacaf1f326a01697525b6217cb135879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
b40104664fc2b2b46a44f6e3d05ca843

SHA1
b36b3d8ae7608c05787aeee1b7f82302d08c21d0

SHA256
fa65e6bbc40ff27d6cb4a6b7fdac7fbffcf2fab91b872fa59ec025ab1310a79f

SHA512
f4343499ab443d5763e247b12751d5a98591924e867253cc0e37061c31daf08aba62b952a767ac00a07b7697d5b656d8289523b6b1ab1a63a3268b3ada411589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
490c0c465fa8285001b5df200b726160

SHA1
ac7ea52c215903b616589c9130c3939c9f56871e

SHA256
6a655a12eefb7c06b4a18e6dfa3bf5b380de2129279ecfe74496130a7516a3d0

SHA512
27ca80a0f4c11711cb8cfaa953fbc76e4c2179fcb94a9ec6143b9973afa875018ec5cb5bbb54a617bf3a0186d1df8d28c1715e035d528f031576f1d4eca6397a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ee363c0f25ea722_0

Filesize
175KB

MD5
25adb313ca29895dd5cfa54285d1d4b0

SHA1
f0b8de608d5bdf0050ac6e8f112e08df30a87591

SHA256
098d98a1ba8240c026c596a3dc99ca5199a407787489d06535c5e73b99320f61

SHA512
1d45ebd74682f2acf3e130ad9f676f8276165f81c4d0ff55b45d2c03c39f25f7697d8b5835a4b043c7e825150f2d929bffd1cf2b5e59b36d49e553d1105a8b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
5effd2245ebfde773311b6135516c45f

SHA1
7e61f62f403110471227f4ce77b9cea5df51e94f

SHA256
8c181b18767ddc9fcb669e06e7214e075f19ea01e0470faba3e65118de39666d

SHA512
9a86848daef57be373735ea089e9d9a4ea6eda2c35eb17cebc342844178e64be41307a66bc6a274e6d7a8d18b2436232cd72ef025aab3e75edc1f6f4784e2703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
183bc638d071d4e53db6391953598326

SHA1
4fe63f14c0a5d3f87edd16399923188c62ee43ba

SHA256
c171f494d1f54297f02f3ed6c51f19c13d84605b3f8fe9271b36225799d80fca

SHA512
c73aa404a4ed5a1e4bcfd4b7ce63ba4c95e75eba988d046e33b8e74c5aa6c21857898050764fa9eb008d611875a5836d2d5ed79c0da9f4144313681e48b14bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
18aa9c1a081055cf2e18237b28f2c566

SHA1
c182ce67630bce78d3e856212446c26867284052

SHA256
3ab588f175fba40eead532b97d11b697b0d751ee750a1c0e888ac4d88b093c1c

SHA512
69550f0361ae0febb707689fc577fe8bef2b3e28f4b34cf7902739fc22ad38b91b89b15ca5b6b3a42b83316dc47d0451188033aedbd6200185609139e63dc8a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4de9df79c57fb3d8_0

Filesize
7KB

MD5
f4fdee6988190d3cb3e64ce77737df86

SHA1
3412aaebd3278d4bf16357aac18dc7849ded72ce

SHA256
df879c9e67eee704f6dfc69cd5222218da3195faa3e406b0d42dbc8ff04d6f9c

SHA512
30e70a997dc02ce77df10aacf1395575d6f62c6a72233c29db6a652ab79e1f61c3e47b2f94d29e5011b7cd20b0ff39b59c80137834902bd2574c82399e5ff63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
83721fa0b7edd3c17c3c668fea07f8d0

SHA1
9afba7fe9b59404e29fd3cbecb192bf290a4c16a

SHA256
94a8624e461bbba4d56eab784ad4222325a277c85b9c775549d066fdb1f05e60

SHA512
ec2729c73eb93935dae3cb32870ba780259ff5fc0459a221189e7e81aceafda9c73c0ba12ead9cff14c0a9ecd2f012a90425cad61308d481e1a5577acb398f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
5d30c1c7821380417ccb4a759e581a88

SHA1
f2a996c61ff4c2e14a15e2f2c4fc947379ede879

SHA256
b367ae05211135eb0fcaa5bab01dcecddb572ba4ccd1e9fcdd64fbcca37c1abb

SHA512
3e229e9c0cd59951581b9d9a4c1ea2e4e99fb813518ac0c3ce7cd709b93ffe542faded979d900f368c8d2fcea38736e55dd807db7b25a5d3b5de5e43cc8bc7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
3bf469b86e541d6ddce0aa89cc817ca0

SHA1
d6a063940811f7bb9238b7f56b285770045e7388

SHA256
73618754629b808a155ee79669071888981c97f8ce040e82e671ee280b277c4d

SHA512
332794e5eda29444b2a7a4fbc10be1e16d9023a09c821409fdac17f19141c07a30cd1dcb80879046dc98c0cdaeca14dc7426be7578c0714c750214978e8e1199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
54570cb4109e654b08fc9f22d5559ed4

SHA1
92c652ca88da81da0a9dedadd5651f64cdffe9ad

SHA256
f1214924eb0c5af96686ed92e156382d6a3523262e15568ecddb0c3a237415b7

SHA512
8961c72db8839602a927ad196571f84efa250394ce6d443ccc414259f6d3853afcc2a352464a563b7f7f246ac0588a661af8c393cf9e992768a1cf89b98db78b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f1d94d5862e00f1_0

Filesize
11KB

MD5
670a1eac93b1d3f7d21ed6a90705eb51

SHA1
7e737c1b56197f32a64f7d8d33548cd799b14bc8

SHA256
d3810d7927d8209baf7fc8571b834f596af7c15fbec324a3e5d4d05a0bbcdf93

SHA512
4a448448595992fb16b9d3cc45336a342f435df917a103feed5a48270528e848685e5ddd9ed4f1accb3345fb7a10b2975e7cc415992cd76ae8a59d40e224be08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
24f308a431d343d2842731e8b959aad8

SHA1
bbe5fab8deb95f1a7ae80eaa1929577f2844d236

SHA256
fdd158c17528ff0827411bf9abc0c125dd2a058fe1f71edd19ede264ecace0af

SHA512
28ceb8f39ed085008ae0ba0b0150eab09aa0ce108aeabfb90fc81fdca82e2986b208285a34b14e813f3e7dbd6dd168207578ab20937a007a766c400f397cbbd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
1988e03669b2d3637ccf374a98b25868

SHA1
e57936ed1245ad361e08dbbbde9c457fe2358474

SHA256
90956fd87c5b4713ad16a134566f49ed3c6837ca7f106abc39bd05253c8e963d

SHA512
d12c1891433cf56b01a00899f1c437e3bef7a357bab08af482b7b3c74f478632a7ea55a65a81a1e24bd8f4c1107f37f28c2e9ffeabbd70ec09f58175920aadf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
2KB

MD5
48f38033d06dd30f4c618f94e15aabb0

SHA1
c7bbcbee0f6ac5160be2caede37d06196a994e70

SHA256
340d3a341bb5860d9cc94859e7fb65a18decbdbde08e6eec43c3db3e353c90b4

SHA512
5ca0eb131518ec0e7d15a237bfda908a0b6eae20ff11c28599aa7d847c031daa54026169455912accfc91b1e65d8b2bbd42f02caf642bc06cfe994cd9eb09119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0

Filesize
2KB

MD5
606cb8d286fd6327591610d34dd878f5

SHA1
6a2bf382c6822edd378b40ebf07b59b10ebde53e

SHA256
f02c87b9a580230561c20e11c36337fa63036add6e6f68778a4368184f2316dc

SHA512
1d351d41b9cb13a5c86f993dea1db28e82b0170b848b000ec09516ca11ba7affd6560443d320527ecafa183113d5d4552c8ea592f308b8ee3ab5577294cee178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0

Filesize
3KB

MD5
55bae12812d1bea1c89d4601accc59c1

SHA1
ec99905696862859fc5efecc96d9d10589a81950

SHA256
8f05a14dd6575e7c25c80200db07599a49305371faaffcb30f22ff2e6597bda0

SHA512
98bc3c5374c1fa88e8ce07e21ebf67e218202d072b7919410f82ba9ec491fcac6b932d4357eaaadeace077b0886c3cb8ebb0971ec7cec0b6d15c73aef78f0f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

Filesize
4KB

MD5
6e74d03b959da76bab696a9e8657c34d

SHA1
16b1465957ca81b76148cbe41132d66177bc3d8b

SHA256
f53973333afd30e8e4c1c81822d58a57450d58529c6565d8a0a8cabe0ea580e9

SHA512
8b3cadb8a8456cee1636021d7dc2098ab19693f0370dd24c37494ba52ce09f3f64b991e9f15e8c40a6d0ab7dfdefae8bd381cc237b7e9f59d3ff39283af5b472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

Filesize
3KB

MD5
07a2427efbeada1d5d3e717c4dd652e6

SHA1
a8dc826788f4dcb8e911a237a39bba85755b6ed6

SHA256
80cd9067b0850a4dd0e26b5a83904f520d8968444ec6cdd20686a5668f8821f6

SHA512
b36b5391c60e23f278196ec56e3a584e1512556a100ccf35923ed023b1eb3a0995ff03c56f5c038c4a986266d4ee4587834a01ae72a2dbd3324136d3dc785c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e2f3d5cfcb3712c_0

Filesize
13KB

MD5
d4304515a5846c1a6695f380fd27b76b

SHA1
259593bc7d028591a5b45ef101a570ca8b6abdd9

SHA256
5962fc3cef503fe7b7c37b72b8c90deca278d627b118431807de220273dcda65

SHA512
25513091293a7d232ad203907dac44f4c4605b95bb2a197f2340a24612b5fe9c855fa40b75aa9a654561f5936d6b9b130271e205c38a30dc45930ccacbeaca92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
5KB

MD5
e0f7df694155f3aab83dc9a616b70728

SHA1
d877c0df9290b3830563a9ac47e95ac4047becad

SHA256
5691c2c5b381c3957af14f8c49ca47929806c0f07dd7750cbec817486c92de01

SHA512
198cb05497b4ea5aaa62988e4daeba2b573bef8aab0f8470fb8424a909a6451494cebbd72ef7838147a32d865733915a1c0b6d6744ea85864bde83504689570b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
a895f60a6adeae0a2984dfb77a15b297

SHA1
2c0b1494c8e65b42cf3b703239059aff066eb76e

SHA256
54ae2c739643a7de3a89c9b8b84bc0fe1825031211ac88bfaa148ad58ef0491d

SHA512
fdb7797a740e56a3016a7ebd191fc5195941ea5e98f2737851aaba820768a3e23f0276a169a9aa30c4645808add1e12e32f95f018a46118df94232fe818ff1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
b838382c14db64bd41b54d9abdc8426a

SHA1
17befc3f49f9d2aea94df356da9cc881c8477eef

SHA256
2a1be52358a594081c9dc6c8b0f20907885ec88db868082c1469fae5d4a6d1bc

SHA512
4b0f6134a8f044031d02b6b0c6d4d67f3605309a9c77bf33b3e5358830bd3b3656e8c9e6c9d980b665edd9c3714e35abf9b591fdbf11978e1489cf4d63a992c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782d018d3f59e184_0

Filesize
27KB

MD5
a0d1b41caf084643c8052f2166950902

SHA1
efc255085a7ed3e12014cd941f5870093f84356a

SHA256
ba4f15862591c3f6fdc0605758716f98bc2a132d791065c2c765b06aaf24e5d2

SHA512
d733f8490bc3744662a6f595f358fb9524721551d1847dd92798bcb99cd8b134bbb936d6ff48c4627846d22955721a55364f58cf1bdc7903b599abdb90a066a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0

Filesize
2KB

MD5
c61311beb39c9ee28b684fc3a0dbfe96

SHA1
93f931e479653999f3ddd5e383f3d7fbc7792321

SHA256
efd3c775a9c76ff0341af78fd3c5c84d3f3c6c9b614f8c433c5d5d72e66dbc08

SHA512
134f7bb7df0f6dbbbeb65aac8fa9f535dd61b8a30b50e3bd237c6fe90356d3cf73d703107916b04331c504c85943e2cadd317a3727370502a106bde885fac87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

Filesize
1KB

MD5
64a145002376d81b5ea475f145ada6d3

SHA1
d7f858b6d8a98f5e7438e2a45bfb6c0e74d89823

SHA256
06fc820a608baaa9f590ae6bc00de1065d56ddabd664f35c0d53c23f49dd4299

SHA512
20c7b195a49911578a6ad3c091d96e76398c3b22ab6f005dbb8ec54b2857041fca11512b2914efbebd6f7a96d457c3b47c493d0d244e84dcb33e2844ff7133a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d07dc3a67fdc3b2_0

Filesize
8KB

MD5
835b7b34adbe189a345fa69e7f16f741

SHA1
36469a66da235f383835c5a62881b420574278ce

SHA256
d1f018a16b4a8157a28ee34c7f2bbdb6cb528c1b599e021bb55dbd68f1c1d83e

SHA512
ae01280234d9fa8e259fe8acb2300f538f3b6fe869781b541e59faa5b142e48e0bec0497479f0c6992b3591883bad5be9917a4e549748401880e3b5fc15a67de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\827a381adfabe2a2_0

Filesize
1KB

MD5
615ed13d3241fd0e89f12699784d2bbf

SHA1
e6fa52a054b992c2e0b70e688270445c99e47938

SHA256
a6c1a8de021a97df0a6d2adeadcf8fa9b8532748779544cd9233e1ee1ef718cc

SHA512
ce2248e17153cbf3dc7528018bfbda6bad029b7723fd845981adf6fd3a4f2abd5d66f5d6533b4633a733ad8623de8b14760a1e1157b0a0cf36d3ee819fefee65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8551150be49776f3_0

Filesize
3KB

MD5
00afc7d0c938def491b33d8aa9402211

SHA1
f22e008d494adf5125d3b0760cdba3383c7b2345

SHA256
740048a45f641fcbe7f36355fe910b84bab7ecbd2f3ed4121713f582bc06f40d

SHA512
299c759246717e8349b7744950bad967b05b444dc9c2508975664e0f19a005f581a6ed6b87b491f5f2fb143b09a4330d1b9dd861332bc58d84ac0a86ee1c60a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
1adb9f697aaf05569dd4566b0feaff9d

SHA1
d1ec11faec6150c94c8b5a8c2ef97b140dbaa12f

SHA256
faf121a26b7fd18b62f6cb202053f501648d941a9f5c56d8b4dfeba21c9702ee

SHA512
fa86f78a4132a215b132ac3f9321b1b2b0486d9bbd6c578d998c137d1db2cbce6f970b4ef747d47711fc9c8b76e2f90c7731043e10de533c2e8f7d365e65e2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
f677cd471670f41b0d21f83f10bf0aac

SHA1
93a575a0bf21e2cee82b2c5f4361360f0a1656eb

SHA256
2f7c8def62df330962bdea5d557a30fa64775e0d77a8c52a7342854ef4ff720e

SHA512
726387f3583630fee63abc9b529cf3eb3d96a95a3774a4748eebd4e875d085ca7f279df9a3c840eae1d2d80e46778a8a71e98dd6fe88181913cf22fe8167327b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
3b0f38b3f2b6be683ae815110df11a11

SHA1
4ad39730ce971dc4663f44d9565ef3e0991f719b

SHA256
9bb5658e544b703dc8242e88dd15b4949e0bd995597e635b67c68196a6a8a042

SHA512
cff0d8ac0ad278e4a34845fefb9cf8d4514a4a3e287f9a0637fb702cbcea3e9eb50a736db763ef450f41fc81e90fe598dcb0aee50d9b4cd9e8f033b995dceda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94124545ff7315fb_0

Filesize
23KB

MD5
e68b93e05c54df49f59ac8e7069a9e1a

SHA1
39cb8e8f75656a31eb6c701b20d6ff0525c972f8

SHA256
4ff62a7e92499bf93b1d48ef6b2a66b948cefec2883ba0eac2253ac2085ab7ab

SHA512
b9865df066d15255e040869762fb748d4231d3918e2d507ec5ae8c747fd1706f80398f5545e47e8bf1c47e2fd1c732f682e4c005b0873b4bee6663fd63ccd8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
f15c58cb9ec2ad262da8b05ea2566158

SHA1
8c74220aef95695881e206ab60b8f0a61b342d61

SHA256
b4aaa3a14d6a64ac6469fea2ff4e7634a45a0a16acacb8761efe8aa530d3cc5b

SHA512
bd249744c6d05ba85a012c7306138a6d8f5cb8fdc5dca997005c8dd819290114323a839e066877a1e253c2271b5bb2a8df8f8dc5b6a17f2b2bc0460d139ee6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
03d1852eaaa5c9f17a093e500574d690

SHA1
c6430eb4f738abbd78c4ba5d0c5103b3009815ed

SHA256
276b8ffa27d2a69acaefa7b5da5e2f21f99e970b570b5e450d514ed2d25a0a02

SHA512
8bd9078d993d80f9bd7e44edcd6408d6239b848fdfb987971078c18c0b15900152f5a5ca19c39116de537b8255d1080f853c80682823278d3ac2c4e07e088f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
4596599a6ee8793c42b346545835fb81

SHA1
06ca669d6a63003c09f2b8697bab64714f11e585

SHA256
41a75ff24eb9cda9e8d012a2bf115f400f78e7e7b0241b4383fee64dd8896514

SHA512
be770ab3b9e19015739805ce12ccbe6c7f654d082329696342338f31126a7a4b4268bdb309c844504e27b7325a7565898710e4d6d5823308a25a951cc89b4a5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

Filesize
2KB

MD5
e31e11af7b782dedf2baf6e62e801fae

SHA1
3f9fe4750b0383a372971b06e6137730cbd4fe69

SHA256
5bdb1d1f48ec9adca04044745ce08f7e04352ed9a619828f47beba55ef18c88b

SHA512
bf1565fc1547f9ae3e2195756ed624ee4a693bef322800799300e4f2591b2b87f0c8a1d3fcca0e031f6ad15e91672dc1cceddcf7f07fef3cc8617c6920d36d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4a1a8c8f776f817_0

Filesize
291KB

MD5
cbbc46dd480aade51aa663a604e5b277

SHA1
eafa6dec6e52f126f0a4446fed0e6010789a8072

SHA256
305a89041bba91f4726990fa0b6afaac17be513cb7b8f66fc8ff46e1418e0f94

SHA512
e9e467aac5f25272b5b6ee6a9c441515e8bfc062da3c5087e98fad2cf86072451553a1732151d6b6c4c7ad80c248c13d63ab4ab17359fae1dbe48219db299c8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
40a5b7efaae35403fa82f51f6bde0582

SHA1
7ed2b983a04ed8aa8578a0266a53a4a9246c00dd

SHA256
bf1fa464f9966476ed055c5b16cac9372c9d0fe59c0f4950ebfb1dbaa43d3f21

SHA512
059b2d83944924e8b62e378fdc7d6bf5d24c439a64071c59fdd7c621c8086402840d12066063e57ac69eb2191ba2d060cd39c7c592079033ccce90aa35e1038f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c211c9dc68f4bf01_0

Filesize
2KB

MD5
e16bc0e2e9fae30a5446916bc7ed6112

SHA1
b480376c5689d9556a26139563b304db315acee7

SHA256
12c66f22c1dd3abd667aff3358d6403d04d2f6040345cee6abbc84baac29d6f9

SHA512
c1de637ec874da4580ee15e3f22a80041e4dace4590f2005e635fac580d787ba2e33276dc75e15a03160b6e286ce080cb163f5f202c93c08856b898c0862b45e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
7983281c72208117b429590723605acf

SHA1
c615000d85561e3db27dad4984f1713525ed0e95

SHA256
4bf7ed8cc853aeae64b7027016ca528ba632a1ef729447f35c07473ba6b94b3f

SHA512
fa3d45b8315affa50d673ebda4acbd4a03cccb31e5ebbe9215a9a2b70ad44e197f8c1dbc2f360610a592808ee1890d4594cc56fceb682c8ad4f2e8d6642ed7fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
cc08e8d243bab8d26c64a644f3dbdd3f

SHA1
2ddbf8498ce9094977d2fb8e2dbbe8377375d03f

SHA256
262ca351d421957e7b73f4331df76490adc6e753735af587fb519a6cc0314109

SHA512
da170e7970be8c86b0014575a58cb8e55be0c099115b9aef6cce9f90d68be139f3354f8ade9f35e950f3c312393d9197abb2727585a1ea6ed5dbbe484041bb26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

Filesize
6KB

MD5
4b00afd16fc1b6b724c1f4db9b9d73a7

SHA1
aa61d8542b8736db29abef656fcb89b0c5206c3e

SHA256
8b35bb28adb510e488065606c3ef45631985b079aef1360f7d5afb3f2a3a7ad9

SHA512
c0d6c5d0d2b539ff35f5eea3af17909ef43822121af16578dad82cb650865d0d5340816dd52ff2c66488ab7871f8bec18f82d1db8e4b1ead5cdd65967f38aa69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce710d4a676439ae_0

Filesize
75KB

MD5
b39f95b19bd574aaaa37adc0443247a2

SHA1
49a3ad589156bbd7bb6de0f1cb054d346c3278bb

SHA256
ac382a2a1d5c44e4e2dda500ac6a47f34255fc7fc078c8e725d0b52034eb8428

SHA512
bd0b6f77d991b2d191a28ca43ba6cf4b3f6afb29459108bf799425c737025da66c9eeb2f5ab9b9051646507d10f443bf6919684721723072c0fd1ecc5b64a20c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d23c5885716d996f_0

Filesize
262B

MD5
fe9ae160c2166b8abcce1f0c88f86363

SHA1
cc4de5d604e3667e9c22775482bf16b011907ec7

SHA256
88d75307d4f3fcaf39e19f93de5b8ee00c84040b2b4a254d09d124b9a78611fe

SHA512
a1696747afe706457f150dcd2df5f995d1c6abdf9063af32e478db5d36603352ab33e7f0287ecc867fbb47c96ff7c3217d4dca8bee20019c18bce7a2559c2b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0

Filesize
2KB

MD5
6f227c6b520848b43b033c501771367f

SHA1
eb2d426b0da4aa2139f9f7d075984d8b8ff3c7f2

SHA256
bf4e305a7669d96b193ea4de7a7d07f4769a40f886678c4df46979803d4acdda

SHA512
87ead4389a0114cba8df62e8a67e8069ed15c3e0aeb4057f341922c2e7d6680419534d0f6d5a885e5def0b7dcae665dddc132c413f234c760173ca6e4beab2f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
562d2967b1eafc6c224f1f5a3ccda65d

SHA1
29cdb776035c2a479c034c79a826b1ea097aefcf

SHA256
0ca031e44df8d6133bb3c4115fb7f55c3127576814940fe436e59ac181aa6fae

SHA512
0139b104dcc993081291c3fcb715fd8962f196c59feae531ea3e7e2a384177521c66cbd8ecfda3565bcde24f18c961b8c8422a921a85f5fc070ef46f9794fc5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da82014a94532e8f_0

Filesize
28KB

MD5
dec3a69855444c5f3f4fdc4c28dafe5e

SHA1
55b959b5176430523903b0dd8f2eae21cb114114

SHA256
287f1acabae7724b2a76edbfbc5ed2447133222d07743e39cbbaa5d840e2c43f

SHA512
797a837311b02453547729f16a162b0e30517865fb1cdc6f4c29513c0357c9b31954fb45cb4e961645cce2efbe12b5f47caffdf4d3518125cce5f7eae04f44ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
ce57a07d7124c5619131706a9f62c207

SHA1
6caa839ed7230afdf888bb4cbe097ff7c9d02dcb

SHA256
904089426eedf6ff569066bf76f6e526d617ddbeee9132b1b5dec914142fb3ce

SHA512
0da7854dba1008fb56ff7825c8df5c6dba12d447a38ede2ce4cc3d76231b3fa26c6cc5c8390b8c3e22df07e62f4fe090c7bfe02803ead2ee01310d5f2f8da2e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
48KB

MD5
b5e736b3291166c1444f197a3ea92927

SHA1
28a17d59aec39c0d209354b38be8f72ff731b842

SHA256
fc27da1e1625bf58ae8b423e9d42eafff054ce7da41266049acada4cbf83f57d

SHA512
ee73d61403c88834977259518fc10ebc6d9e10f957491f34159b21083f992ee43e2f16d3334ba431cc54a964f79ebaefafa7d6f1c68e38ae6ac4964e9760a928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
daff1fdb6587aecb43b7cac698c3294b

SHA1
acc63180b72f46347b5141cd24c21784010ed427

SHA256
665f5a916ab85f86b33d64fc79d18331fba20581e7fd6c14801a504435545184

SHA512
3d76dac8523a86f27565ffae6ff548c4bee432c3ed59430f2c8fd86014ec17e6addb219db9aa8949ef9c724ddc2aa14af93143051a9836fae38e3dae8ad33b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
26KB

MD5
5904ebdf2695694b6676cfb84a9bc742

SHA1
17053d6579210ab24ac9582b99094f90c237c17f

SHA256
8094d508bfac87e4cba85d884b2179212ab37c46386328cf13d4c4d833490299

SHA512
c093e056a1ab9140ec71e7ed3e445865133a12b2f3083de2a82dc1773fe50adf9a78a78cba63cc6d439fdf3bf272ba37e2a2fbfde977454b0d9dc5ef9c30e0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b988ce896369f80221b784195e0b43ac

SHA1
faf8fc0cfe596f662ac2083177848ff40e26f629

SHA256
b618a7ca9b5cb412efa6fdb3e1668467fe128936f606879e0df60fc29acc6468

SHA512
759622562c48fda636522639de34ad824bda82bb4e37f356b617e73711f8ddeb29b3f87a683465c70d1b967f2e5df8e81a114ca4e632a5c5e2a5123f817ff5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
885a07ac8ead080444b2b7663a7a0ed3

SHA1
a47ab795e9fb769cb98833421d2f58cd7c2ea16a

SHA256
bc6a1342d21ebf2b5ef16d76a9beb2fdb230605e601abd42afe9a6d6ba35694b

SHA512
2a9ab3647901ec2ee3701ac290e579477765ea26552fa2a564f799dae9b84b426c43e9f86f1ab4beb0d0b2a5897982dd25f15b9c6f38b17dfb360702b0c61a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bb2df495d3b07d1e6125ff0e9c334b72

SHA1
9cfc42a647645bf1facba856eb1ec1a31087541f

SHA256
5957041a4af2fae5f98fde7d7ce6d3b784a2c3151756366426713fe021a89cc5

SHA512
09860a91f1b25648d4596d843395f080d8b8c96d750702e80e7982099548fff2372282f67cf337675bfc1daacf6ccf6e5c39e8b46d7c716d0a30946560b07260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e3c91ab88c6b1db30131187860b87a31

SHA1
2c130ee4733e88b3ffe3e597a83afce358c8662e

SHA256
ce72f501bd52c77145420d886bb0e4685f9a69c9f1a0d33226b4acd807bf4bb6

SHA512
e6ea608582ae8e04d50b66f4cf4a742be80581ad0a80f84d56ebed22bec82d5a3331a2dabf0becde1c27af2fa1f40d4ca11feba170ef4d89bdaa18aac56c371c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1e43a755330139567988f4a37400e704

SHA1
76be7b7756a97aa76ff25698372f4c840be106fd

SHA256
480129a4d18afb259464746744b1d0b6acad184b6865652b8e2ac14666973c5b

SHA512
272d5ce309dbefdc59e78e7854327d8eb8def7ccc028e9a9668bee8e997cc31771e078bb1c3e825b648382a68f408561335025b097b7b2c8f12029ba689ae57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ed4db30d072a5810002a25e67f21b8c8

SHA1
b7fa2f38c4ca4244b2dc7983641e62d39302f225

SHA256
7bb8516c9b42debbc897a5fb64e14b5674cb873bc558fd50e6bfe2b2a95378bb

SHA512
8bb8fd72a6ab60e8146dca76fefe75ae0e3462317731c5e871013aaf0ad9357d0466a9c3bed157018f769370dd9bfbf6c4885f51682318c5e441ed09ab1c4810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
6c2778207209ea0cc0d956183d1cbba8

SHA1
94db5a6c6489d8e0f33a1f1bfa2f0db578c16675

SHA256
c07a926a1c2d4fe654aac88fa83f615f4e518902bba14ad08b59ff99847ca7ed

SHA512
a19cbfb5b3ddce100b5577d79cfe6f72897dab2d5a5e7c7e9ee60f87a8d518701764a33058e15709c52e78ec6fb93c0eb1ce955727ffac999026b1579892ad51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5e4605ea6bfaf28aef5e825f8eef47cb

SHA1
b06a6eeb0a92dc0685c611a9d73bcd9cfaf52f84

SHA256
8a0a86b22262a14554a3e6337dcdded9ca3f33baa0228bbfe754514c63f46ac7

SHA512
3b0585adf6503670e4e07633f816788839894971386e2b0c0c34f8588a74f5861930df58c8f216dd2281e94524e1eeb6e60fc39219dc9a5a79dc59d9db072216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
74def91a787808f4775b50d969884829

SHA1
eea0e4dfd6cf6f3c5110c8497cc14d70cc0cc370

SHA256
ab37aaf3e94fafd3c84707a2eda9c119ee34e4071914818a245f25a7515618bb

SHA512
43ab737a65e97577e1e21a3a34fd1a4c675e89002415cde867e2204c0423aefd991e5d8da30e622bb8e5ad541692cbd07b7ee62937c8e24f0c745e135df335fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b74370c9a24031daacd8fc83b48de4cd

SHA1
00874e96f70ad9d9fa682ca501b41eb0809d1cb6

SHA256
8525b497e11fa120251a51a72829bb2e016a63ec27f2f0295e373ccc123204d5

SHA512
6fb6c5c61170fa38a2e8bd3c833439f6fc58e98ee9b3a479194bd0102f13d2e8076ba5aa654a8873c9bebcb7444ee62c8c1124f6e0e6fe4416ac7eccb70dbf28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
71ade6757262e670c5df080fa025e9ac

SHA1
f18882bdca46b187926f1f3e2329cf7edc13bf8c

SHA256
3051a8b8a34c3e87900e505234aed9deb85d371f4e9047b7b7542022f0879ac0

SHA512
80059b8145cf75ee661cc6edd8d0a6acd5a3d00fec0e5303b44394d99f046b67db13398f44b2edecbf7d68616548ae50ed7ef1e87fe024298f4816ee752b6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
256be8415c62dca55a01d097e5d6aa59

SHA1
7479f89b61fe17606b95c180f695c8561cc72171

SHA256
8f317e620522d3f30d91d92a429979e17fd422fe42b76239fcfefded4ab49ab4

SHA512
b44a2458caf6463b5c8dd0bd6c84ef7bf5bb1d98afef5cbb9c06a9e0cdeba62bfce70d7485d429882ab1177b349a51bd1e1d6e54002d998090dbac4f24044094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9c15b98c5aa5cfb896863ba6f698746f

SHA1
5b3a077c8c41d95866dff3f91f424f8858341510

SHA256
3d0c8bd970357ffffab901f416881bd4f25f839e0bbf8e0fd02f453c2a6db608

SHA512
eb17d4dd26994cdea132e3f479bd93f0a567359dfdaf59699059678c4248a77cdd3b73b4fce084db61ccfe4e20586b998446b36109e46634d0bbdf4e8953180f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
55a32e5d2aeaa79f67b0cc7667c10406

SHA1
6d998aef28d0ea54d12c8ea142ba3786e869570f

SHA256
5d5827cde3a931223d2e8cefdd4466e507dbbe555b39c63df996c23a3c8748ff

SHA512
1261c2df955f6aff06ac8893cd3681842f333e566ea4f25c08f2fe099021f46361fc85320f0d60a3a066c217074a7b72f72aad8bc9e9df42c7df5ebd1868f7c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
904cf1487b72d3712a0c83c2c9d29e94

SHA1
801d9d71df5e74362f3f6348ac6e4cf29515acff

SHA256
c28c7d8c38f25a81584bfe5265f40d7441066d0cabb02785db1190719091909e

SHA512
7a4e858492dbc6d5b0821e9f9d9fd6ac5c76ddc049d011b01b73f3bee0b0ff8d6fe5ea702cd8e32bdc5e36e15c1a2c5668727ba779be62bf425b3d2e6e11f748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
288f6ce3e4b6dcda6afafd3b9b099ee8

SHA1
f43aff909117a007f5691120c7a9613496ed61ed

SHA256
0b30f6987f132f2e2cefdee2eb59333300c549688a4ffa18066f668805582c04

SHA512
fcf26b2eb975254aeb3fddaabe1cfcfbfeb640a22183f7e12dcdea6cec59dcad8ccf864ece9f7c37c4f028e8a5432b007f4e7535818e40bbfd2c2ad60f2a106b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5ce967effcd610eb30bc0022e4bbe6d6

SHA1
7f27ea7cea6dd780d68c9fcb7c17f48c4f6ef2a9

SHA256
7b1934d8de6d145ecb38b594de2024f9cfc27ab1ee620015f74dd0aa6db785b4

SHA512
5dca96c9e2a7c8eef4cdc3ff4cdf521652d14670e2dd0103f6b51176b24d423e7462c81113626059f01e6b4dccad47f6ad16c19d27cdcc08f797fcd635f14d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
debbb3c04f752abb10f3d54cc18f4370

SHA1
0f34b9fdde9919ab4416d59e94c8fc33ec9c63b1

SHA256
5368a2709c604576998173519262617bd12f4c9d6d37d7796d5a12e79de85fbc

SHA512
193bc8d3f905c40cddb4f0387361ea52e7d37853fd552531c64129622330af536bb367e966c05e316936a78d7d6a546fab0ad161929583504d2b465a6bb9135d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9dd2987a57884fdee944fb639bcf4a88

SHA1
9b55d36fc3b0483209b1f19eba83f8fc85b8a9d4

SHA256
44329083e6c72de85e14fb74d81a07d5da69857e362c5625cb7d34e6851f37ef

SHA512
e603a0780ce625c5effbca4789c29825796fa5c505cbe01b258b0a3885df1e082686fa3336bab731c72e88f2ea22448e3ae2e822b227328cc90719ce070435f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
855219f9f43a65413d48ab02dbdff385

SHA1
449af05916af9019fc8f14586e86de534a63a3a1

SHA256
d0293da3aaddeef6d5161bd158b26f1d76cd3220c11c0218f12808bdeba8eeb0

SHA512
c1facd514dbc6fe956805739556a81d16671282362ee70f2a1912d4d09978acc1ceaab2d90196c056a85a4594d79ac3dc681748e723ca63fe0ebe054ae956a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e0061ef5437ccc8658345f095c21d41

SHA1
c5cd13cf4509ab18b2df39aef37fc693cff0e4b7

SHA256
69ba86e7411a5bc0b1b66fe114923aed214327b69c998f7bc7d7ccc664c2ea22

SHA512
9e3df761ebbc1b09c495e8241bb53170bab16f80a9b36e432defbf8a0150b51a7a51db83f3576a298b6bc0e401b94b7c9ab25e77579cae626d3662978e85be07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9cbfce6bd1354724cbec9f31712a0441

SHA1
2c1b44dabb84f249ba6c65638535b393555b6112

SHA256
29d8f56fab56115b08d6b6c6c6d9fa0efa60508443598e5d385f7e059cc575f8

SHA512
6c2958a6e69e5f7bc7536d096342db56f2f1c33c4185eb15690b5d9902bbac4c015a2eca1cec7e7b1d0be4419dfeaab0778c91bce1613d139e998e6e058343de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ffd25e69c99f142853804bdc6f681383

SHA1
eeeee3962229d577ce7bdd8ef53f997cfc897385

SHA256
dc18f425ce6fae499c21db78cf0c38400a4920c4a5556466b81a00491998937b

SHA512
1ec8325f6a7bfe152014c0fb087c4c5c3bffe0b394d325d692ec1dd87287fdee138fda2c611d312724dcf543fee52b47590e88c1303d30df964c6829fe10c8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e2578a86f392c93529dfaba568e3cd2c

SHA1
b07bc74ac38a9143623dcfa807cfbf806544dc46

SHA256
4695ad35cae97e7c25f5a4267d9480c9e0e4873cd039483872c33ffc1a1d8022

SHA512
2de75a6e1dd0ad6d83565530cdcdf60d058c1e2657be8b7e4826e177d120686a00bec72406e66535c73b7afbc3c693e2d6f9eec892fa55e8a18afad60d2ffdac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19d088b02adc4fa85d18d7c96a0b6ccb

SHA1
643d69b765b5856b902999fafcdb60b6c10134ed

SHA256
4c57b93fb76733a10a97689af6f6dfdb285ab43351832decf6897028f8daae12

SHA512
f1694a49b9d029b5f110fba34dd4b8ccc217dd2d0429cc05a5ef9fc99f88256ee0d154a0bad12409a28cb65c38f9d52e1b24c6303dd684ce4fad046079e30bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e634054215dc5c8584d497189f113dea

SHA1
00770035c7143eb70b764f578792021e0fd83952

SHA256
ae843af375689a3abfd876b3fb09e1bd8a7ef7915a5db2d3122c5828de9a0140

SHA512
5019cdefabbc0aae0fcb75f3984aa84b8f65bf434e367fb32d537a70fc09336a2dc506ae8689ec0014988e38cd21e86e6abbc12b17e96877adf05224eebaebe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
dfdad09e4eec11c6ddd7e43c40c55d7d

SHA1
39cd1ed5fe980b45e0e685198d6b566080c740b6

SHA256
566d035ebc842a026adb6f2c30c34bd7f75ff5436712f090cc4b95d4e15f0b2c

SHA512
346c276544cad1e29c2aa952e703a5ecff42d961c714952678e4bdfd0b1ef9e6f6526523e56ae143bd5f7aa4d9156bf65cc05ed92d3c61e83d0d93da53c56fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9bc647b8cf06c8d9dcdf756b7c461649

SHA1
2c9832dc0665a1fe80a98859a832207b14cfb86c

SHA256
578a6aa14371b6817d08d440acdef63eb67dc0b2761e658d77be38ae213e7d0d

SHA512
14741ee52abdd3c1454f3430350fb783779e1684214591abfcd45d8eb155e15690cd06db913c1f363e7957659158d497e99e336d2258c2ef367033a8d0d5eafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f9d4f855c9837a99c2e2045d74c5efc

SHA1
364b72b787753512be188610ba2a8a8ae1e0e16b

SHA256
2288751fee970fd046c4f486acd4ea92d19ce73d47f1fcb6df96424be3a2989d

SHA512
8d2fee8f826432a92a9f04f0e2c1fd4493ee938277cdccffb35363c703ae44513c7423ec2b6db2d9552174282501b4095bb94691da02402647768d85021d11c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ce054a4b9abea4d2a877ce937f78814

SHA1
1b4c43f80009d01cbae9550cdbb01d2b13a1cbe6

SHA256
b1475d7ecd2c99ef83f9cf1e0912dead65d0f0ae3450d9d006177f86b5c567ad

SHA512
d83f57ce6c31449773f9df0397315e8de67f163a3ba800e08f405af223602976da4de25595faf7438d51b832c49520508c572a16b7b45078c429cc666dc192eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
207b82de8c2ddb710310ec9f4a004a3d

SHA1
40ead508f985084528ddab95a702901c3058f01b

SHA256
ca2e52bc9f098ffa489239f420329e210815fb58b1e912640239b4a9ce0f9c20

SHA512
88ed6bbdb13a54f7ed515545f95e59f1f3b91ce4e1c8bc9effe47f1a7eb4882a3d3d44e0c7fccbdace0988b066d5a513d1e25b98e6bc2ca050be9c134fcb27cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\3c329d28-8964-452f-8d69-0dc6dffec334\index-dir\the-real-index

Filesize
11KB

MD5
27fb687a569b51acb452f4f26b9bcbd5

SHA1
488714dc4fea37e3251de88d9baf0c0fa0ce117f

SHA256
091ee0603c583c79b898bb32326b72195850fde05435653a3baf54c325ef0fa8

SHA512
c7e059d57739cef9c21f20e0eb5df8cb2094307cf6eabcfe782b8e51058650956b79d33bcdf1af420a019f1e1ce52d4da915c40ab51c4aab2fd3d4fd173e7527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\3c329d28-8964-452f-8d69-0dc6dffec334\index-dir\the-real-index~RFe63a55d.TMP

Filesize
48B

MD5
ac2d40069ddc5fac95447bbd9fce2c1a

SHA1
6b32f994452ecad591c2c45aefa290a3cd9e2feb

SHA256
5db52944ddd11d96b2fb0b071fc0180ec46f876d9442d16e271a38901a419271

SHA512
84608ce0a6305792659eb93e39ab7568aa7dee47d3a00c8e9a2dfd8542a32192134155a41f7e69f3827f5c6e1b4dcf349669da422612a0654b3f026fbd44dffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
93B

MD5
5bf37cf96e427b998129de3ed2c204ff

SHA1
badd60f8a991ea9e879ebaf6cc53f78006ab7c7a

SHA256
390f959c2e084a4726baf147a642b96914689547b17ba330045ce42673f909c0

SHA512
232b626f8200863b23705e410340083a202523d655b1f0cc6d3b4d4ae232c6994e7cb2c89e3a9a58c45159179acd2f4289aa5aa22c3d6141054a338925ec45f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
89B

MD5
9e3298006dec3a081887d86eb527a0ef

SHA1
05376560feabebf6954ec6b89d46168c5ef2afaf

SHA256
8e1e53003a4f951cab8819c4009c7a73c875f0a9217b3c23bce98a82931af777

SHA512
344409d05a9e3692e5dc15b3d721ac7fb144cf890515229f513c15addc9782a0a38468aa05799a80dc247ea7358285ab5ffad4af205865439f0a41d3c47e609a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
363dafce559a07ae1d4495e5a57df212

SHA1
4cafb45c644e5178547f58691f05183cce5d41ae

SHA256
9d78ed5486fcd523680787e8361e91b959f143fd1233159fd85563db3518f57e

SHA512
282d49905a3a80448c115536550d89d377f335308e3b4b167847a11631ffc0b68936671063bbb56785972dc75b30cfb81bb1d5468647e476a192387458b6e193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe632e78.TMP

Filesize
48B

MD5
c59a1b7d0439a3dd0cf30eb57fd8e170

SHA1
96c55119436c463bb654e494b00001cd2854f4cb

SHA256
e0fcd2a7c853aa0547339c497c270d4d96036e25f790281e8dd4d7ff864a1c35

SHA512
b08ba6e37f44d3292eb8e179a1d42a3eca18a7a6c8569c17344ee1bb8c4521489dd0c9cfd70bd0db0936d27ceaf9740d715b7b3c9dc7127f7176b65e8ecd3399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fc30cdc8b1be6bca9f1f3ba5481fe909

SHA1
29b7c90b47f2e91b7c609a52fbb558c48a59b174

SHA256
d3c02d2f6fcee43bdfe5c259167014b4e1116b6eee73b8a7af9ae90100fda6c9

SHA512
6326c6176dc8eeea8a19e6c328c3ca37a3f218b7f63efefb7002cdd5936611b0aeab8fe73a8e32d5d3b85cd94dfcc854f2c71f9207e7af1220e457cf9aa6ba78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9eed7fc341730d1f870bca0bce39a7ff

SHA1
ddd20acb0ebddc25276d781399ceb6c2d03d980f

SHA256
465000ac9ea8658e81f931e3091bd8b027d6db4a98b32e063d86b4e1760e237c

SHA512
1576f06c2cb5e384b76c92b214e84d77eb409caaca7337b3db6218225096d4485cdadd2ee0dc5fc482eac9375168e56f8c78c2b23a73047c0e0c678f78c36678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ec39229cf84c7ecb985c557ad0978003

SHA1
a8e66cb9380a795cb6f505a736ef740db2368f01

SHA256
9af62a1f8daaa0e55bb0cc54212532313afc83920669cde0be55e7033840eb61

SHA512
ff6ea7e254a7e504ab55b0ebb7f5549c0e6b79a3a397a33c7e9a1817d093f29312acc643d49e01208880a87a1eb1bfe252b9dbbcffaf389434a9c803a0dfffba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
815bba0d42f52756dd1c5e797e14b456

SHA1
f5461233798e0d43fb59c448e81b38f7771662d1

SHA256
cd5d2b11c3429fb7ba7063cd24784e23e7b4fa1662b0d93ab6d04cc0f932354f

SHA512
0a2c16f064c5ee8c8a8822020c9ba1f146c913a58372aa31893e49ab4c4a8e533deda5132a78dc8d329e7286a6c06eeaae2d4eb52bd7ed4daa72564944939b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
fec714fa9212fc44ce48b1c619bff942

SHA1
f8f16bc1f7fab1226978ea571c6c425d0d27c3e0

SHA256
5e2c5744e657b4ea022c6c24150a0695dab980d016825af253caa400e0a949ed

SHA512
dcec62abea075ea05c680c39d3f2f666f756cc59056a0990ea0fc306d9b5b89824c08239ad6ac247ab22f875ee26ef11e008511d926e1b24bc9fe6929a2b491b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1704f68472090e3b9c45625a6cd159d3

SHA1
fd5e46249e349389d7497402bb964ff35ddd8c86

SHA256
f4b52597999cdf9ac78273b33f338f106ce7a372fec580d21f90e12f835a0e42

SHA512
c4aedc0486b1877dc083a731eff05f0a83c5e4ec1abb2d16198df655fc91b7cfc6bbb582ac2b06efb064123598edc115f32e6ea942ecc75359e92c20af739f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
b4f979b3ae6a597c98f6a39180768fdf

SHA1
a4cde1634271fafdcbe0452539774f735c4ab1ec

SHA256
0c4eb38e46a44206f93f7567edd610ec98292d86c25da4b6d18f8fdadf9bb84a

SHA512
d2474a1e3a246da8e0801e3f570ee4b55d9e2eaa5e6951dc77b60280b4c51726029ca5f6a1537c6fefe71220b9ca2660d6126d6ed61dfe053f5c5c762ddee450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7506fe59f48793fa496a23afd0a0389d

SHA1
fce841c95780b42a240f5466671402403bb76ea1

SHA256
f79a35b30e8bb54c6a7640bebc90d8965749e51f05bec9a208c098b9e038672e

SHA512
793171aa6d149dd05d76c67a202bb93812ae866cfdd1a2f8c2852cd7a269059d96a8f8c4e7d5160c15775e2f12055f8a6d105c1f23930a8ffeaa600f2255e2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5a4e6c11fb6d210071b05196f57e24f9

SHA1
277dcc69f879ce51103e35bd7781cfe2783d48ae

SHA256
b2313f132de92076d9c67004f53588d1b15531651a3ddf12048a48ebcc0c0dba

SHA512
5ee637dc73e7e71a598d723a8c5502dbb3340542fbba50712dc18deebf553d03511cc0de385e3c6c21e944d6a614142dca272d2a3ceef89f4f0a76bfe2bcaf3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a0d4a5a6611cd1b716090a30356b25cd

SHA1
35d5bfcf7ffe407011f74fb7032146f9a460478f

SHA256
b838453e761484d68df07a5fe559438eca542c670680b3dd9b0a0736ee8995e7

SHA512
61d5eeafa5228e8ccd16595722547ea005583162b6d0c82091d09d6ef0798e595f5754731d54a04e21aa24145055f421e21c7668f5ff51cfbeaae8a77a4655d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
fa0dbbeeacafe8d1b888d18c9cfce090

SHA1
0c1e754f524e6e29c6a9bf8308576455d81e2512

SHA256
da9c5fe8e97b37fe04ed6d6c0d1339674fa8639c315a3d6755942741bc6e838e

SHA512
cf0bb2ea76bd2a697f3f72d63f0779fd8db21c1dcdda274bdb753e16931deecfd1f4ba4d16765a3750cd6f1704070132646f06d0d832f89dabc382edb2c689fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
1072adfbc026467fc0217bc980233d5e

SHA1
c05933a8c4c560826ae304a438b6b8ab4cfe8cc3

SHA256
6ee0bc32cf0c7045452fa8248538a573293cb80839de0a4eb4b56c03d2fd36ec

SHA512
67f59cbeaad05215827b67575ea4fb9d6757c5dd1165660df4c78920a8ab4ebf7fa242e2885ff30217cf33bb22071348930ea74a87ee637b47ef38324258f48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
47c03b303b707f72b3379ee615e8f812

SHA1
65edf4dd5a148134210b35f61742f0144715ec16

SHA256
0320f84f5fa1e0fbde74015a0bff7f6fc1fae06851783f97ce8d8e40a0eb43f4

SHA512
806b1e289778b78957921fbb44f95153115e5e1beaeeb7ddb0e7464118afb8090254de84111cac3a5c0f0d78280555446e8141b0c241d138dbc5b9c5730d34db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
240d002ac64137be99ebfa7986320fd5

SHA1
4b52815f0a7b4603039f5fe6fd58a19869144b9c

SHA256
9df871569276ceb1ae48fece34a3c50e43bb2046229dbb7e9acd69be449154ed

SHA512
e619b127bce7d86adf9c777c68a34332153c8224627193f4e343bf6100799ad690285233f8feb459f990fd4d91749be558379291d8c0703ef3f750040e88fccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
efec812a4acca1f58f4ece3193be76b5

SHA1
dc25fd521611db5821259a9746877849ba06357e

SHA256
37f983ee3dd0ae7e78163a1445b966254ca29194ceb3f2514adcd04b6ab0b04b

SHA512
a2abb8b1c7404c930315f539cec18c2a83820f113b63cb3393f28e0b4f95ad3410bd11d9e2592f4b30d5a2ebd1883e60c63e38de4e6aa2481f756a764e161c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
925f3ddf5b175725fda0fbeb9a66753c

SHA1
3907eac9af835ae13d09ee05e6b5b3da6dbf8cf3

SHA256
69df7356333af7161f12840b76daee8094716058b94504f9e2ffd95baa0dc474

SHA512
dcdd57952e0ec556ab4c60d7be45ec73703a1bb41dc4bdac3d5abeca7428f264d71d6bb3321a47a4bd1a5a11b48fd02feab9b53a9be493859202b79f4e875908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
44aee68186c178e1286ad242cf3ed13c

SHA1
877c21fdc00cba0a54bbd187b6e03f53a1f7192b

SHA256
c2edfc30dd695be01d7546d52f2c79bb42a43af5827e5998f70fbdcdef0e4e37

SHA512
2b86703b819e0044712f37dc79d7fcac86a8bd3892452bc5bb55c6d180513416857e8961b9df784288d9eebbecc5bdf01d5b3c7380f134e00f9deef88f55eccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cbb578e531f1f5dbb3ca81aa343e6a84

SHA1
a7fbb72486a90d5c63735f4c2e2160a4064cfecc

SHA256
77fcaee82131f07c699fd196b1c9460751731274204bcd03ce10e11821fe345e

SHA512
17ff0ee8ac6e31949805570f6d650ff9c02ede8ec890bd3e50f906303a74152e39e568eb4a3fa464755a0bf8febd3e6d542d38fce260b36f039a5157793454b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5fff3c17f3302b5205335c5eb7ad6b5b

SHA1
517f84749f1fe74156c412b3c516e63766ca0973

SHA256
b12a6567d10c3ed675cb2671ed0819fba92a923f5fc952264f06f132d22837e2

SHA512
9df8dde3fef1b143c4aa14cbca6fc6507840ea2bd0f9376bb8cc284ec34f85959b2f8f6a7ae8241794af573e0bebd007d629eededbff6ed83e243711a7e13987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589edb.TMP

Filesize
871B

MD5
2c0fb9b8cb980e7c14a9183af264b5a5

SHA1
2ef6a4288b67ba6dd189506c7d5ad0d7a921adaf

SHA256
16e4916ac91d2f7138ff31b41056b613530dcc61d79e261dcc4a4a491e263c2b

SHA512
094f89634cbb4149111afa91ef221df1268708e2326a67c0dfdfeb1bf4ffaa7ac51e8537183ce9394662f09e7a9d7209a89edf6873933a24ce2c502bef3052d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
623776e512d8f7d1ee2cd2bfc476bd86

SHA1
61f7a7d1f3c9ffca12948f7bd3eae0f62bc2e31b

SHA256
d46bc51925e27df66228748e12272c2bd651a2cf14a5d6b31b57a6e368776af3

SHA512
8116fef6c4d4a5c1cbcf10e46c31c4c65446b1cda154bea93936621061fe3062d643690766f0128bb2e4b612ffef19d42afd0722cd5be2b538140b14e1262afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5681da3bc62f6c1ffbe63bf154d3dcd6

SHA1
c0a1099e7bb14634160c2a6acbf1c0669ddd41d0

SHA256
4976609d68d433f47e5f35e847efd7b3f067f3f14bda49302d3a6d1102734e7a

SHA512
572e2ccd89cada0684e16f897d28dc74b8604bdf28f3749818200fba3bc729428901513526d6e9f2ffa2a61e8e7fee9967c5509f9fdb7d3f57df2525d0bfddd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd10dc072621b1939aa949bee8303ece

SHA1
10d16cd070669d875d82793df2d277fc81dc8660

SHA256
9c9e4939f5ca36db35351f11a1141f6e9dc49aeb87de58468e4d25357125a51a

SHA512
60f646d0e75fa2bb842cbe871a3615c15a553d26a64ae819970c37a61c29e3f9de11dd4e2bd79d1f3e78bb4748f749dc937eaa8a98c29ea1adc45b8933ac5798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
693814ed7a8dfd9f57434dcc4051f434

SHA1
87608850f752592af74356967d3810eac842ab1a

SHA256
2f9c2139d5ab5b44c54c30b68a61218cd4cc8344c1e19f8a52957ee7d015ccce

SHA512
a6785cac7f91927ec92aec78e6c9a53119729577c9d07ebebb3b3697371381f612df26955ce88986f8485df27d0c0fd0cb92b14402114af4ac42f833b554bcf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
862ef1ce158aa0dc70a8257d1dce33d9

SHA1
f7b7c14aca2cfa7c6423453692c5630f93735881

SHA256
3496bf2360a33db01fe9f9e8b01fb9f0d916f403ba9865f4ef90090eb16f1948

SHA512
28476900033e2bdce134825f5907936557597fed67af95b6af44b40a03ef306c2faf6c33db46ac7e23266bbbd5c71371756d73395d83a5d73077275d348cf5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a191ffe309566fcdf393ffa4718b9700

SHA1
ea5843fe23ad65f0fe8895fdba4b61c1ce1705ac

SHA256
7e50990885e53dc4d73d90c3ddee5fe720162a3ffe03c3c76eb5d49e6d284cdb

SHA512
fff766bd1747dbee9a775ebdd9092e2e88eee7a957267608015ddff9f775f099e34f10f73f73e612b9b7e2af3e19437400ec9e172e7781a212f962f975e6ece9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vo8scey3.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
13d71fc36af88f5be3134979f8138a05

SHA1
73024bf129fb5d80f2a7eb194349229b5148978d

SHA256
81c5579cd138a7a7d75a9526c06c6e7a13bff8f8456fcec439d319987fc220bc

SHA512
0da895d7f803f8f192cc5fb5c37cf8859f958b2cbc4bf171b25d94fa057dc61b52d6de56b4bcfb1220f913592002423edab905c6a3c165862464588445f7fde4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vo8scey3.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\b82e20dd-d5a4-4093-9acd-b2cb27a0e274.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
71a6b59e08e25451e52675c842fae23c

SHA1
565a97673954a9209c7a05fba20b89d10b88025f

SHA256
5b96212d3d1347b76c8c1c64b2f7ef981242bedd3b84b766b543d56dbbf8dbd6

SHA512
5cc98eb2aa02e2e69165170451d89dd880893e6b07440bb84fbab6cf92cb558bd58c2235d8d64ff43d380c5e9869827800d310ee67950bb21b498d89fbb5aab3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
ef4d9165f280b4d556f349f896b81ce9

SHA1
ddfe1709a292d9900687d4fe0b4c8b2429d848a3

SHA256
8add12630f4210146f1c0f543e34f61810eadbb6759b6eb3a6303337155c9cb2

SHA512
e8b2c08605f8c3c9eaf0a8f905e65829ea2ff4e0d45c79f171ff685e80fc74e4f7858b4975fac8ebfd4dc3b21a14fe571e446889d4022400e84d8193053152ac

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SettingsCache.txt

Filesize
846KB

MD5
766f5efd9efca73b6dfd0fb3d648639f

SHA1
71928a29c3affb9715d92542ef4cf3472e7931fe

SHA256
9111e9a5093f97e15510bf3d3dc36fd4a736981215f79540454ce86893993fdc

SHA512
1d4bb423d9cc9037f6974a389ff304e5b9fbd4bfd013a09d4ceeff3fd2a87ad81fe84b2ee880023984978391daf11540f353d391f35a4236b241ccced13a3434

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry

Filesize
780B

MD5
383a85eab6ecda319bfddd82416fc6c2

SHA1
2a9324e1d02c3e41582bf5370043d8afeb02ba6f

SHA256
079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21

SHA512
c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_italian.wnry

Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_japanese.wnry

Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_korean.wnry

Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_latvian.wnry

Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_norwegian.wnry

Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_polish.wnry

Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_portuguese.wnry

Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_romanian.wnry

Filesize
50KB

MD5
313e0ececd24f4fa1504118a11bc7986

SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_russian.wnry

Filesize
46KB

MD5
452615db2336d60af7e2057481e4cab5

SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_slovak.wnry

Filesize
40KB

MD5
c911aba4ab1da6c28cf86338ab2ab6cc

SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0

SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_spanish.wnry

Filesize
36KB

MD5
8d61648d34cba8ae9d1e2a219019add1

SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2

SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_swedish.wnry

Filesize
37KB

MD5
c7a19984eb9f37198652eaf2fd1ee25c

SHA1
06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

SHA256
146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

SHA512
43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
8546b61422b5d1f8467497b0cac2543b

SHA1
d725ff262c96ee9c98e8fe2780903e3f5e77841f

SHA256
3e334a79d89354e0afe723cbab123406faf0b88182e148f4df06c1ff9bfc1046

SHA512
993b8ad814a558b4de8ce19b0205c6618eb58c9d6e086da796c4bbc134be536f6cc39ae483ca2c5ba12e792e0f0d7f17442404b9e1d8fd96a88503cfe9bd9e26

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
f8d0bc0d257e7acd39521ba4f132e0d8

SHA1
284dfe6427ac9d5f976fff2a62d170bf3872e9a9

SHA256
668f9cea52bec4bcff95d902696145b9a47fc96de8caf6a61578da1c0b566ae0

SHA512
8874fb085fc666dc9f514ffc43e033f2d670d1d0bbbbf1c20f829cc5e9eb728108ee450fb2f8c148adff2585bf52bc2753e530dab64a2e92da98c3063ffccb37

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
a9d20b07a2b6575174e4e34eca39715e

SHA1
883569125d14e6a56292da75f7e0f3e87907858b

SHA256
b8ae648ebafff1818a13d4afe74338c1dfe9ead521c6d30bca78365b1bd15e26

SHA512
658ce8765c0a86a2f59c3f4fced57061a18dd975063a9a198dfb3ba5ae194d700ba6673045e162dbcef067514aae66bb7d2aa91f405b8d07354b749fbed2f9f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\AlternateServices.bin

Filesize
6KB

MD5
43a018bdf5ec39f88b3252562c7782ec

SHA1
e9030156e9b6ec2f73abaf4331c80576870016e1

SHA256
cbd909bae13e114db71785c6ae861b9f824307613249f8f38f348768adc9f56a

SHA512
36c068fb149af1a2a1b273ec554c5ca776dd4d121b7d164a35feefd1d887e75fc08b014ec83b18b6a197991157a82c76ea2ffbc38931194398e18c241fb22bd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\AlternateServices.bin

Filesize
8KB

MD5
b4ea32b6d62903c99263b01f8d7d099c

SHA1
d0819e97bafa5a07f7ca27c68a2e5885f6a61e0c

SHA256
623b0ba91da6c951ca4c74da17211ce78d7c27b3deae196f8b9d1048421f7828

SHA512
11f687d6771c66d57943ae91c19e53f998e74430a4840f8328464a927d5b7d78df80355237d8019f982802a99f8a947f46551180ac08b7999d8eb0bec2aa6177

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
26KB

MD5
7890c8be044763724515928c7253b4a1

SHA1
406a25f526a0b6d928d2b6ffbeecb2402a4d3d88

SHA256
48dc6cfcdef799cbe932b933175496f58b1ff64f88e8a273cf2739f9ae8f3852

SHA512
26ddd68b8bed610da1b1087216fcbe2a15ac40f7ee93f3381240e2f98098c5692ca2041d2d4138f85b6076079bf7eb9ee1a208bd0d7d7311b99a5f422c833a41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
33af1be7abed37e1850c71baec14679b

SHA1
0e357a6c7444a5ff9b58dfadf78675e9f24500b7

SHA256
5f8fc53ab000341b7d21c060039296b29cd9f309f707e61dcaf7ad1534f62a5b

SHA512
2c754c9267cef71537bf0a43699b41cb2e3fcd0743fbdf8b0b6278e21a4110be981214a1dd2de7e7a484356f0d16307a98c5f43a2ad574cb2555f17f0d7fce28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
22383525879561342a63c120817ffc9b

SHA1
2081b105b8a7c053e2f66d82dffecd2130c557f0

SHA256
08edef3afd7acff068a0e18db448127a0600137f82b238b3e3e6222225d9301c

SHA512
c37db9985c45ca991b4521db5864c2f58eede51d54a4bb1e49fb6c7b8b189aba2acdd0b77b59bff98508afc652b065df21b76b7f95c865216d84df05d529083c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\pending_pings\17bd21ff-e0b7-459e-a626-c5a34247d004

Filesize
982B

MD5
189a8579a57f5f9d3233cd1b29ba3c5b

SHA1
e43eeb98599c94ffbe2f966a469baf287293a105

SHA256
98b3dd55d060b1e9109d53d22083ad9b1c5b0bdf131751bf5fdad24e96811f09

SHA512
901925bd9dc9545ff2bd4653afea04b92fcde7c7c8aebd8fee564d2712405eddb0c100ab94483189c02f4afef88e9530fce9177af55ea3ace4bbb0b0d008fc45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\pending_pings\85f0b666-b084-45c4-b5de-eb79c2f0a57f

Filesize
25KB

MD5
cacedb7fc09645ceac9879d72de67784

SHA1
2dc0babc2e28e6bbc49f7a5edf24c1e53fb50172

SHA256
1cb831034a1b9e4643452397e9f786f7593e8d094fd6acd249f9eb7ade9324cb

SHA512
00af9b616b5d2bfeada2cc69d3b97c30431eba91e212cb3c42dff6c64f9449bc2b97cc1141f0953f876e0b2ac25faf363eedb4584df4f002de6136c479da6862

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\pending_pings\af964173-7548-4fc2-a928-0116957095f6

Filesize
671B

MD5
439bf31872bfdcaaebee0de2c17ba3d0

SHA1
51b58fba127d3ef01cc0932c8878b94bff696722

SHA256
2b7afca5d41398968c658b93940a3b80aa47d1ce74a735d97e6e0314335d85e7

SHA512
42797c7d8beaed7639c5a97b4366bf4c4edc12078498962149107eba5f31d910a515a88688acbec00a8d0d26ddab579b5a29776e84f397ffdf101b21bf0566b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\prefs-1.js

Filesize
11KB

MD5
433def94562ebbc115bf365afcf7d2e2

SHA1
8e230665d3b07f52be28fb874f4be5e67baaf4e6

SHA256
70bbbfaf48cf0fb7e5e6fe98f407c210dac1838385ab56f66e373fd1e1d0a6ec

SHA512
a2922c3f94a04c4c329421bd98bcfa18c772c806e113a92d012cd00ebf6c7a4bd2e654ee1887474b1655e12cf334f8a2f92102e7f6e9021062f5c2025689d7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\prefs.js

Filesize
10KB

MD5
25e47011546c8b38abb3941ad51dc2f7

SHA1
6808ee5c334fb4ad348a6816713f027ff2496351

SHA256
2b841a04ba296339b23d1bf4c2d0c82dc86721c929a6373a6d0d1c0f85a33fce

SHA512
2b4d9b7166481f558c08928d84dad6450018ec2ee2c778459b8c0f00186ecd1a8d4b3090bc8066efacdf79fc357b9daca25219dfe8aaf6b1f1c3415a9a4523f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
2f10935514318a60ac3fd6ee9024c332

SHA1
c446399e794ce24b89091c54d4f31161c31bf706

SHA256
51646e61b477f95d5d795754bd90eb184ad62550deb82b7aa9922d3d64490951

SHA512
19a7fa200d33a6e6198710fba5389aba248e8df319160a7a630e291ebb346fb33aeab2eb7a556a9fb63afe94709726890511ada802a957e3f0f998c31b853d9b

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
20.6MB

MD5
883613ac6baa86e0d2f247336bc3afb5

SHA1
1b1f916d9ffdc2088daf3e9b402d2fae79a5d2fa

SHA256
390a21ca74a56cd7fbe1149a5fe1956a922b942d50dd1991dfc4c8c03fce486c

SHA512
6713e45d46a2289f169af5cd80e32b3f6be734942707037014ff4f6ec0169e0e53a9fd0510bacb9663aa376ae4bf22f977939b2c23cd02d9caaa8fdaeb44bd91

Download Submit
C:\Users\Admin\Downloads\Ransomware-Samples-main.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Ransomware-Samples-main\Ransomware-Samples-main\@[email protected]

Filesize
1KB

MD5
c95c8b19bb8510252d97d339a88e0b37

SHA1
d2c85b29d308772577a33f6487f44be3ad04de88

SHA256
257d71bf803dc1e91c2a2790481065432f4de2c968a61e669869b9afd36b0982

SHA512
753256559fece8efdc7e04362f8540650f50e9d793a7d73a7e29a7b47ede76e2e5daced5e6bd8ca9bc95826f695dec72e8ee922122840dc516ff68e422609799

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 921954.crdownload

Filesize
15.1MB

MD5
5a71fddd6b48215f4950ea80802e8ffe

SHA1
011df59169894512015bf302d338c506d1e6cd7f

SHA256
5fa4cbe0983a59dddd8a58c33a5cebcc0742c24f59c08f1cf78deebca0672697

SHA512
2cd0698ad20620cc8c2d94cb5eaf2ab2ae7ef599f426bf91cd1c2b3387dd2c9be362eff53ecc9cc969cba798405e618728966f7a903f42cbd0098f7b8327ee4b

Download Submit
memory/5408-2333-0x00007FFEEE250000-0x00007FFEEE2B7000-memory.dmp

Filesize
412KB

Download
memory/5408-2335-0x00007FFEEE1B0000-0x00007FFEEE1C1000-memory.dmp

Filesize
68KB

Download
memory/5408-2336-0x00007FFEEE150000-0x00007FFEEE1A7000-memory.dmp

Filesize
348KB

Download
memory/5408-2328-0x00007FFEEE350000-0x00007FFEEF400000-memory.dmp

Filesize
16.7MB

Download
memory/5408-2334-0x00007FFEEE1D0000-0x00007FFEEE24C000-memory.dmp

Filesize
496KB

Download
memory/5408-2337-0x00007FFEEE120000-0x00007FFEEE148000-memory.dmp

Filesize
160KB

Download
memory/5408-2332-0x00007FFEEE2C0000-0x00007FFEEE2F0000-memory.dmp

Filesize
192KB

Download
memory/5408-2331-0x00007FFEEE2F0000-0x00007FFEEE308000-memory.dmp

Filesize
96KB

Download
memory/5408-2325-0x00007FFEEF440000-0x00007FFEEF451000-memory.dmp

Filesize
68KB

Download
memory/5408-2330-0x00007FFEEE310000-0x00007FFEEE321000-memory.dmp

Filesize
68KB

Download
memory/5408-2326-0x00007FFEEF420000-0x00007FFEEF431000-memory.dmp

Filesize
68KB

Download
memory/5408-2327-0x00007FFEEF400000-0x00007FFEEF411000-memory.dmp

Filesize
68KB

Download
memory/5408-2329-0x00007FFEEE330000-0x00007FFEEE34B000-memory.dmp

Filesize
108KB

Download
memory/5408-2324-0x00007FFEEF460000-0x00007FFEEF478000-memory.dmp

Filesize
96KB

Download
memory/5408-2323-0x00007FFEEF480000-0x00007FFEEF4A1000-memory.dmp

Filesize
132KB

Download
memory/5408-2322-0x00007FFEEF4B0000-0x00007FFEEF4F1000-memory.dmp

Filesize
260KB

Download
memory/5408-2308-0x00007FFEEF730000-0x00007FFEEF9E6000-memory.dmp

Filesize
2.7MB

Download
memory/5408-2315-0x00007FFEEF500000-0x00007FFEEF70B000-memory.dmp

Filesize
2.0MB

Download
memory/5408-2313-0x00007FFEF2230000-0x00007FFEF224D000-memory.dmp

Filesize
116KB

Download
memory/5408-2314-0x00007FFEEF710000-0x00007FFEEF721000-memory.dmp

Filesize
68KB

Download
memory/5408-2307-0x00007FFEF9E80000-0x00007FFEF9EB4000-memory.dmp

Filesize
208KB

Download
memory/5408-2306-0x00007FF716190000-0x00007FF716288000-memory.dmp

Filesize
992KB

Download
memory/5408-2312-0x00007FFEF2250000-0x00007FFEF2267000-memory.dmp

Filesize
92KB

Download
memory/5408-2311-0x00007FFEF2510000-0x00007FFEF2521000-memory.dmp

Filesize
68KB

Download
memory/5408-2310-0x00007FFF041A0000-0x00007FFF041B7000-memory.dmp

Filesize
92KB

Download
memory/5408-2309-0x00007FFF04B00000-0x00007FFF04B18000-memory.dmp

Filesize
96KB

Download
memory/5408-2383-0x00007FFEEF730000-0x00007FFEEF9E6000-memory.dmp

Filesize
2.7MB

Download
memory/5408-2397-0x00007FFEEE350000-0x00007FFEEF400000-memory.dmp

Filesize
16.7MB

Download