wannacry | hxxp://google[.]com

Analysis

max time kernel
519s
max time network
517s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08-12-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDEEFF.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDEF06.tmp	WannaCry.EXE

Executes dropped EXE 34 IoCs

pid	Process
6112	taskdl.exe
5728	@[email protected]
1504	@[email protected]
6052	taskhsvc.exe
2316	taskdl.exe
396	@[email protected]
5372	taskse.exe
5648	taskdl.exe
4984	@[email protected]
5604	taskse.exe
5964	taskse.exe
5972	@[email protected]
1112	taskdl.exe
4180	taskse.exe
852	@[email protected]
1368	taskdl.exe
4640	taskse.exe
5332	@[email protected]
3388	taskdl.exe
1440	taskse.exe
3144	@[email protected]
968	taskdl.exe
4416	taskse.exe
3008	@[email protected]
5712	taskdl.exe
4780	taskse.exe
1144	@[email protected]
852	taskdl.exe
4828	@[email protected]
3576	taskse.exe
2780	@[email protected]
604	taskdl.exe
1232	taskse.exe
5312	@[email protected]

Loads dropped DLL 8 IoCs

pid	Process
6052	taskhsvc.exe
6052	taskhsvc.exe
6052	taskhsvc.exe
6052	taskhsvc.exe
6052	taskhsvc.exe
6052	taskhsvc.exe
6052	taskhsvc.exe
6052	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5892	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\djngtpfvszyb324 = "\"C:\\Users\\Admin\\Downloads\\WannaCry-main\\WannaCry-main\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
93	camo.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 45 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133781543654450975"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
4040	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WannaCry-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5412	vlc.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
2000	msedge.exe
2000	msedge.exe
2608	chrome.exe
2608	chrome.exe
5028	msedge.exe
5028	msedge.exe
2564	msedge.exe
2564	msedge.exe
3356	identity_helper.exe
3356	identity_helper.exe
684	msedge.exe
684	msedge.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
6016	msedge.exe
6016	msedge.exe
5600	msedge.exe
5600	msedge.exe
5600	msedge.exe
5600	msedge.exe
6052	taskhsvc.exe
6052	taskhsvc.exe
6052	taskhsvc.exe
6052	taskhsvc.exe
6052	taskhsvc.exe
6052	taskhsvc.exe
6024	chrome.exe
6024	chrome.exe
3896	chrome.exe
3896	chrome.exe
5532	chrome.exe
5532	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5412	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
6024	chrome.exe
6024	chrome.exe
6024	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
6024	chrome.exe
6024	chrome.exe
6024	chrome.exe
6024	chrome.exe
6024	chrome.exe
6024	chrome.exe
6024	chrome.exe
6024	chrome.exe
6024	chrome.exe
6024	chrome.exe
6024	chrome.exe
6024	chrome.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe
5412	vlc.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
1504	@[email protected]
5728	@[email protected]
5728	@[email protected]
1504	@[email protected]
396	@[email protected]
396	@[email protected]
4984	@[email protected]
5412	vlc.exe
5972	@[email protected]
852	@[email protected]
5332	@[email protected]
3144	@[email protected]
3008	@[email protected]
1144	@[email protected]
4828	@[email protected]
2780	@[email protected]
5312	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1924	2000	msedge.exe	77
PID 2000 wrote to memory of 1924	2000	msedge.exe	77
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 3320	2000	msedge.exe	78
PID 2000 wrote to memory of 4460	2000	msedge.exe	79
PID 2000 wrote to memory of 4460	2000	msedge.exe	79
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80
PID 2000 wrote to memory of 756	2000	msedge.exe	80

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5888	attrib.exe
5812	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ffd48b93cb8,0x7ffd48b93cc8,0x7ffd48b93cd8
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,5957321330229350155,18383968904704535790,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,5957321330229350155,18383968904704535790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,5957321330229350155,18383968904704535790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5957321330229350155,18383968904704535790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5957321330229350155,18383968904704535790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5957321330229350155,18383968904704535790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5957321330229350155,18383968904704535790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5957321330229350155,18383968904704535790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,5957321330229350155,18383968904704535790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd43accc40,0x7ffd43accc4c,0x7ffd43accc58
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1664,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:3
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5092,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5112,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5368,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:2
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5284,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4932,i,4944758709665669730,14359066945814723506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3404

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffd48b93cb8,0x7ffd48b93cc8,0x7ffd48b93cd8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
  2⤵
  PID:196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,15097320873980095386,13776675680437624372,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1496

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5164

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:5672
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:5888
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:5892
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6112
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 54281733680966.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3064
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2092
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:5812
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5728
- - C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:6052
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1456
- - C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1504
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:5876
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5772
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2316
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5372
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:396
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "djngtpfvszyb324" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\tasksche.exe\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1296
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "djngtpfvszyb324" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:4040
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5648
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5604
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4984
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5964
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5972
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1112
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4180
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:852
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1368
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4640
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5332
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3388
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1440
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3144
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:968
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4416
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3008
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5712
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4780
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1144
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:852
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3576
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2780
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:604
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1232
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5312

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ffd43accc40,0x7ffd43accc4c,0x7ffd43accc58
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,10939065342793430280,7653065903964822167,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,10939065342793430280,7653065903964822167,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,10939065342793430280,7653065903964822167,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,10939065342793430280,7653065903964822167,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,10939065342793430280,7653065903964822167,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4348,i,10939065342793430280,7653065903964822167,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:1780

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1108

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PopOut.M2TS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5412

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@[email protected]
1⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd43accc40,0x7ffd43accc4c,0x7ffd43accc58
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1736,i,14878801048562384166,3975385151652494272,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,14878801048562384166,3975385151652494272,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2096,i,14878801048562384166,3975385151652494272,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,14878801048562384166,3975385151652494272,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3348,i,14878801048562384166,3975385151652494272,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,14878801048562384166,3975385151652494272,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:5296

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5972

C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd43accc40,0x7ffd43accc4c,0x7ffd43accc58
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,1271909432180213347,10450179275380234305,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1752,i,1271909432180213347,10450179275380234305,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=1884 /prefetch:3
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,1271909432180213347,10450179275380234305,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,1271909432180213347,10450179275380234305,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,1271909432180213347,10450179275380234305,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3564,i,1271909432180213347,10450179275380234305,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,1271909432180213347,10450179275380234305,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,1271909432180213347,10450179275380234305,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4672,i,1271909432180213347,10450179275380234305,262144 --variations-seed-version=20241206-115553.776000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:5324

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4372

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2168

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\AppV\Setup\@[email protected]

Filesize
813B

MD5
88baa809e0acf962078fe566ff02444d

SHA1
ed129138d9920052a20e013a4efea098279a676b

SHA256
0dd912ee7fe7c6e1dd329abf61e803cb0a864ff8a562088b651605b45fc09f94

SHA512
c2828683b01b81d71edd48485251f929ba61db8514e89c7778a8a89d3dc324c89584ca8ed60271189e94a3119704e497e34f89929695efc68b37eb41d2cec763

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
063a70c56c872342bb34d646b997ad7f

SHA1
57ba2bf64c76fdae2fa1b8f5f69239ddb39331f9

SHA256
c2d22be07eaf720a45f0d118c4676a6402ef7e4e60f64b88ea38d2e9854e24e1

SHA512
28c3854e631425fdec1d81c1eeb1b744925f380a2bab584432ca86e5bd3e28f37b9906311bfb5385411506598f3c3fca063e9321bf02949137a5e216c6240344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0817a286-fdf7-4ffc-be8b-abdccd5784f8.tmp

Filesize
15KB

MD5
de921f5a1503ed6b238bcd69350b6801

SHA1
ad43463547aaf5385e032482d324adb43394e1c0

SHA256
75b256bae2cd58c8ec5e98ee8d2ffe2a05ba93c1a8b8c9393976e3af716eab96

SHA512
c908727e4b309143a785b07ae70fc4ad90a0928a5a03f2aa4a5f4f02deb7a0c729aa9ea847ffcd68f5aa605166d86fe1a0c00bf4ac63ef015e1fcc7f06349a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5cd0afadfacae08dc167843b7a7ab01f

SHA1
2b9a7e88a7dfd81ce2bc8f9c7b720523bc0e2ebc

SHA256
dbd9b1fa577edab5432a23dc750e5ecd6497d4a07fb0ed8bd063313ce8d9d56f

SHA512
9608d14eb500f29035deaaba7e8a649e946245d2956894297283d98f05454ed42d78c24ed1ccac441fa67768a084f1cf37d5a482b17059b68a0ce8c1a89786a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
11531a66ce4b3fad4383fc39db562c74

SHA1
f808fc5ede681f694526b41a17d576ea39a15fef

SHA256
c34674a0928e90058c16bdd9dd845751d7dc6d5140bfe2be9c29af284128df8b

SHA512
3860e2b694e6e8b46fea1be152aa2e2bd220ea35a15f7d015992c147a523d4adf1290791e3f7a1ab5e0149bf7ffaaeee8901018345be0a4fbaab86951040fb20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e230b3a4c53b478d8205ac0f50a7489a

SHA1
2b516b96a528615e45ac70c0e064b849005a5bf7

SHA256
494eb1d0d44bfd506ccf28e230eb1df3028d7e6c7d862504baaad7b19d1ea4b5

SHA512
3fbbd6e5aeed285638d23157a6cfcdb73f310ef8619e5c3ad6b01df58a441a1dc02368c1c22fbedbbd8a3cbcfbd698420fa28c0a3d8d0a3fe3943454f0a46ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
31194c63d85ec7a31147fdbc7f973c6c

SHA1
3e5c03f8b303384875bfb5a7f6aa2abf866e631c

SHA256
06f80a273edb8ffe0c200d10cef9f7479da44321218e465b744633887d5b8811

SHA512
812803ff3b27205f25b2a01fc5fa8463dd17676050d3bc4624b07ccbe38d6b3908025af3ebeabafa435b3c468aba8834af861863ddcd375f754eec9829bba47a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
491eebaa5150d18a133ac1ca9566e473

SHA1
886156f7a1d6c77e9b419899231aab457b206686

SHA256
5146d44f3cbb31f27c4c12c9554324820ff1eeaac4f74ea1869e8ad97fddef03

SHA512
69f89e87c0528dff2e9aed0150ae3b7ce034725b58709440ce9ab7a76a2626c2bc83b011cbaa871d818da457561186d275fabdff4c95597fc765e2219c062bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e27c4bbcd51cdfbf824ac609dd26cd16

SHA1
f454ea39156c5ce2ad5910d1615e5a8a18fc3cf7

SHA256
9eea1bd10d8a0524836793d4504d9b29ad086fed13285a01293b6d964a2b4215

SHA512
33547d45e84fa5f913ee8e6cf59fabb6d6a237be8b8da918db2b475c35a712decd29a832f9bf039e7e46a22d7c7d61fe103b6b32071ba5c0151d1ac1c8b9cb71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
f4aa300ac8a0b1cd1622c97fa7c9c616

SHA1
679d54862a122fbb3fcf07a1074c5d757d95ea08

SHA256
bb0f340b3838b4730dc26c395302850ecaedd1454220da3e4db34dd8ce853cbd

SHA512
1f68be3474184889daccc830b201c138dc8f9daf3afb92444cf828f0a937a47974826914b107522fbbc8edc1a5cfaccda8b16ee8956d9704b7cb45f431e68683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
17447900c20f626a13e6f4a517f1ef21

SHA1
8d8e7988c7145b6e472476f4bf5d7b23bb63c688

SHA256
50e6473172547626db7ae52638ad7d3cbe69bcdac0d1a2bae8f49e149192e48d

SHA512
43cd07e350a89118102ae553b32ea609ce9c19a77e9f72a5e2ef461960e46745db758d37f66ff88ac235c5945be5e6cc99a8415c628461b15424f6ab36426652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0e584d578a6c1289bb9910b04ebd513e

SHA1
217fb93e8213e9016f2fcb2d16a1c1e7bdd4a578

SHA256
b4397c78bef98b9d39b2e55400be4245daf3abc23273a6dd1528d35e5c0deee9

SHA512
29a727f7fd2ae3ef81f0ff9b8fc45060ab4d6052f8fc7438457894b35b4c654a4f17ba32f6a27c9a7835b80a5f9eb81c2701bfbc083c1b59cf36b5153468af83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
78e906612557c953eaff0d6d3a2bd806

SHA1
19c3dc5551d5ff17ba4ad57b7a325e465925f1ff

SHA256
58d080335efff03ee9d8525da64fcea323422f32dc3430ae40b687e455f66d22

SHA512
3b6d4ade6f2fe41b103116f60a7ea78318f74a2d57187dbf8e19698c9f54a1b3afbe11c6013e26556c3adc86fab5656346978e56767c6b7adbdab2b6a18e2445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
70a6b1e19abc45f24e124b61948c2b06

SHA1
092f11be100df5682794a54fc1f04581a55e88a3

SHA256
4bcb170265907fb79bd7a73040d17e8efe11c66804d6a7becf978d14d5818a0a

SHA512
867c5c8e2effc6145d40063ebe69fe246d0773be030233beb0bf947e2b35344cb23d1f7e7cfa07c1cf67aa9f8c5d79a9e1c997a17ee389b05fda671b87997a77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8a799a554ab7e85973bee3d964d8461e

SHA1
8cf63ef292d5e98eee3c74b5bae514c28bf74068

SHA256
16335591718332a983528f59403d392b0d5500d6a9331bfce83200a529530ad9

SHA512
b9bb25223593724e899dbe52a3aab4026fa196ada20a65276d59ace0255804da17a0a8b63f8a0757d200376d74588d72b5d559a5058f4351079bd73e3dc85265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
95d0f824925b2158ce4a487a0cfafb24

SHA1
1ea7b275b65e7e651e7a48ef08a1bee43249fd19

SHA256
cdabdfe30b9628294a5b06b3702991cda2ee23388fb898a36b5ae1d6f04e2c51

SHA512
362a3b4b5854638fdfff049b922e1c043344f540fdde1c65bb79767e123f8294b1c25add1f28cd9134ca6e875cac7550caf54deeff83a4f9fdffdf93d007496d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
60324f074ea70557aac72e4329cb8bce

SHA1
fd53bac9b5c6960cb4af95d1eb88eecb1793de0f

SHA256
850c12359d1235580814d13e1463ab0d3d4c1333809816ef8828122e4e0d9004

SHA512
137321fcf3ba0219930fbfc0b269918ba9df22348ebbb318851dec4f39e6ab94431226016717d1f30e67c0d5a55cf62e1532512654c61a8321a38fa7a6a07387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3e0daac4c230f9b412562554757132e1

SHA1
4ffa63e044489fdb6e48c7923a53856f533ba1c1

SHA256
f694a77be5ede090a0f4fa5af0c653c731ecb11e2bf96cd3668e4ec779760259

SHA512
26f28b010cca4d2894dabcc200a130a89fec238ec0eac4fd45340b076aa15d5e142b758d9c36cd9c46ed6f45a9d914044299b8b1ed37336ae2a498ddbbba8640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1bff78e70e45fbcc5aadbe0943b5d014

SHA1
99b7deb6625d25b9c0da8aa68f1c79f7d2311348

SHA256
ccdacc65fe873c8ec3b3cb5df1f3365081d4e7a5c8669bab7a07f3cdfa68629f

SHA512
14d0f0b2981cad0af98aeb83716f5c22baf7cbe3432a0e5a66a497d5cfaf832b769ca269661abcf389fb6a3ff33a4636ac6c8760ff2c3dd9fe9ad364d8d3b24d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1248a95e75cad65b42ee686d10532122

SHA1
46370ccc9b3e52bb9e4ae87b68a81d13b705d2e4

SHA256
9b982d3d7c88d27e7cbbdda88c6a38c67a758000548b6f8d2d4e5f6db8f2473f

SHA512
a0c9cb924ba0a313d6e26543674c0041b735bb153cec6ef1ae56a0bcb253b4c6789f7a4cfc98b7b7c6eb436d2478f0973beff0e4b66213c1898f3999d9070a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f2769c068f84fc5cd8a474a3da5d89b4

SHA1
6c49e84c86a99942e95da0662e3c5bdc732bf112

SHA256
196fb96eed171018094aa82c9d2da6d3f1d65da291f17db44bff4eb1ae9d6c42

SHA512
5b434f35378a1bf0cb4daa11eda0940d81537f58b0f0598e1b6831265c7ff918744608a33083d4ecd094af43bdd518f4b2155812d7d4d32bcb31a6bc4244bab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c8fb0286a4cd705e0011705a5ba26827

SHA1
276807b78ac69b8cbd876e33aab32c09a14395d1

SHA256
324bf214610f9ec90896e131f2953d27787980a8a5cda6c09b694e0aca007fff

SHA512
d096e0e2bb6ca308853a6e207327cef4d34e210e6b4477c7f93b02d8c6820b264ee61c41ba71fb2ed31f3c6fa905959d3d0ccc66b95112fa223750175224112c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd42442b17b307add7ec84bf3cdd1942

SHA1
fb797082075fe784da6e8521a31761def20a705b

SHA256
b1e6cfb53046063d54d3dc0f21667f695f3895abaec4647f7a73c909c6201bfe

SHA512
381ab8f19b2761ac3ddb81d55afcbd1214ec74afa8d811702d61ee844472b0f0f180ac7d0e5f57988be2ced7efdb10dd7d2cbe3c06d8d9eb4269efea193f8ab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6df21f498c442d66bf500b693e7a731d

SHA1
3e8c5cffb21be386eb9f4ad45e9ac6019d60450d

SHA256
ec6230420412a905d29eeb6cdee0a72723447d0c202449f228e0c4e7ebeada59

SHA512
8c88122e10699ded7c7cba6d777147fbbc1016cc180b7428c523e3b47b2e04cb572145c7bcef11a7a44b67cb358f216e57cd780538a26f91ba59360c05512988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5de497ee4b1ceff40862666ace1041d5

SHA1
1e3790de0afc9dd2d5275a666507c50b2afc5d4a

SHA256
27bccd6eced50e3e9274152370b8347f5560dcc66430f2c54a3ae4ef969e0c31

SHA512
c9e00ef00879ee236e20b0cd64f2b47cab7962de4af58150e669b5b92a131efaa6c021dca697dc9b52ca86937a498b142b801aa403b37250c376136d124ebb44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54eb63924eadde546a72b4560f242484

SHA1
31fc6b0ac18bc6c4277ef7247223d27e9bc83f32

SHA256
952ab4fece5c9407b09708a144d8b55dc5239007d8c42dcc4ddbf495309071c4

SHA512
74d524e9f37b77d7fddeffff3a8338b6af4a78a2a5eb88aafa8f5d985f892158428ba3c1944e36c66cc2cbdddc2176ddce3ba3085fabc7c04792e7eb22d1582c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
956144ceb49b5e0c4286a6d415c829d8

SHA1
7d89685bd1a9f6966d7f7f75efbfca87bacb2961

SHA256
e8ef2c3fbc1a4de4f3a3f38eafbacb7d44063a1a69cf437584f8ec63de786233

SHA512
5c1359cc3199da7c2c658455a26557f6a05749dcf032b7c0351fc3b51c9d5ff1d1a5ccc2ccb2ef454393a3f290c48887f462ad63147e069a57d5e188d75cdac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f582ad61f53f06f9e193dcd8a4c2d50e

SHA1
460f5a103c4d80dbaf522fe0654b7bdad13a19aa

SHA256
ec641ac35c6a5c02a99f42181a6dbed57d280b911eeeb638185197510da22536

SHA512
f7d2f7146a2f2ad7bbf8a6b3bd41982a2b24ee0af6bf53d3060af802181413161ca016d227f12b7c40c7d6bb89a62c9844030fc7898582c57d0b3c2e816ea534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
158a6e9489f4cfbe16d98c2305ce995e

SHA1
0ce6008bf5010728999561418de255d9e5edb5a1

SHA256
507dfe342c232fb2d2cc723cda7cbd5bf9b7ec2750bc5bcb3ecd505f31b6de15

SHA512
84b8c8327aaf7c1d74a3ff155a5726725ab8aa35811fc03adbdccba99f02395d79cd9839ff6a2c6be5bf9c687023d646086ec117417dcc14d3ce8eae9b6cca42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0c6be8fe5a0c99f7e8850fb0f8f68b95

SHA1
f548527f9430fddc506c466cdf1f8f2c9696fb6a

SHA256
2f2f6bd9cac4bc02aacc51f80eff116be34ee0518f9c251b9ff24688efd41313

SHA512
2e9d1ee63a0dee0bc3a44fcbc0514e18ec1444a56b552de9a350815551c1c44f6e791a409095539a4a28b99e9c631e109c313c609bcd6239f47c2766d3fc9d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ddc4198f55f8fa66896476806f387fd

SHA1
751a9b4345079b77bc5397e6da050b24329f0746

SHA256
79e0ca6a84204956af565aba0bf701d5508218e3ecc8746e1a2f094558a87980

SHA512
da37cc80d0cc05925b12ae0e7f4f91a7e010f925f37adb19e137d672f1399591126d907c4990becabc4139eeca43f593e7b665413ad88ae9c946ac1c426f4cff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5cffc7611124f95a77f308a1815e290d

SHA1
7d4866eb00ca1b9a4ffc75f716e9bd00533edd8d

SHA256
96be6a3b02d92c544d659cddd1f490cfdb126d9f2548393d0e404fcce92ee896

SHA512
f8f47a5b83fb02bfd8c7b55c78011c1419f055b2b50d1ecedccdd6bef782b09b3bc89fd7d1924e281281ca2f8f6896963dc56c68b0ebb0c4366203ecae9091fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a3c30d30c10899b69d3d1301ca47bb0

SHA1
42638f0f2269ddadc288bae3bb80681109d74016

SHA256
a0d8f1d20e60cc9882162f9c5f9a5a13202f0f8986a7a6bd38e9bad1e77967db

SHA512
afabc45286a618f1b3114e1c1a694c6c3ae6198e8564e714b929f04b990cc244ef7a32ea6347be093acda1df963488df1c77543f44f7891a2e79a7ffb9d84dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd32604216d260bd2ce2a47209f44ba9

SHA1
8d951ae1ab43d881f3a89e2e4642910404fd3836

SHA256
3150b672eb422dc66b8a85df0f6cdcc66c34c78f38dfb3fc13872af8ef55663d

SHA512
d145e4a52c50a3c085cd64ae1ef09a7683f1d1f222d0a1324d2766b8cbeca0c8fd915159a34906612f94547bd12326abc50b7c877fbb39b8fa8cd18a27c4491a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54a6b8920299e2e915d65a002a8e2d82

SHA1
3f81d04ae1a5db07838a6bb0fd05743994f83f2a

SHA256
11394c29e85078840e4378f77542cb06e426ac882451f82584c8f0eacbdf5295

SHA512
c543bdd38cfd55a0e63ffc259970b595fbd942c1e4433511425d76a5bddeafaed9ce8950b5ad24145b0eaa6ce00f327c4d253b491291df4fa4045b14b12d7674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c109071c90095b35a6f536335378d526

SHA1
6408147c73c77cd6d6d80955d705154e95fb02bf

SHA256
f980cf62d6760df0a09507c7ee75fef40e119995c625b4b987aca65622f939e6

SHA512
ad8ff29f16d6a578c7c7f4d28b410157babe78d8c138f8b1392eec1bfbbb95b1e5fde87f3f8ea5005bd4bc5e725f966d013dbf5357022f171422098289e687e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1913e98b40f579a923acabc943b932eb

SHA1
4fddd3ff4601afabef6f9419306c62b5bee12d5d

SHA256
7b99fdff426a7e82067e0b423132433e7cf81aab54a7164a28214807d0c9753d

SHA512
17180b8fff990e72c4eaa4b518a48ddfa01fc63dd70378bd20852130916d07d0db410886108ee492adc45521f4b43bead7e69075b51f1c40756621e4698c337b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a23457e0cf74a340d9e9093569603d6

SHA1
e51d0fb2dde9a70f403bcbbed9169b7de35ca287

SHA256
ae032eeb70fdd1bcda1b2b6d5d2110f73e895b1a5eb75f8b7cb5d6c33087bfd9

SHA512
0c0777a781d501639031464f6b551c18165d9b3f7f60993505f75cf24298b65763e65d23ba59c704d43be21c8963c9b6feee7fd9348a027a8449329669f6ca0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07e7062aafc711607d92f7c170ee5308

SHA1
630af063df994e9c6e72f3859875a61bb3910877

SHA256
076b062abacb0adbd604b4b02e2cb7e0c8fefb9028395189f73d1124b882839a

SHA512
59e55fff4104a19d32e8e107198c1fe91b09ae2ade098712cddd227943e6f5bf2bb260b4dd90c723e8c5f677934fd19404ab97bd3ee12e816b4c74dabb66b2fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6435d5aec36c076773967e611e32bc32

SHA1
98882c46435e6b01807f09584e6a0c66339c6898

SHA256
c22479b0b6cbae712735aa25467842d36259997ca609bc5a23dd95f553e8d2d5

SHA512
3bad087fdd688e80d55058e3391534329c234d5369573fc62ee621eb02bb28477aac47b5862fb44f0b7516bc0a51f77c24aec8f966b001e133aa1c822af6ce08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88955b76e2967f8868b85ff200183ae9

SHA1
fb49aa004625bf84d836e3290cab63d325d9d06a

SHA256
bf66d53a3e5fdfb18e9406796c84499c69ebc853a9f19b96ae1c48238c9381a3

SHA512
e90034b3ed5b00ee700e2345f564c01eadfeb2ac09c4275c80e6b2b2f3c625f4208c366ee9848db843d10bfd76e28057c01e3a281e522e035513e898732ca67a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4935acbefa0a23711a9eef5f30235116

SHA1
af2d7e4f36446a08ca08eec40dcd812d1e71112c

SHA256
c90d92c3ec0a17d50cb31fa5b90f5e58f84e21529d38ae569cefe09e90847aa1

SHA512
c6df4ea3ccf7140964edb3b8e4168216b6a039badb151c34c6199e9c30fca88f8981e01ae98d0f9adbae42f8413a184822ad73b93f03a1b99eb153250767661d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
01103c347e40bf7b10f1033a9198a26b

SHA1
e405c007751a8ccc75f3b30cf26625333df98658

SHA256
469f4e303139d6b0d4dc7936c35a79c6bc3780bedf46f274a4220f036a65b73a

SHA512
03f8d9203d8fd395d4afe0f9d13017f518d1359bbe17dd7f91101bc64512da06b032521b6993e4e09cd739a0555a6973813d892eed3dbe5d307ef415d4a9c7e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
8a0cac04b2f60658333a4d53ea677e13

SHA1
afa2ca0eb5f087857073fca60858e771cc8beec3

SHA256
ec293dd25fb84b2994f170aec221585dea0c468a94800e41a0643f0baa6bfe4e

SHA512
405eaaf2ff0387d9d6d10ebc95d421e9936186429e1572b851499797acb291ba716b941bbda2f8267da004c9e62df18286851c034cc0e22745bb5203f8a9d558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
7bbe33c79f2cbe76f102f01d129f9ff5

SHA1
5eaf97d670cc0871fd882ba51999afc16e520a9a

SHA256
5ca26919adfeb9d6c825bed021f555a7530f9b5687b3e8855950f02b7cbb5d48

SHA512
f32e3ab13e7fbe089d6a2528fb807dd8806e910944ca3c1ed6e5073109c49dc2d90d497220ecd0dd4114af84db8a94cccbb2bf7fac7dd03b96da6691c6bbc816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
f73caa05684aa21918ff807f52f84901

SHA1
6dcf88dc28c352385dffe55979adc32071549e56

SHA256
b0a6c40e6137fbdaba2d3f69f9b047c515d39ed543e50d3e306f639514a809cb

SHA512
08f2ce57fb9d7001ae21189f9d50e730274458495e4fb6e880914e8740538274421227d187e443a036346f1bd4bbc9affb2b8bb4609720719065d2161f62f798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
3fbb689c0d9b0f2f72a2871e052546d6

SHA1
0ade8ef44acb46d2fa68a21828bf68f846af733e

SHA256
1eec7e5ff5589f2b67bc45a6c94f489b8a4e6b54c874be13364c5d7f2feca44a

SHA512
afaa9c7e548e50fdaf0720868d48f310995cd61e6cb05f897a98ab0dc2a2eec45d722a2fd064f37657f20adecba60a2c6cfb2cda6161f8819121ee5787ace724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
9ab80fcaa1909f7d5a7705711e7312d9

SHA1
69268eed4843504daf935d86d7e5cd5b00c26c2e

SHA256
bf4f84cf74841e1a207b841dbcdbacf28e1f1c2f847012b16f353e7d66ccc9ed

SHA512
ad7b72bf1b07d0e9ff8973c3e31348edaaefbcbe919119e94eedb629d9cb706500d9d18fe83f85f043901f50e2743aa4bf0dc0f29a35fe11e762fac9a0800575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
80d10c9e56b8fdc060496e2ed3b2a516

SHA1
0bcbc36550e4cb8c0c6de9ada9ca9ec2668c818b

SHA256
263d79f69e004914dfe58d1b29246abe02c93868aa0112bb177d2ce996442da8

SHA512
28127d934ed8f6d5dff78b1b03f58a4d486759e7ec3b6cefc2f8ca165dba29867b744b39653de79d19b04fd3aa2fab7e42e66542c91bf366009e5cd42fd9aad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
450d54092980504183c3636f8ba9f538

SHA1
09926dcd9490c698ea876e861f686e73566e13e2

SHA256
c4b574102718cc32f66b07084cfefddb9cd27bd9f2cba1cbb6aebcc9e88ecd47

SHA512
c46bc3b216ffcfcb616b78c730cdaac110e6c3b567c37f54a2a4cb06d968a67edbe7c2f01f7325883fc9cd0a386cf08dc37e9dd14575e2df42662df782737d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b172cc71b659c3aaebf10521b5a88564

SHA1
8be2e14be7ff6f8a04bb5b0ac48eb83344ac6362

SHA256
87edc6c0de4897c62e3bcc81076b11d3727542e92a3c582c0e7ca528fc5e3721

SHA512
f062106390974ed4524c1d1f23210203bcc29d5df161aa200c80e6795e0b471638d00f2310ed9195f72db675a943a34753dd5f4af84e643ecf35139effb79fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
582a6adcd746179259aa2ff6f82b987a

SHA1
625f0e04ddd0715fb1c82bd5245156ac7d0cf135

SHA256
1db27399a207f1bb20bf8fc320d7811826e7537b24c7fdb5c8b3a8f943aceb49

SHA512
a4c1d6853cd74f5ea0e49dd9f4d70a0355d57d1304f74f990efb9e854c90fca6e5d42866b8715a6637b26fd95d881faa733992a6741990b641a21faf0f2deaca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1384a49c-3070-4b4f-a1e9-21961864f743.tmp

Filesize
5KB

MD5
5e390ca4fc041fea043885ac406c5b03

SHA1
32924675e1347f4b60d95ca71d3446691c833cd7

SHA256
f611fbc20409e2bb29c0c2042edd97606176b5df88caee865cf0aa3ce86ef990

SHA512
4dbb6c6ee8be96caf42bfaf7c1303be21df7c827389c18c677198db8954784a7d4ebc5a075de8c4614efe8e5c330b128b9cb2636584eb600d7cf7042b3f76f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
f9457e7a3c0cb730a8529725a53aa121

SHA1
b6c50faa9c4c38270b04793940c9ffe482500c19

SHA256
13a2ece7d3567b9a0017c6d7a3b58a35f037e58650f0be87c4726ee4b5608857

SHA512
6076a9d8bd9ee9b88fae1109a63fa76ee570f06a2ce8c5886b446a2114b6d50d14e1b96890760cc2bb23d4e50c736afddf9580ec14ebe854bde987fd114189eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
8c740bd18d4d89dcd6d46637610c7a04

SHA1
9d95e8e57d4704572a2aa4d542d12a5927b2f561

SHA256
209b99fbf6bdcaa74fa377b3f132076d2d9d8f3c85cc0cf0c75b3b87ba8a2723

SHA512
1785a442c5c6d38b8563b5f17d5a4afbaf900129c5d20cd026390a3f9a5534be1908595e03cc3a633f404e827022234cdf5df1fee083f392fdbb69533322498f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
6237c9feaae4c71a360dc1a5545ca593

SHA1
00f5a557db47a9b1c6ba99e84acba9352a25ecd2

SHA256
fd3b0bc8ca43d2af7bfc13e4254d29c0c5a2bb1c740e52efa3f8b7b79ef873be

SHA512
1f9e874ed940665135f6219d16c11eef3daec605e12cfb8f5103d8c5a1f5e4013a3bd285c23288a74bd099a9be429272ed69bcaf0347a937c7a5babb1327e6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
27d9344de055e50044e074ec3b54231d

SHA1
d07ff356acb90c9d4fa1c1e3e48188b1a2eeaf8d

SHA256
d5c1eb2d4d0a13aa42ee68f03218ae01f420003f64f572b77cbff7d61edff388

SHA512
ad045b2f4e6d58e43de1e26a1d5c0a46d912b65caed68ac4bc07f0c26223c5a9927a74ccc8956e074ee74db6e7b05415f3baa3634a714f3048278982bcddf26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
21KB

MD5
fa23c89e733ae17f31193ecb7b564d2f

SHA1
e5729fe008f1d09890ad1f610f35969dcbc808d2

SHA256
d07a72f7e8f078454889aa10a127a0b0a761f12cf6f8ddb5d7003c08f4a7a9ed

SHA512
b0e34eb088ddd2776ee314ea21390d20ee0a6e7d5e6f58744cbf0fa2c59bd57420b88377ef7da69328aef3a18a5442a7fd203d5e334a235e74e7f12cf7a3e7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
58d022073bd26dcc2028a1b2aaebf7de

SHA1
11d81e17130d1cd032d15b30a318293d07c2e757

SHA256
3d9f61345a71afc1d5f5c60146f75133ab8dc86323581156b58bcf1647554aad

SHA512
e318ecdd38ace021ce7c2532e425b9d512a3526d0acbca5eddf23da52ed894333c2ad6a7382a90e56609ba7fa85fee3def3f15fcb10a3d9fe084bc8222c710c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d07dc3a67fdc3b2_0

Filesize
8KB

MD5
1ffcf4b39c567e565e7284d98d0fde59

SHA1
068dd54f4a72d553827e35405a8a02b1f0e94bf7

SHA256
6f56cc7ad749f2b3ed5d36e42342abeb93cd418151025f01c4b4adf9363a3401

SHA512
2c7e1e5d52512fffee4984e6547ebc5e19bd6a54d295edf8bfdb4ca86ad7212bd12b619847428041bfb366ac6bd03134275466e0d67a81c156376446375bcae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

Filesize
2KB

MD5
7906829770bbc2fbe4d62e2ed72ba62d

SHA1
87064f4b77c14397e05d1e76758a329525eb169a

SHA256
d9cbc17d7aa21df08fdc631c9ce37beebfa49c8de2b14eb9cefb2c8696e12638

SHA512
31f903e360aafb20cb3f25aeadd7d8a98e0145d24cb03ebea9beb0626ee261731508a3604b6a30c6d8bed4e19a7ff904074fe9edde44c5468010a3b1ca5852cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
4ae61bcbd2028b6b29c1b00f359ff03a

SHA1
6a2cec56afde151fa3ad6625ff19092ffef202f0

SHA256
5f5313580b8b915eca6f7e2120eb98d8653f72dc6095ef24e8663894ff402d47

SHA512
b786c9269f0c8b009afdef69d8340ffe850d5306533f6baf09243d7bf84b4cd5b3e90828455ac710b25cd736467bd8418a04b4d4a118c7fab64346498214e903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5600e9520956cce412b33308c1e81ff4

SHA1
a12b33208a5ee2fe54eb296f5ec111fa800f2f66

SHA256
f07bfcbcaa7a1ffa18968169acb9dea7895783023345316dde27c6451d241e14

SHA512
1afa28f15ca83b372c3e8f9e00ff5feff22d23d86e6571ab795066f767034a7c0bc5daf43c4fcfe8ee548341800de1a32b686debe166a611780301ccb59af0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e4761dd0c4ec2c803849feb47b2a6c0a

SHA1
a08fd720e138aad7df54e9759bcb1ccf395858e0

SHA256
d05a7af68b42a243a2627e4fad37e18949ac6dc7e4532c44a7b765f233da782d

SHA512
acd70350d7c41cfb396b3fa9bb8f7dfc9ea889e7887992691a732520e4ba0a50beb58f2fdafa0e55142efd44a8415a47909b14b55ebdee5855229a949bd995df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
add73caf2a1722cf58bf4bc953995ce6

SHA1
1720f056ab782f823641dbf1f65b1957eff8f03a

SHA256
ced4a9ada2f71a3d8532c23f1f4948e123c0a61639b10ed7a5d0b261c7d87520

SHA512
1d776e6a211ac2c712a910dd91a7bdf4e1839f3511ae364f0c7bee94fc81f95b1fa9aec5579c5ac0e16f735d05623e7c9a18bc60bf14a53026cc691433acee45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
72f31064df9c786682dd244b1dc32743

SHA1
8548f61a80da2247f98a981b483bd1367ca6fc49

SHA256
d6d496b4e8acaa9f030274033845ef5edf0ff3971f6360e50fb08e14a16d662c

SHA512
113a062b5e564594d334434230cdb0bb55c826360b2a7f147a1bc157a58a72473aa3902c9cc700ccf4a4abf501c425302502065ecbdf1dde43091bc4654ce962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
ac7761e989f1f057656258ff013cb32b

SHA1
bb2493baa21864b591b6869c510ea32c4976b1cd

SHA256
7c7a18c3925d2db5dece1a40ae52ccd788a1311ec62a36ba1ffb2ade6a955ce3

SHA512
a81c9080c603a4941f6203a58e5d2c2c45724bd1aead1d0996a5c28fd68721f23bf7a3f3f8653aa8f821a2bf735e4d8434f42214095d7a407e1b6ac57d94ea60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
16KB

MD5
e5f21e7221b6addb63a3f8264f273177

SHA1
791222633acfe3f2351ba3e06502e3262298dfb6

SHA256
071ff4cb0a37239c5abb2656c1762a2160099d12e984fa812026e26416a70503

SHA512
bbfb9c17ed39a2d8774cfb284e7bee8768b4710bbe2bbf444809a6279496db655defda79f2b59df9e5ed494173e98cf1304d55df5080ecd38b9e08ebd1f5a50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
8c1bd3142de1565bef9e03e8c00545b3

SHA1
8b0e1f1da72d424453aa52e55d4c093a4a2c1147

SHA256
db99c854e6fcd20f9e18378b220498ef892e715956cf11f013454b3691ae2e5e

SHA512
73c665e821cf0272fc92a75a7c9359a1cc0bf99271f0a3179399d785430cf12415b7d9573581472e7b6d26f2496929b786205ef0c36c363ba66901885e11eb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
aa30a1477beb2f282c4a3393bb6ebb86

SHA1
cd8502e1db85227f31b2c3fdf8061bcda5c45f18

SHA256
70b46ba10de75f2910b170ee2f16db47d82c9e7d4425a1eae31484dbabef09e9

SHA512
e78a543d8eb45c7f5bd2a77d290f0b3e958ccbab21d502a99c644eb8adf789e7c9f8b8f33ea37cd24575f57331e5b14883145b315f8a33ddc5972ff6add89c6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
125B

MD5
15ca067e78bd0998df538d1bc09b2423

SHA1
b6b7293315ddd7a297abdebd6669ba02878dc63b

SHA256
7b3f2f2f2b9c21c518eeec36fccb14c73709ce6d8c546150f049ccb27fdbcf7f

SHA512
264ccfee13036834802645b05c2565b99f0e0cbeccf88ff2dd5427f00380d308cd42df2e1c86febf5694e48a6fd7af06e0c4528bf99743dd293deb867e2e1fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
6c3a512c1ae6025c4beb21fae5bfb863

SHA1
4a45815b75e918a17e31637e11e93d362d7d1f50

SHA256
9eb91bb00cfb56c114cc4b036c1e8b7d39621dc2371f7b1be0ed1abc4b59bc1e

SHA512
590feaab996b00eea503d1b07f8a05d91c2b75dbd1731b583e69aae0a0d644a06822e841931ab463cf68d3781cdfe877d5de2331a764e69d3a6749b0bcf0ebf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
21ce74bfb195e052abca2572df1b2618

SHA1
77816f31e6d1aa603f40c138127ab6404d3c7ded

SHA256
db0c9dc195e07f12db7a22cefe1c6524cdce1582f273f889fd6cabc6b78e6f69

SHA512
9eb124495a0dcc90d3ba1cf46969b93c4ce15d4cf2f2281cd5040f5d5af3a3798236ab3ebf71990067c21ff39a169d5be06980a075ac88b17bee63e1274913da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
881e10114522213541629f01b5b6017c

SHA1
0a726b1ff2382940d377573a6cf3b675d27c07c3

SHA256
1001e6d6f6db9df1668fcd4ab557bc66a52d10c5f672e3432539ef52d7b26ed0

SHA512
c52934601755f39e1227596b6d71e7675331aec8e9f5883254e9a7c1c28778a855b352230e6e7ec113547caff54faaf51973b9810636d73e7e05640ace5b25b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
ae099ec4e863bf70188e0c20247a99b4

SHA1
ab37ceac20b2954e4567105fdd9351633724c3b9

SHA256
31645a9d28d31205dddedad6418f0935cce1db64cfda039b6c2970add144585e

SHA512
3b40967a43207ebe10f967ac5a3323aac62264e10ef0dc2c084b543b0917d4a603fef9755a8929fd54bb08f5b80c6a21a89e088c477836ad0219c933e4f3a402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aa748cccf59d8ce50b3c9962336a016e

SHA1
cea54e6c7d3e32ef4303b4cc3cbd81150e4b222b

SHA256
132ff7d3eb9aa99c226ef41eb9c3ee4478877276505596339eb23f76ac196003

SHA512
b94f87d87c85497057703d7d3aa10bade5b3b86f751acaee8745688fa0ad396ef76d5a824d4d5de363ac4848b25334d22e8c032880c2c12aa7258bbd2f1249b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2eb8c5453820fa6215cf7eb375734455

SHA1
b509d29003a1064b2b2f5e94f8cf28dce7b8c1d3

SHA256
0e1064bfcffd77f4ae7e340aa7ea78030bf20c4975174a0e246b3ef715c53d7c

SHA512
96ad4b9b071beb47a8618c5b523da1cb3776f80b9a95f22bc552032ea55854cfdb3ec9c21b37d3135175db0c8e53a44257b69f715c828f3a821b0d480b88b5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0c24e9486f77f85c83085c82f03c3046

SHA1
fd957726bbf511fc8dcbdd08fa48ae60db441bbd

SHA256
b2261ecc678898837166a1cca0889ea4ea7691149f0b2510885d9a54c7dc7dc7

SHA512
d50677b2e2ba11597442114ff79ecc21bbeb879926bfc50afd1e817a7503b1b9c8b127a2a4c7bf16e63fa3e085a8402108061c1b9fcb9edd9caffa89439966fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e9b65b10b05c5a048b0620533b853cd9

SHA1
3de61c44c0f9797e16a532de81e20917b5427a23

SHA256
36767425a24cc6c6d8cd9564b3bc65be14a1c06fb8bf4da60dd6aac03830d5f1

SHA512
522c0cb3f44ef16a24c879b756cd517b508e8680fc62cb1f9ecab2f3a4c941dcde024041acbcb1e1e281ca3ff14b49c0a8e40721bec4db40036572a1988e62e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45f2d491d6e050294114d99736d57e6d

SHA1
5473c3a27c42ec444c4e8522cc3e64ef6eee7059

SHA256
108d3777a45f785f41e703f78cbdf04abcbc7604136f9c875820287f7198ecfb

SHA512
fef9a6c5b9a14a30d8069361c09c00eaaec8bc14b271f097151689da4dda322051ca857d03dd12cd624f09289d82cc664a84ccfe546ef25da53d0563a858b21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0c8dcddbf92b6dfe94db5de407aaa43

SHA1
8f3b3dea2800aac4b57e77a1928eaaa21c251f9f

SHA256
580573644e52867dd4187f90ab16e2bbceaa46ac5ad3bc6d23925d2984098a46

SHA512
4170e94622e16b6d7549dca9a0d733214d95887f608cf8352e5e57b565abc1ae4131590acce7871a8c38865ea2505493adf53f0b9696558f7bdc00f9127f9d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
64cfd105f8c0c7612eb3f7895e12896a

SHA1
c896fb7a5d82594422ce1e3b59f29ed07a4dc26e

SHA256
1d12895f1b4d800502049f7343b7221581d02a05c2f8fe67086ebf5fcaa16495

SHA512
e288c8f2b7fbf73bbcdce77cfd482eb9646b92afde48ccde6ce51a60a22801419cfd8a0b32cddec3dc453a8f8be811e0327cd8db4059cadf277267caac2a3fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f418fc987ed03d27409630caa0ded70

SHA1
f9c23f86ac429872bff353c10df23e0e9591e6bd

SHA256
56ce1d856bd212983c1b0e789e80ea917f1f0286b9fb02d902953e10be1368bb

SHA512
e6dedc401c8e6627d46bff303b51691c5d3bfae2be07b6fb1fec154d6704be04c9efdfa79bd1ab384cb57b35d7215c52f105f06bdc257a8557c91098e122d5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
dd9b7889fefea3fa0baa062668dadf56

SHA1
f26b0d5076f54f7eb635dce27665cb2766ce4943

SHA256
2f076e460771b323e6f49d97eac9727424dc2d684b61dcc6c01a99fba5e530bf

SHA512
1c2eb51a621e25123f65dafccaf662d4153ba10b6ebcdc7ce3466dc082c18a72b33353c6ba3db7fc0cbbf53a14f0d695e853962d957efecfb2c65d220dd1bb5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
538B

MD5
9992635071515e191772747f00491e07

SHA1
ef30e255dc5fff102b8f64ced204de3e26a9e2a9

SHA256
1a14af865e57043a039ada7cba56837b84a117ceffeb2e33f856bc3757651759

SHA512
76bd000bbf87299bb7373e6048fda5d5453bd365de1d30027e2796bed4d28b13678127e1e097d49cff66bc8b4dbe90fd65e35fbe067bb92c0ef59ed9f12000bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
b3e8e2e25347301f567b1e2fb8e35f43

SHA1
a622eaf35521995d300b4f2696a74504818f05e6

SHA256
99366a08d6a8a4e2798570d5eb0f9aff6af73ccf159a80caa5986bb3f882bdf8

SHA512
0675c92ff94dcbde5f3a6f726a6923b1f7b23e481287bbe1e51044586e65e796f13f48b2e1660273d2b3a78ae7c43d36a51a3bb49c197e2fbab6928683a2c12c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378154350137621

Filesize
7KB

MD5
32be9aa37775ff35610a829e7250c4f8

SHA1
ff2a22097566211a67b463a0e75f644f2944645b

SHA256
d35509903d19b9dd41a39011e6be0da723944b134e63787eecc7b72727dd8e04

SHA512
8221fb034e46d1f34e90c0cca744c7eb048487d7c968b8922de82d5320d35bda48bbfa8f8c5c0e606077f7456dd4a7b7f5e9bf789f542efa8b9e4b38a8c27595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378154350334621

Filesize
2KB

MD5
e8ff41f2909fcbe9dade29af2097113f

SHA1
365986aa99b0e64f3830bc54b02b7fa930eed3ff

SHA256
163af376c361521c0be253211babd146bf63630039f951950568dccae0506be1

SHA512
7fd347b8b15f9c04ed7cee3a203e0fd254179d69ddaff030fab9022a920e7b4acc38d63705b8f65f9c8a696a0157d9d58259b6368316b33aae959b36eb7d4628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
709389acdc55001d3b2ae04a2061f0be

SHA1
e7bbb8deb97a12f534158020a931819a279a64e9

SHA256
c5ca6031a8a568d043184132b6eb85d02a6a9da553072ae1f4a79f265a7928e1

SHA512
e07f0fd411d3214f078dcbac750554bf30aae795d67fa1b3cf3ae0730cb0e5a525358241e541478590203b66c06ddb3c0a63e2265d852f308a0ba79ed2c20331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
2964d84610c17e437644f5364ac25b57

SHA1
322bc79da73bd498d57ebc2bea712eeeb5d89848

SHA256
06fa15d872f667cddf32e12a8d784e69e1606ecd1041adcded1dd2f2a823d8f3

SHA512
d94c2a5ef8b11c227897b937fc349dad0acde4b6a07d7a3fba82e2437b3a816e82482ada3f86ee0a401a6b834af16032860df9af4150823709b6b2e39c056247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
83a37dfb09cdad7f8dfec96d991a6ed0

SHA1
9bb7d4c97d84e3b2b334867e1d415b6d8c689bef

SHA256
f8542207172bac144c349798b3f5f7e92a4c24c13a6de26ac331e373ec710fc5

SHA512
2bada0c694751dbd385afc0ceb786529c0e4762cbb262a5270ec62cde5bd1b3055d734b49e09d1c44ca17a2d78dec4bbb3e9c82eb0c165f5dc42951effc9274e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ec6f89bc5bc093561c0f3818921be2a

SHA1
d9f09273d5ec8759b66d8211d5416a924cf6137a

SHA256
60341b309d1b4608cca0de982026cb19348ff4f3f1980b31254fe8f4f48ce593

SHA512
63da8e92afa52431fbdb29796d17fd2add19c4d576867d7ab9d0ef4972ec4928d9dbb03f043cab1cc48768bb2c6d1d200d38232d6ea3a8116fe5ab9bec57944c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
123abdbb88c64fd3fd44df0b7a3a0fb8

SHA1
55b2b1082130fa54c8faf255acf58a05b2270657

SHA256
81e3c8b6605fad611ab431ae4fbeefa5755b11d2f555a501ce7cc55aee573e55

SHA512
648d25a67a688e19acd36044678868542ca136664a36814fb2e568b4f7f8d21c357f8c8062b8ba243dbef585d0df2c7d0bd5dc400a62b14e27df6a1caff32479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
178761c19c60efb58eee5032094b29c0

SHA1
02c5347db084193008055038e4d8b141a7d5e419

SHA256
22e198b65355137d1ffcdd4c0e19e197cd5dcbbb50792fd76a45447ae0f99a6a

SHA512
c172c7aee10b13f5742ea5868504759685c070b53daa56ff77b82354525d5bdb2d6cee75ea9bbe6337ff8f67175b4bcbfdf4132d0a03cff1379659fe6fa50aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fe11939d0b4d136f95e68ff8d3314f08

SHA1
9fb62b857f925a466ae000f0b80375f237a67942

SHA256
c1990596278af24112d3462c40e9f24d6cfe8ce78837a6e2f79bcb9e14e2e269

SHA512
3ba138414d4511c2984eeed26d3750b78a8583e167382a5ff0a336282d1f309b1719c33b07a7ed4576185b3a6408f17bdfcd80ae850d86948b3b8e7c60dd54f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6b9f351d29148fb1edf102bcf7cf3174

SHA1
ac50d98d4020e295e8e05e493f35b2b533a5f900

SHA256
81090834fc2279f1d8bc38861dd3cf9a008ecaf87c7ff0554745ab9d24e4917c

SHA512
325c274e7fe7ac207f7ea4bd524be87bf9a1cbedeb151ce76c0ec8ea9d570ed783a9ebadc07e244ff134b674607d65e9c37b9db665dbd51c3c8b6917eb0c4461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597bfc.TMP

Filesize
538B

MD5
9ad7ce8fa780b6ba290a5206ee7f79fd

SHA1
9673a0a01f9e68300d08bc6823f6f0b6af90a641

SHA256
5d94c39fccc91bc92f1e6f62239dc8ef9043aa1f63c5fd9f0329f1757f3bfb9b

SHA512
bb6edc4025a602c64f551c7f849590fab6d47a18667c8f1b09d305709b84f82484e8753193e218d236b5c2ef940017b808fc7dff91066960f9470ac324ca55fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
97316883b79de7c1346204d7ab9af2e2

SHA1
f750d1a821f6d4a6d040a343dec8ec6afa78a3b9

SHA256
8a14d7879c2a5fa132b6f7b6bee44346a4b62af3392945254ccb4c02fe4e2917

SHA512
cd533d0a52c4999f9931861e7a7131950da1aecc9312177ba28e7d36d54997c8c2406bf40470d19ebe5f4eb80bc32ed6a8af48665f527c8ff870d915f8bfd337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
2c29666c462f3b3f58fe5fc514e0f093

SHA1
efe1ab2d6dec0aa5072927d92be0b388bd15fef6

SHA256
9314c23281a7999d9120fc29ea891d37ad977decdfeb822ddc09245180859216

SHA512
b730ebeffbbf5f971f84a43eb19444c372d6abb1ca0620d22cdf892f9b3a8b28008222fec23b644248c035a59c991e94729542e50fa9a6730d0a02b3ab5245b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
d12f31c89d10df3970af92045551aa6b

SHA1
38e13037ec0a663dff9769587076bc0683104468

SHA256
d2daeaa12700577fa7cab24aa65755a31c2b157fd1b22d3c8232867a6149abff

SHA512
0ecc65cea8a5cdaff86277fc4ef315f2c788fc15d0cbdd5dfd8870230daf0bad72c7f9e0d254d0e59a33a107940816b055fedfebaea4fa9a5cac1083d6ff3143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
1b7e3438db74a9caf0c755c4c26e1938

SHA1
fedb67c7f146264b5527220b796ccea054c39f51

SHA256
54b24d55c6d387dc5f9bb2e2973bbd12ef40cb1a04e67431bb9fcf7460330202

SHA512
1e38712d809cd2f8507085e48b9b45c8345f439cc8cf1fd3482bd3cf8570898150c2fbf356dd80a9b9c795c6ae4ff7ccbce8044b3a45f3916b796294c994006c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
429d7f97a3b1386354c88089c7c60a8b

SHA1
d85317024df809adee101094528250995b5efd2d

SHA256
368c9f4cf20b5e96f7db8b4863b4e34105235ec7d718e55de0d99612027afc6e

SHA512
dc70c779de64d8df8d19c2d6545695217c06faee3b86e4254a052249e76d7d64f118b14a7edb6f162a681ff78bff3c7e8267fe02132b9d46d0c14dc6e3177ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c822c3bb626da2b7eb099c8b7230a9ee

SHA1
5a2e665b22ec21875b709601368636956d819ea9

SHA256
5cde9d3a5cd8de2e39b414820be3d7124282c69d93720219f7946e1447e84dc7

SHA512
42405895f1def9d379f2b74b0c2dcb91aba6f4332f052c4afc481dc985a5fb24890241d57b53efd34f029720f096abacf4ee082e48b19d85cda20b1bec9db66d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
f1b94aa57d12418f4ae0694e833e8624

SHA1
4c1e99b127cd18511151f12a6ccbbaac0eaf9235

SHA256
ce8a4404e953b6ed2f9e788dc49357ce2aaf4c382f504a249a84ee20dbac8275

SHA512
80dd2a25fd2add9cb735e407cae863b5fb619b64e84cfe4f9b557683bd10c28c2e66aef2f59ed6417d0c994c6faa3516f28bf639b23004aabd174ad3b365adea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
05d2c22e9fccd289a82a30d00e36450e

SHA1
2d0eec198d9c1bff9f6e1d66ea09b50d63fd2ae6

SHA256
793ee5893d027864cab260703bc6213119c39d127036595e308de1c22242f0a6

SHA512
1775602cdf3eb46e702add0bc3e32920979d7be342b9c95a957478048f71dd042c9e959fe0c0404f73b5ad2fceef772900adccfb65972421d8eb24d085e74e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a504cb3b19c3ebcb355824dea93f1001

SHA1
eed06fca2ad7a06a18b8c1a79d3e1c87a2025946

SHA256
72cc96ce5e557871eb821daee8365737d49e2626d88355d2f613a159fc1c76c2

SHA512
7fb505ef0473d4bfea0830d1eb6e01af6a2b9e8718bd6bcd833e3a5e1e787a8377819ff1db13112e3fd148d4afd51fad9396b13ec4cfe80c554dec4aa623c6f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fd01459654d897f0860a877f45e4981b

SHA1
22092ec5a099457a6ff60f2706bf9820e560b584

SHA256
563f96e6734eb7178cac3aa931059949267a874a9b6bb5838881976bc7186cb8

SHA512
8ce14ef4e4ced77fa53efc739e532a161faa89a4a536d7dac1682419b4764601bf524c9f65339ad1d85273bd130646432075a573e5a16fd1fafdcadd8da56d8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cf303651ce1b943f567c33f9be6889e2

SHA1
377d9968bcf28f530df32e97e392ca9eba5a29f9

SHA256
6250d4ae22ce1315bb561379da2cefa324b022908d5f6d9c4ca38bd2d5f8b7a3

SHA512
1d602c29bebfb7c408e93cd0c45ef51d01c8ab38c7f3a2b598b552ef16c6c5ff7c9767e4f022a651467905e63c955a5e30b309d314443e7f7584e401965fc3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6b71ac6967f6e41b8a83df5454d04af4

SHA1
c9c64391ce14ecc2288f10efef3b3c1d3c798d37

SHA256
0a1d2b7c96e55214d3af92cb82f7aceefc0b1873b447a75ebe506d678656e96f

SHA512
86f4240b330c1db9c1b28bd260071755eae073a6bed5b1967bbd43bff00686b018ba6ec86454b63d96c37a239837cedda5bcd12fb9642f8141c31c3aa5061734

Download Submit
C:\Users\Admin\AppData\Local\Temp\1aafd489-e0fc-4bde-a8d7-1106ff8da154.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2608_1411072943\1fa8c02c-daa8-400f-9ff7-ec0b004839cc.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2608_1411072943\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
6.4MB

MD5
31ad1e750deed7e99b62a753be6fe090

SHA1
f31d44f3930072256452af766e379d80346b9281

SHA256
2199c8ad452c4a6ac99edf541cddabd9a2d8f258ef15acd7250633e97f086eaf

SHA512
752f168d1a085146c2c9a692a4bbfca6f9ab8dffc7f3064113695279811f31b7925c6def470a40f30e767579eb196aa29f4ec0f39520a6f315878725c3a345da

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
72B

MD5
7a3a9b9331a1e1c395a129de360ae593

SHA1
3219d13c33a26a0e4de20a1f0d95e9efeff83325

SHA256
073fba80b868add0ada99c62ce0bcead48edad12ee5a2b09951bdfd63eae6897

SHA512
06c3a0fe5f636dc2e0cd7c71f485474ccba31c6d2a3eeaaedf771d8ffcad4d8c410b4ad917456dd3f430e90380eb0335fb6d17074dd3c303c4a8d4077c5a666e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 422338.crdownload

Filesize
3.3MB

MD5
3c7861d067e5409eae5c08fd28a5bea2

SHA1
44e4b61278544a6a7b8094a0615d3339a8e75259

SHA256
07ecdced8cf2436c0bc886ee1e49ee4b8880a228aa173220103f35c535305635

SHA512
c2968e30212707acf8a146b25bb29c9f5d779792df88582b03431a0034dc82599f58d61fc9494324cc06873e5943f8c29bffd0272ca682d13c0bb10482d79fc5

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
memory/5672-2026-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/6052-3697-0x0000000073DE0000-0x0000000073FFC000-memory.dmp

Filesize
2.1MB

Download
memory/6052-3569-0x0000000073DE0000-0x0000000073FFC000-memory.dmp

Filesize
2.1MB

Download
memory/6052-3691-0x0000000000730000-0x0000000000A2E000-memory.dmp

Filesize
3.0MB

Download
memory/6052-3556-0x0000000074080000-0x0000000074102000-memory.dmp

Filesize
520KB

Download
memory/6052-3684-0x0000000000730000-0x0000000000A2E000-memory.dmp

Filesize
3.0MB

Download
memory/6052-3775-0x0000000000730000-0x0000000000A2E000-memory.dmp

Filesize
3.0MB

Download
memory/6052-3763-0x0000000000730000-0x0000000000A2E000-memory.dmp

Filesize
3.0MB

Download
memory/6052-3559-0x0000000074110000-0x0000000074132000-memory.dmp

Filesize
136KB

Download
memory/6052-3560-0x0000000000730000-0x0000000000A2E000-memory.dmp

Filesize
3.0MB

Download
memory/6052-3558-0x0000000074140000-0x00000000741C2000-memory.dmp

Filesize
520KB

Download
memory/6052-3557-0x0000000073DE0000-0x0000000073FFC000-memory.dmp

Filesize
2.1MB

Download
memory/6052-3699-0x0000000000730000-0x0000000000A2E000-memory.dmp

Filesize
3.0MB

Download
memory/6052-3755-0x0000000000730000-0x0000000000A2E000-memory.dmp

Filesize
3.0MB

Download
memory/6052-3746-0x0000000000730000-0x0000000000A2E000-memory.dmp

Filesize
3.0MB

Download
memory/6052-3568-0x0000000074000000-0x0000000074077000-memory.dmp

Filesize
476KB

Download
memory/6052-3565-0x0000000074140000-0x00000000741C2000-memory.dmp

Filesize
520KB

Download
memory/6052-3564-0x00000000741D0000-0x00000000741EC000-memory.dmp

Filesize
112KB

Download
memory/6052-3563-0x0000000000730000-0x0000000000A2E000-memory.dmp

Filesize
3.0MB

Download
memory/6052-3566-0x0000000074110000-0x0000000074132000-memory.dmp

Filesize
136KB

Download
memory/6052-3567-0x0000000074080000-0x0000000074102000-memory.dmp

Filesize
520KB

Download
memory/6052-3705-0x0000000073DE0000-0x0000000073FFC000-memory.dmp

Filesize
2.1MB

Download