mimikatz | hxxps://github[.]com/UIM-SEC/ransomware-samples/blob/master/katyusha[.]zip

Analysis

max time kernel
455s
max time network
457s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
12-12-2024 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/UIM-SEC/ransomware-samples/blob/master/katyusha.zip

Score

10^/10

mimikatz wannacry defense_evasion discovery execution impact persistence phishing ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz
Mimikatz family
mimikatz
Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Renames multiple (3117) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
behavioral1/memory/2184-1696-0x0000000140000000-0x0000000140106000-memory.dmp	mimikatz

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Drops startup file 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDE6D5.tmp	WannaCry (1).EXE

Executes dropped EXE 23 IoCs

pid	Process
5016	winzip76-bing.exe
4716	winzip76-bing.exe
3056	winrar-x64-710b2.exe
1028	winrar-x64-710b2.exe
1976	winrar-x64-701.exe
5432	ansom.exe
5616	zkts.exe
2184	m64.exe
6024	ktsi.exe
3924	WannaCry (1).EXE
5208	taskdl.exe
5708	@[email protected]
6548	@[email protected]
5928	taskhsvc.exe
6148	taskdl.exe
5316	taskse.exe
6784	@[email protected]
5960	taskdl.exe
6404	taskse.exe
5264	@[email protected]
5656	taskse.exe
1516	@[email protected]
3432	taskdl.exe

Loads dropped DLL 8 IoCs

pid	Process
5928	taskhsvc.exe
5928	taskhsvc.exe
5928	taskhsvc.exe
5928	taskhsvc.exe
5928	taskhsvc.exe
5928	taskhsvc.exe
5928	taskhsvc.exe
5928	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2516	icacls.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mhxddduoei124 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\""	reg.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	ktsi.exe
File opened (read-only)	\??\K:	ktsi.exe
File opened (read-only)	\??\R:	ktsi.exe
File opened (read-only)	\??\Y:	ktsi.exe
File opened (read-only)	\??\H:	ktsi.exe
File opened (read-only)	\??\L:	ktsi.exe
File opened (read-only)	\??\Q:	ktsi.exe
File opened (read-only)	\??\T:	ktsi.exe
File opened (read-only)	\??\W:	ktsi.exe
File opened (read-only)	\??\E:	ktsi.exe
File opened (read-only)	\??\N:	ktsi.exe
File opened (read-only)	\??\P:	ktsi.exe
File opened (read-only)	\??\U:	ktsi.exe
File opened (read-only)	\??\X:	ktsi.exe
File opened (read-only)	\??\Z:	ktsi.exe
File opened (read-only)	\??\M:	ktsi.exe
File opened (read-only)	\??\I:	ktsi.exe
File opened (read-only)	\??\O:	ktsi.exe
File opened (read-only)	\??\S:	ktsi.exe
File opened (read-only)	\??\V:	ktsi.exe
File opened (read-only)	\??\G:	ktsi.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
1698	raw.githubusercontent.com
2107	raw.githubusercontent.com
4998	camo.githubusercontent.com
4998	raw.githubusercontent.com
2	raw.githubusercontent.com
22	raw.githubusercontent.com
23	raw.githubusercontent.com
24	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry (1).EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\wordEtw.man.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-125_contrast-white.png.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.White.png.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CalibriLI.ttf.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Java\jre-1.8\lib\plugin.jar.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl.katyusha	ktsi.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\WinRTUtils.winmd.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.katyusha	ktsi.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.katyusha	ktsi.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsNotepad_10.2102.13.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\NotepadLargeTile.scale-125.png.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SnipSketchSmallTile.scale-125.png.katyusha	ktsi.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.katyusha	ktsi.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.katyusha	ktsi.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\contrast-black\CameraSplashScreen.scale-200.png.katyusha	ktsi.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\CameraAppList.scale-125.png.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.katyusha	ktsi.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.katyusha	ktsi.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.katyusha	ktsi.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\TipsSmallTile.scale-200_contrast-black.png.katyusha	ktsi.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-32_altform-lightunplated.png.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	ktsi.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SnipSketchWideTile.scale-125.png.katyusha	ktsi.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.katyusha	ktsi.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.katyusha	ktsi.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSJHBD.TTC.katyusha	ktsi.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.altform-unplated_targetsize-48.png.katyusha	ktsi.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\rt.jar.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.tree.dat.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE.katyusha	ktsi.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Paint_10.2104.17.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PaintMedTile.scale-125.png.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.katyusha	ktsi.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.katyusha	ktsi.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 6 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\winzip76-bing.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-710b2.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ansom.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCry (1).EXE:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1672	4716	WerFault.exe	123

System Location Discovery: System Language Discovery 1 TTPs 61 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTEPAD.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ktsi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	zkts.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-bing.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-bing.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry (1).EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Interacts with shadow copies 3 TTPs 2 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
6956	vssadmin.exe
7128	vssadmin.exe

Kills process with taskkill 14 IoCs

evasion

pid	Process
6568	taskkill.exe
6792	taskkill.exe
1880	taskkill.exe
6276	taskkill.exe
6416	taskkill.exe
6512	taskkill.exe
6856	taskkill.exe
6744	taskkill.exe
6220	taskkill.exe
6368	taskkill.exe
6640	taskkill.exe
6696	taskkill.exe
6324	taskkill.exe
6468	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31149324"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3314996348"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133785049631265205"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "5"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3432	reg.exe

NTFS ADS 16 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Matsnu.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\katyusha.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\winzip76-bing.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\e5c96aa\winzip76-bing.exe\:SmartScreen:$DATA	winzip76-bing.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ansom.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .com_:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Petya.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 825415.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\e5c96aa\winzip76-bing.exe\:Zone.Identifier:$DATA	winzip76-bing.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 438646.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-710b2.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 300053.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCry (1).EXE:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\katyusha (1).zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
6876	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 58 IoCs

pid	Process
1908	chrome.exe
1908	chrome.exe
1756	msedge.exe
1756	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
4920	msedge.exe
4920	msedge.exe
1108	identity_helper.exe
1108	identity_helper.exe
3836	msedge.exe
3836	msedge.exe
584	msedge.exe
584	msedge.exe
3340	msedge.exe
3340	msedge.exe
1580	msedge.exe
1580	msedge.exe
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe
6004	msedge.exe
6004	msedge.exe
1796	msedge.exe
1796	msedge.exe
2184	m64.exe
2184	m64.exe
2184	m64.exe
2184	m64.exe
2184	m64.exe
2184	m64.exe
2184	m64.exe
6000	msedge.exe
6000	msedge.exe
2428	msedge.exe
2428	msedge.exe
3972	msedge.exe
3972	msedge.exe
5424	msedge.exe
5424	msedge.exe
3228	msedge.exe
3228	msedge.exe
5244	msedge.exe
5244	msedge.exe
2904	msedge.exe
2904	msedge.exe
5528	msedge.exe
5528	msedge.exe
4200	msedge.exe
4200	msedge.exe
5928	taskhsvc.exe
5928	taskhsvc.exe
5928	taskhsvc.exe
5928	taskhsvc.exe
5928	taskhsvc.exe
5928	taskhsvc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6784	@[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
5016	winzip76-bing.exe
4716	winzip76-bing.exe
3056	winrar-x64-710b2.exe
3056	winrar-x64-710b2.exe
3056	winrar-x64-710b2.exe
1028	winrar-x64-710b2.exe
1028	winrar-x64-710b2.exe
1028	winrar-x64-710b2.exe
1976	winrar-x64-701.exe
1976	winrar-x64-701.exe
1976	winrar-x64-701.exe
1580	msedge.exe
6004	msedge.exe
2428	msedge.exe
3972	msedge.exe
5244	msedge.exe
2904	msedge.exe
5708	@[email protected]
5708	@[email protected]
6548	@[email protected]
6548	@[email protected]
6784	@[email protected]
6784	@[email protected]
5264	@[email protected]
1516	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1972	1908	chrome.exe	77
PID 1908 wrote to memory of 1972	1908	chrome.exe	77
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 4056	1908	chrome.exe	78
PID 1908 wrote to memory of 1308	1908	chrome.exe	79
PID 1908 wrote to memory of 1308	1908	chrome.exe	79
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80
PID 1908 wrote to memory of 1868	1908	chrome.exe	80

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5580	attrib.exe
5312	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/UIM-SEC/ransomware-samples/blob/master/katyusha.zip
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5203cc40,0x7ffe5203cc4c,0x7ffe5203cc58
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,16078782116101529773,11248276329361156944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,16078782116101529773,11248276329361156944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,16078782116101529773,11248276329361156944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,16078782116101529773,11248276329361156944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,16078782116101529773,11248276329361156944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,16078782116101529773,11248276329361156944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4640,i,16078782116101529773,11248276329361156944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3084,i,16078782116101529773,11248276329361156944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3212 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5028,i,16078782116101529773,11248276329361156944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4904,i,16078782116101529773,11248276329361156944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2012

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4412

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x50,0x10c,0x7ffe3e093cb8,0x7ffe3e093cc8,0x7ffe3e093cd8
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6760 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7260 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Users\Admin\Downloads\winzip76-bing.exe
  "C:\Users\Admin\Downloads\winzip76-bing.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:5016
- - C:\Users\Admin\AppData\Local\Temp\e5c96aa\winzip76-bing.exe
    run=1 shortcut="C:\Users\Admin\Downloads\winzip76-bing.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4716
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 2076
      4⤵
      Program crash
      PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7740 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:584
- C:\Users\Admin\Downloads\winrar-x64-710b2.exe
  "C:\Users\Admin\Downloads\winrar-x64-710b2.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7972 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8844 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:6412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:6488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
  2⤵
  PID:6736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7388 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9032 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:6580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8180 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
  2⤵
  PID:6760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:6392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:6252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:7084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
  2⤵
  PID:6580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8184 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8956 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8756 /prefetch:1
  2⤵
  PID:6468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:6912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,15387130422444300609,9150213007811821459,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:6864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4716 -ip 4716
1⤵
PID:1708

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\56d391ecde634642986deb396e7bcfc0 /t 3564 /p 3056
1⤵
PID:3964

C:\Users\Admin\Downloads\winrar-x64-710b2.exe
"C:\Users\Admin\Downloads\winrar-x64-710b2.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\Downloads\ansom.exe
"C:\Users\Admin\Downloads\ansom.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5432
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c c:/windows/temp/zkts.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5588
- - \??\c:\windows\temp\zkts.exe
    c:/windows/temp/zkts.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5616
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c c:/windows/temp/m64.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3832
- - \??\c:\windows\temp\m64.exe
    c:/windows/temp/m64.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2184
- C:\Windows\temp\ktsi.exe
  "C:\Windows\temp\ktsi.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:6024
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM mysqld.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4980
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM mysqld.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:1880
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM httpd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6200
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM httpd.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6220
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM sqlservr.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6260
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM sqlservr.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6276
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM sqlwriter.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6308
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM sqlwriter.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6324
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM w3wp.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6352
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM w3wp.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6368
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM sqlagent.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6400
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM sqlagent.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6416
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM fdhost.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6452
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM fdhost.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6468
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM fdlauncher.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6500
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM fdlauncher.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6512
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM reportingservicesservice.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM reportingservicesservice.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6568
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM omtsreco.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6620
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM omtsreco.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6640
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM tnslsnr.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6672
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM tnslsnr.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM oracle.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6728
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM oracle.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM emagent.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6776
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM emagent.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6792
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /F /IM mysqld-nt.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6836
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM mysqld-nt.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:6856
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c vssadmin delete shadows /all /quiet&vssadmin delete shadows /all /quiet
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c vssadmin delete shadows /all /quiet&vssadmin delete shadows /all /quiet
    3⤵
    PID:6936
  - - C:\Windows\system32\vssadmin.exe
      vssadmin delete shadows /all /quiet
      4⤵
      Interacts with shadow copies
      PID:6956
  - - C:\Windows\system32\vssadmin.exe
      vssadmin delete shadows /all /quiet
      4⤵
      Interacts with shadow copies
      PID:7128
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\_how_to_decrypt_you_files.txt
    3⤵
    - System Location Discovery: System Language Discovery
    - Opens file in notepad (likely ransom note)
    PID:6876
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" c:/ProgramData/_how_to_decrypt_you_files.txt
    3⤵
    - Modifies Internet Explorer settings
    PID:4284

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:6996

C:\Users\Admin\Downloads\WannaCry (1).EXE
"C:\Users\Admin\Downloads\WannaCry (1).EXE"
1⤵
- Drops startup file
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:3924
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:5580
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:2516
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5208
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 76351734031707.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5764
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6056
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:5312
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5708
- - C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5928
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6136
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6548
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:1196
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6148
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5316
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6784
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "mhxddduoei124" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3916
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "mhxddduoei124" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:3432
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5960
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6404
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5264
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5656
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1516
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Direct Volume Access

T1006

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.katyusha

Filesize
160B

MD5
ff726cf3e2f6497c91c69bc280485183

SHA1
337c8093a125f4c731d9c073e96ce048171af95d

SHA256
fbe5667f17b87439aacf9c451ef2c0a40c05e77feae8de9e8298c10f46447197

SHA512
d776e6da4eac4ba7734e6e9c67972c363a53419c9e4990da04267f489d78d0be264454e7e3051b2639a30ee003ad51548fd85b687c20ce3c16bc7627c96f281e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.katyusha

Filesize
128B

MD5
6689f98e5c8e575dfeddf15e3115acc3

SHA1
34cb3254a785cf88f28585d5b8ad7265b877c8dc

SHA256
55086527785268a516953751f78dc3900ff2ea21b5fbf960177bcdab989065fc

SHA512
2f9c208d178c71bf344fa0b2145ff4fe6cc42b46ae1a2ca40eac2fec393978012d5c6d638756befc7c57b99a2fd0e8f4bc33cc85f9db90d812492c145d9da8f4

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.katyusha

Filesize
128B

MD5
2fb9a2d282739e5688603f3d3228b783

SHA1
ee9d9fed5659e9db9beacb1ed11004660b4ace98

SHA256
118d7ca4f0ab03d8fc4846d2b2f39d79d06876774aedc1cee95da12c122426bb

SHA512
5f75590e3b0804002497477c45f2b045b1161281ef95174ab85cdf5b51911cf5eb6f29a21fa54c97192205d3618bfd40df031fc37b0d55d8b7e1a50c4a38a79f

Download Submit
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.katyusha

Filesize
831KB

MD5
daf3236d760d0624ae4a010196c1a34b

SHA1
7dfe5d3c296ee7a5061f7363333ca390ff576a32

SHA256
723e4e67abe768dd28e8cc7069656bb3e5a9ac3c0f7bec8422256102f82a479a

SHA512
38ea7ed17038748d62d30745dd2181389cb0278eb778e55171f419d6d288e798f2dd66323bd8ef09ad43ad29668a8b754cb8da0e8a917eec671a4d2c8088519a

Download Submit
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
585B

MD5
3e03b349936a3555571ef026b5bd67b9

SHA1
0a946619daa79572229d01fc833d3b2678ca2456

SHA256
49fb0175498315675248687f9c167511948180a7e86fe09d9e2845a9e56464f1

SHA512
57af4757386ab833126d7cfbb78e3443ef5fef5c656525b1bffceac3889193d640a023745a5cfe016d84074f5386a5c7bbb3f18b6ac76661ecb3f055176697b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bfe8541d14b0a31b6c5e9025dda70234

SHA1
490375c0a34c7e43d8a246a6dd74d05aa91d8407

SHA256
7838e24f56ee093094db21b1849c2b5f3a0cb96d7433e3bd88f73cc3149b52c9

SHA512
a0ccb10964a9638a8d1e47680d12bdfed1264687744174d537d6255b4618cf1549c3796e00b11677e9de1590cd4651880eb8ce0ea2f6a137aaee2ee5df8a9f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
2.4MB

MD5
9aabf4feabf55fae6a8bf14975a07243

SHA1
4fa62a68f1b782ef67c3f71d054b0023f14ce1d5

SHA256
1e338478f9eaab0a6a85095f787e5a75369a0237520382bae178c46a68720081

SHA512
f076ed1e35974d7f001b99e506b3f9babc88be5e9e3c52668227c429933068635a3c4f2650c58cb3166139db50da20d244a32b72775bee8763d8e6f000a068ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb00883fc3d6344ab111f713b8067e11

SHA1
af7b6038c10cf77b201b92d854428fb17445e657

SHA256
a2b77b521da7e77028ba3f24facd1aac73907b89c2675e9a1dfbf34f205f5a65

SHA512
bf48b370956587cc1bbd33a42ac6e26a00f30b2426b9b906cd4659b5da934a49d3916e3142d0dd1bf5d84b085dd0e8c41c58419c47b21143bf7672ca7e865dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1286ff19c5fd2488977fc72cff988d6f

SHA1
3ffc2e29c41ab8738e6c89c904cf0232d522656c

SHA256
47a3054ca9d1358bb483e8c7280974e7c4216346e2ca4d9dc436c4d33cf273ef

SHA512
945a3288617986c259355d1347c47b83b38a6f2b095d916095e41d545a4c0d4cc5d2ac64ec5ca8f988b918100c75e10f63621441f44471f7dd19cdb00347f340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
40c8396c0e398cdcef4f7970e2b51487

SHA1
408700654d781c6b86febaca45da7778cb500cab

SHA256
6512e60db701235011e44d7646255028b10946aab4417d8be2a0d093b6d15052

SHA512
cd230ac03c8ca8ef08d632e02b2cb3afba28a7aa14bc3fd619557e9ed07da50c366b1aa23bb7f85a5f6a9de398ecfa309e7adab39f5f56aef23cbfa3de4b16d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
27e97823441e60db4531b3c411210809

SHA1
10e6ee81b086506f26a76f37bc1e1b48a624ea22

SHA256
91ed272fb513c55f295975ee902d27e2121f8239daf67db4a65591c8eb499160

SHA512
a2f3daa74f85da35150cdd620447601aa5b79e365781b9e48c4882ec4a1ee84d807c4af4774459c2ddecc445d51711d635d3d72f15f7ec431cacf083382f3b99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9e5c456bc5e36eec838254a0f525d79e

SHA1
f01752e6cae8e2ed8bd62dcd65af6cf15684f196

SHA256
747183708df8d0e9d6c535d91cf002076e8a323cc9a5c0951e288ac59f633e90

SHA512
8666c11147c5234ce22231076cce8506ff9d37f4b83abf541001a25e408c8ec5cb7f16afe10df78fb7ac3a0db5c5a86147912385139274b0f1aab7e935643f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2d5e61244784e36e1bfdf05ee93d0634

SHA1
6ca5e2803110d8d7823108cf508b494eeb526a93

SHA256
0d84027aeb164aa6a11da35e0b4ffc9719f7e32b6b1d75236f962afe707fa95d

SHA512
1a2971a8a3ce60de40eca37f2101fe6cf1bce80543218d56a5e37ad5e835c21de6a1eb850005991918f5ea1a200ac706e7012472c5bf991c885a7861b8815806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebff3c97ac047b8cef62af8510845f95

SHA1
84050633facfc12d0bab1b24f29cfaaed01324a8

SHA256
42b23768188a331ce33613555a445db66fca31cd2a5536ad511fe6fd8f3eabd5

SHA512
93b9ab68d3ff6a47892875b658fd21efa0a4b120669e6c8fef2bc312804c2e57e8066ae51a4be7716eada3062292bd03ad17e239a167c0fa40863676549a51f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
97bac421f25e1681674025ec5ce70c7b

SHA1
a4fea25cd0385515819e3dd8bda5dfc07ad8c2da

SHA256
ad4ef6f2365b0e9c849b50efcebd79e4071097bc7aca408b53ff724b4aba9a40

SHA512
f0d14e8102366854b91a675dd07aa74e0c690603e3e7d38d4166ab1ad6cfc39e3429e13b1e5ec6f0761ec07ec8aa591afb15cb4221812488d4a5a1499a567e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bb670b147dd2436d1d1d3d2ebbb4e277

SHA1
cab8cbd08a457c75ff19daf8bb36a2606f0b15a3

SHA256
99ba5b22060f929d3744c7c8e6234c9e46c3f8cd028203556f8387026df6d8e8

SHA512
c7a49ceb3b8290b0453b6139df9a7acf616e6d4c2dc9737fcb70cc737e51c63b2c997fd17bc64c17ae5eec61e9e29031992021517799f43e7ade3b87ff1a2e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f8bd2831c8f52e0c9da49720d8e5750

SHA1
9dc63e85240933e01e0a35b3dd9dad33c1206543

SHA256
ee8a84e694b9b5f331da9e6de6b634b05a7f23a8130aedc39caee16f306b1b10

SHA512
537adccde6ca225778a59127ea99864a1be104af295582a7e9b2509a1e9ed399f96eeaf23e62ea53a80c27eaabc1085f1af2611cd9b5bc3a72b5e4f0d57b3aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
ac1408fffce777dfee9ab4126f82d5f5

SHA1
caee68b753ed67532d0f49d971a5a3887c625949

SHA256
c0c6ba9a5f1ed7e885b56a379e4f9abd4698ab1959921fe52e78a4da6b3ea5c9

SHA512
552f4180f6bcbb893f10a1731b8e200042e8fa845cb748e3cb91875bac9971568f6b9546604ab4202c401ff62900ab6bcbe3e5bdb1937fcbabd09f53ca00fec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
0e6d6fb8841a4cc3d7bc3260eed54278

SHA1
bce768eb33b7c5b6052505e1edbaaa47f72f9309

SHA256
0b7f183befd31c1c1743267f3197e373b1e9dd6b50acabeff1f74a5f0671e0a4

SHA512
52155947cf73d03ee1ef917066d339a921dae61234b98cc6809791d1f43b99d745422e280b51799e3add2fd4d9dcf9530adef4e0823d3b9820a259bd63639e27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
86006f1cc80fde005e83059fb39a4180

SHA1
82614799215a18dccbda076d167d0e627247ae84

SHA256
ed0ea0cd9fbc68f5dfa377813b9db98daa9495b181eed6b218962ea49ea75671

SHA512
73e9949e3c33473cab183f9c91b95bdaf4108f1480dae3b19f2ddc8acaf68d901417e32994335cd0aa2883d5503fd599883482be4117d7d8e76a8ae0ebdd05c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
31a7a9e21a9b44a0816ef71968f40587

SHA1
82d24547ace3d6e36558318b5ccb2113afbca941

SHA256
13c89a4ce57c0fdde24d6c673f134b49c37d77242666573866aebbe3c2f0d0d8

SHA512
6a014abb8f448f25a862c69dcb24d4f0289fbc368747f104ec0d621e5761c8c5b7620e5a1f177be941b5ccb0097d1182dacc367502718182be86f777fd01a01c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\14392420-bf83-4757-813d-e5081f6c1cb0.tmp

Filesize
5KB

MD5
d116fce1d2560caef9d07c9a3c9da1ca

SHA1
75f12b198870a22a77f519eed0ee930c2ccf5e64

SHA256
8e8698db5d07270864555421613995ed0479b9b6d9f52664037f196e96b819be

SHA512
1c8653f330b8713fa104a47d8e19e8c90776ddbf1b064b160998ff92de76b071c15bd6f2623699f6ff20739af0f8574d1270a4199a526972253a4528bd5d8ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
68KB

MD5
d4db8e09c45049ff25b0c75170df6102

SHA1
6d1f07d1556a132a4a794e29df8455cc271f05a3

SHA256
381473cd4e59e55dbacd388d552dcf27ebb82e7c8ddf315262a558fb25b3f742

SHA512
f78a68b51982e6f2cf25b12b3e24195a003f9c2d8ea84f7b5ab0ed3a70a5f2c7ed97932bcf5b30be57db7f6133c9b8f1744f801ee2bf4351b6fba5527cc1b51f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
24KB

MD5
6f079fdf0a660fbbb892c54af5619130

SHA1
fc759157fcac210e27e95dcafe43f17320fc4a2d

SHA256
3fac2a0b7f6c43848273cbd8ebae5eea8d1e207347e927bea627c93e9008b809

SHA512
b60768cbd70d1fe8be05edd6e1c5d42befae1968d3735ec90895ca520edf7ba2f7f3c00e589d75f7700c68f3168c120fcc8ad952f36fad2b18defdaf9c2b477c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
86KB

MD5
5a4481e418ff3a17185ce4d5ee0c7368

SHA1
2137fbd5b7c6a650900665f44863d4d8921fdf14

SHA256
b0c3cf6377bd596475c9bb1323e39b46b326ae6c3a363aef3ac12a6c7243305e

SHA512
452bba1d546ec0e698fc067c2df634381e65dfa14bc1f6a3831c258649d24717859bf778a552e49bf537a19c4b9161892a701d3bd8fdaaa9a4be255934fbc906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
23KB

MD5
3abb16405f081d9bd0e4e9bd8982ccfe

SHA1
b89ffbdc9f1f5c1916444bc730a30aec0714bb5c

SHA256
896c96bffaa50fee414fa8d3a5e039538de1b888e6209d211f1f4bc09a7f2eb1

SHA512
4e9a039f3e7be7763b5a0dfb73a024b1472fabebc20f7b5b9437b360ea851ba85f657e8054577913cab9d15e13c455f3cedacd5739c4403d8d411f3f2686bde2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
42KB

MD5
c3fa9b435bf1b67bbba1aca6336e6f00

SHA1
59f9595d1172cc4e6f6ec8d478589e89d06876f1

SHA256
a02bd965b1a9b79d7efa4812f85309e64469c724bf023a4398dc263bf1779809

SHA512
eeb0b10451d75b601cb736f1a5bdc69ab9f8fdff1129ec100ab48f412d262d20065a478b979716c08975f5c00fd0ae3aee8b323eeb1197dd9fc4beb6c37f2c8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
78KB

MD5
b8811f58b78e4d5cd4494f34ad8a7768

SHA1
a2c1d9dc0b9b2e5999892d4fa051d92609689da0

SHA256
761b6c1c0ebc3f2db46cf66e91c014ed0954c0a73fc6d6488fec00a9e3706aca

SHA512
992a0747ed0d720ffeeb4fce35c4cb6f14c2fd89f154b68ec7870c210c3a8acec324f98535fa13a8b2f6c8b0535ea55cbc7febfd5bb5f34ff086c0f0cdc7f6e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
23KB

MD5
e1b3b5908c9cf23dfb2b9c52b9a023ab

SHA1
fcd4136085f2a03481d9958cc6793a5ed98e714c

SHA256
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

SHA512
b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
52KB

MD5
21d3dd7cc5a847c6c16bfd27c43f80d9

SHA1
4e30a55c8544a5ca0d8421aa6184dfa0651f47a8

SHA256
f6805298a30364fcb3025103e1659e7e751051023579a31474edcc17578aaba7

SHA512
f598f8af0776c9bb9ef1109cd9294f90d39a26e53d8091a9a9120f6b82636efb761eb9198ce42297cca113470150f36a6703af0f814cac6f2c9149d50accfafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
52KB

MD5
17383b2e105c6844823981af152f29f0

SHA1
266bb432b0b16435d4ccdc0c2889729376721907

SHA256
0df1a584a28678e8ea6a94450957fc90deb59a8a74db5594730c99496a05db42

SHA512
bdbbc6fa7c0ffe81b35abe3372f7269cd19c894999449976fdce4b726191bee27e9cdc014f4a9c26f6e660f77176e829934b3f911d6dea38ca60fe2ace2aaf2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
127KB

MD5
cc1e5eda776be5f0ff614285c31d4892

SHA1
020c3c6f9280a315e8425d7f92e15bcd0cdda1b2

SHA256
476adf42b40325098fcfa8b36ab3e769186bb4f6ce6a249753e2e1a9c22bf99e

SHA512
8ea88eb326ce57117a24f88abf9ef1740ff55a1cf6d09d8bc1e798132d44bf237aecff44253ef60c9eb3fce108cf4f7d8ea27e6a763a9338c7d6204247b2cc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
128KB

MD5
ec8b8d7f891f5b3be5f7ce43b4e1783a

SHA1
bc4bf587842fb5927ac1f597b9b2741a35be1af8

SHA256
d8261523dd6be2031d71c6612921378cdf818cd876baf88fa8733b2c444317e4

SHA512
8f2664b501e85e295a337cd496f69a8e892f5c691ad3eecffccd1d1a8e7ef2231ebd5e10bea959163fb489a3c5767d99cacb98616f55eb10d09ed9c7b49d570c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
22KB

MD5
de69cf9e514df447d1b0bb16f49d2457

SHA1
2ac78601179c3a63ba3f3f3081556b12ddcaf655

SHA256
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

SHA512
4aebb7e54d88827d4a02808f04901c0d09b756c518202b056a6c0f664948f5585221d16967f546e064187c6545acef15d59b68d0a7a59897bd899d3e9dda37b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
22KB

MD5
716309aab2bca045f9627f63ad79d0bf

SHA1
38804233a29aaf975d557fe14e762c627bef76e0

SHA256
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429

SHA512
adb0bc6cb9b230eda5dac7396a94a9a4dba9c8ba0b2eb73f5f21a20c3ca3d14651420bc6a17e67a71b5bba624f5a4e92d55cbbb898985dcca838184f6dfb2b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
88KB

MD5
e07b538aa51b6fa77f32828af21cb591

SHA1
4649877868a0068ce50b105d0d2a235e8010c98f

SHA256
76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8

SHA512
e2ec08562aaee660d0ae1471e9d5659bc03b5b4f60c7d2c4a9c5a546b4ae151ed16cef58c2c798dce5d35628357b010d345ea2a3bf13bdee88adba954f6d1f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
31KB

MD5
f37279a6309c57c5ed7b7d6dad0722b7

SHA1
bfcffcbddc9c75bd34f5ef05cdc01418ebd1a6d3

SHA256
9c191d54cae15bef9596a9185f40bb61313c8d395599aa3f058d8eab03588b99

SHA512
b104fa3691285d90a8f5e8b367a6580bd94243ddcf946585942dc5dec500dcdc791c4d2135b4178a825e00fae50ed91e9564cfb6080c3f0e3f1863304e000b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
32KB

MD5
7249dabeec27191247d4d535e9584837

SHA1
4edae454a3d247f3c53737f989a39193b98c032d

SHA256
036a9617608dad9290cc1a2994207f4db52e5c06a44943b0de60113a24df8c51

SHA512
3edba4eb8fa3a17a696c149853f20a51a1548a2e93e83792633b54ea5d7fb42ec811fc25eae369631c9ea05639d76c3c43e5df12c6f9f97e17a79cf9de5fed98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
84KB

MD5
f67c04f1296cb0c4af49993b5cd90d29

SHA1
7e68ef6fc2f1b1be04b1f95dc3146fbe99b4063d

SHA256
fc240de55530976f13ee1c32f2235e710a1f0103574cb324beb8c6797dc1fb55

SHA512
88c8bd853608effbd4208a2166633878b8cf726c4e77cb4ffec867357a22591ffc63218c0e42c75dd9f228764b6bd0b832fd7b43a445a1991d601994c14d3b13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
144KB

MD5
c3f456ac5823f459e25241695ccbe356

SHA1
56dd55ea2abe1d9295a210ce5b2e6c6ba4b6589e

SHA256
e4930986ed947456d5861c405dd62b1d9c750fe0286488b4215aa2474cb2b637

SHA512
0f5316eb7782512b6c84e632193bc94334bbd8f49c943ee46e4feaa742872c2948892dc510257de6e52def105621720857a2344b4dcaa786602048ae14ee54c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
42KB

MD5
0c74385e7737386aa46ae9cf3aa09966

SHA1
a5703db8b6ad7256d932cd528a55e9c3d23cc85d

SHA256
7dc1e70e67a65dc2032e0fdf7ef3edb35c5cb1efee4ef548501ea9fd953601c9

SHA512
3f7f85d4b52a285b85928683e3c36ffcc75e6c0ee6d7801f7afb2069eae6ea555378fbfa43e09bb46a192ca6a8d40d06389a453e94de2da7a290885065182caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
124KB

MD5
68cf786a8274995dce4ecfc39adb4702

SHA1
bac0fae6417933c9f6e368fe9a2ccfbfd1aa56ba

SHA256
e0a304c724cdf50b6e243ae5e3b1a25fdc16bbaa41c61a9e870c7049ca56d2e9

SHA512
c1382864a79b86b86c9014f1f0f33a9e0732b73f263e4fd432460771e659e5bd1c3cb9e6f321a5b5e492b0d0678e08eb9a755c4cab032a48117c190558c03ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
153KB

MD5
1b2731006f2b2597b02859e501bc2d4c

SHA1
118d27a703cef3fb083593a56bbc93e62420f30a

SHA256
59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

SHA512
f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
28KB

MD5
3e9ab1f302758b786abfcd69e455c21c

SHA1
f9ffcfc03e3e34c03a51870d114c04a9737a6ab7

SHA256
42b98ae8ec3182071277ad7c62f95fe9bc289c46eb9d271f9796891a28ab3473

SHA512
84b053665ec2b2b4c9b0ec8c6b3250c581403ecd62bb5d3d2c90e0e5f6fcabc8a1db4abd5c10cf4c30ea72d2e4efb8690603c402df9635eb498218ef976f2e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
44KB

MD5
63568e577a20943b44cd4b9908c2647e

SHA1
720586b84cd3ed98c6c5498b87e655b59474f44f

SHA256
35c83de988e2eda0fab003c71947ba3e9ca6677008bfd33902ee073ee33b9206

SHA512
ce9cfc2d0f8b37616fa5ee0a6f230f2380e73e6bde4982ceb63b0571f64e19cf118dca1b3aac7a4e7ff6f420d216552fefc95144790605c9708e466baf15832f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
20KB

MD5
1e517370dab856f71cc8ab9ed6efc03e

SHA1
41f8518a44bdc2beb7e8ea3efafa75e79b795ed7

SHA256
2276d0d7601175db761384b244100741538e9e59272e7bcfd3949fab5ec4f324

SHA512
7f757cc003f948631aa1c9b1fd33e0c3a7dcafcaa83d1097f69e7113cf108e227e2b37818f432994451f5a50c4866cc072b57578bfc4f6981c7d48244172cd4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
20KB

MD5
c11a5003095f849c5677794a297eb893

SHA1
4a1d3a36a4a0d29f33ffe994305d24e6cc9c8f8d

SHA256
b3d4cd5cef9e5960fc94f12af5d8ed87d1a2ebb72631ccdd254347704b2ae9e4

SHA512
150033caffed3de52276df602a1f9d511c404548dba691b41454ca151704a0b766501c3c7b1e55a2d35210b6e3c11ede623559813646df9a79d8fb4dbc7368de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
62KB

MD5
35fe37e08d59a3191e5937bbf348e528

SHA1
64555d7ba585935ad7031b1dcd85e32d665c5e19

SHA256
e0050b274222e7bbe0d963be219a27e4a47fddcf1a72da32f744a04eccf91615

SHA512
ef3b2acc746dc86ce4e9d075c133e0b65277c14c6347526e25ad5ede7a0f9403478a5fc6a2a19babea02012b5770de1b7484e68c1dec64502d362f8197289f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
31KB

MD5
00bd4556d9672009a7cce0eb5605fd1d

SHA1
e6aa062aa34cd745dbaa2b0fb851511a5ea734dc

SHA256
11e4340eefdc92053fa38149176a0c17f55472b8fd3897426a76050aedcb8621

SHA512
34f87481e0cfbab27750b392d885092bcd6e11796745b5ef7f39e9564b8d29d169cf8d72795e45745c366c18057d02120726951d2729c699bc60e6518499536e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
52KB

MD5
898586b1b925120385d3c85d24ad0e2f

SHA1
3bfed249e5b347b84b563bc86a50ef0c0656fcef

SHA256
5570b4a71d1f44d1cb648df7674470c4864b0cd8a677294f3a1884f173d25d37

SHA512
fdc369049a12cfa1fb7658cc19d579638622c6c5661f6289e215a8c602dbe51c7881bc616961b486d0dbac48342db85fcb059ff48c87d015549d9d1bc43807ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
61KB

MD5
00e966e18338cd3458ecd37954dc7e86

SHA1
207c2b869dd84bea7cd41ea73b54b946672a2e90

SHA256
1e70a18201ce667a0e30ce394d4a35a2204da29d16014b942994f8d069397e51

SHA512
4f0acfd356074047dde85b093db3b7a15252e32b95a39aa55e88240104d182da2514ebc25d049da309fc1fb97206c17ea67c927e4d69333e46991fee062e5094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
1.8MB

MD5
0232cba877c87e53169dd303b1008ddd

SHA1
fd7399ec849b8f0029a62f17d3ca71eecdb4a4bb

SHA256
b935bfa261cc0e6901749899e2ddc5ae32d246a27e48912579dcb6307fa509d9

SHA512
cd8338ec5527c98b3f198ff09ccdb57cbe629bba1e9519536432a89eef8d078331e3c4c77a7759c8a7890a6e768c2af5389031f09785942acb214fd964353eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
20KB

MD5
60dc4c8d075c2f821712c1d627bed9f8

SHA1
e9a5b07e40ff832ca6ea5647f2ce0c673216b5ed

SHA256
ccac68fb2041f85eed7ed7c6bbcd88de575a5fff4d9e1951c85224582f857fd3

SHA512
5f8f1cabdd1c2c42d868bd4e7c8e762c5c8a86034716926f21ecbec0b4a0aa4e6c87eac90febf256eeeb6009a699caa2e252c64ed8c385ef212fc29b28ce9b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
36KB

MD5
9a56f4eb7af045f304951ceac625d949

SHA1
669b2ef84c7cdd419c9dc893899f429fead33109

SHA256
0b81403335bc3a5ad450bac7ab9c397da343fb3d41aec9cabbce5bef4e03727b

SHA512
91666500a50f49fbae49bef7b531ad9bb816db1ccb877f36313f4db5621c871f83488f24390524868d2160b865e4ca13d170568e9b2c410151b6d7a7d66d42d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
89KB

MD5
33152007c4b0169df6ee0520f995dc4b

SHA1
20931f7743982abf5b23b5d1a1c1fd74252d73b9

SHA256
503542c8a6a8fbd2167b772795f8f0404b0382d2cb83018e20947ebe30d03f81

SHA512
6c01959c1d2043bc8232b063cac43c4ccd272cd8f4f9c6edbea556cb92b91cccb04d0247c5688c5d649aa4f6a2dbccc95e449fcda8381403bfdaa215a8a0aa2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
17KB

MD5
18a9531f05f4a3662558d102349767b1

SHA1
328114b78180b5931d651669bf0b21d3a5cf8adc

SHA256
2d427df292899c50caad69f5c59737ff07f39544e52ff6b9d01f4fb82ec0d716

SHA512
b52d9f81a88694bbb16551a50fefd69a3f3dcd0ce5d3d3f3e3a2c1d7de969b5f6e27ca9fd22f7e964108f9b39eb083a44ef161ee3b8c39f61fa5939a15d21b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
38KB

MD5
53214f37c15ce68a217e2915c835b235

SHA1
912add71f2d55aef34ceed48859cac16207759e3

SHA256
5b50f1bacf12105016c72bb57bdb3a468b274fc21d4485d1922a14e2e127f803

SHA512
7289364baa2d22ebe8754a3b0c0ee75e707d88cb925a7a2e871644899bff3a91afff924eb5f3bb1afac7ec6d5fc571dcefc20c5bbf049a1bdc1e0a8515f6fad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
20KB

MD5
e42ba21fc6ad46eef7210e6a17cbcf29

SHA1
65df7e97d6ec546a85a16beea1a8533788969fc6

SHA256
f41a6b281e24eebdca7fdd637658685e2c4159b9da7c1017e5b9bfafa6821d8b

SHA512
e9b1896224703b80e26411b65a418878d77713a023a8bfb49707f7569359246d9ce1e2307613a1ecae7bd64a78266916d4586aba1b30fda2ecffe05322427ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
37KB

MD5
fc8b9283e9c3686899120581f73dbf88

SHA1
5d2c3af2bf4a2054daf15098d95992c9aac1bf17

SHA256
27d6e4815025d7fe830001e206a4dfee19b496f302332f195ece6295f5d1f216

SHA512
9dff216af5570c81213c24076f9afdb150b52df46d0143e199d12cc1d05d7e8b21e096b129d5d722ab0b51996a41cd70f0b2f06a65f9cd127c5700fc6ce49319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
24KB

MD5
2b05d16ebf1d8b7f623a8882a0affc41

SHA1
c3da478774b7e3235a3d756554f5a224a21e3178

SHA256
a4d398b970bbc4ac8ae7de39149c0a0d3421ba387b190029c0487fa48bfd99fa

SHA512
5fb9b3fa825ced9120359e2ea4c5ea558bed63bd053b5f1ab51aba85a4f3d1c6e087efeb59abe291d8eb683dc6f0274a66c102393538b9b820f4de822db8a23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
18KB

MD5
8cf4df82cccabc1c6590ed3d1a871f9a

SHA1
0c6e60df121acf74b5b61eb3eb25233c842ab315

SHA256
17592034935d1a5216d9d24bb190ea8f72473bb4012a8458ab728840a3e60bd2

SHA512
65a60ad5a593eed506d8dabde41ca5c17a920d1b034ea971a70a2f4d614f5b15bbebbee9ec0c7047ef13a3138d4f18ecedb7e9b05cd5a0cc151226bac9ec3997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
58KB

MD5
4b76402426037caf152947f8287ff127

SHA1
6754eb9e9bd622d152b1ab958cb6465d5bdd90f6

SHA256
ef4949139d10ea9b20d7ea642fd8947a758273bbf58501257f1201955e634187

SHA512
fde567a4c12e45e1f232961e9cf9a0b93a8ab7d450920a4e1161831936264d97f2734b1e2f0bf6fe5e8281723a9a368f6fcf298371530c42e0ffa721e795621d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
105KB

MD5
114576a1f647a52599ba174051ed9e86

SHA1
58b8797fd4957ea46177bfa105a96b9dbc0bb4ca

SHA256
1edbfceaef1112fd9a466f3f67b3285dc45c4be70a391e704d239f7df1d92bba

SHA512
36af0de0d75d1ef728b2f2a8d4262b31eca09f1cb94e58ee4b78fef7eaf54e770639acdafcd2586b56781a476e70acf7f99925f1315aec22d0140b062559e12b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

Filesize
38KB

MD5
1302955056b97440dffa83a9cf962b52

SHA1
1cc8e6c313ab4d36125f479f99ddb3ea7bc365b3

SHA256
5e8e8b9555162136e09b61bcfc366c455ccc81c9134433b40ffd40980e24c9f7

SHA512
4c7322108d0cc6fdddf36eb349356a98dd4ded1008f74500f0eb774708735d2c7bb540d5ade64c7c191fb45d0af0a66120186e66194f136333327a99ee23e363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

Filesize
19KB

MD5
b64471154ff618b63c14c46598fd8a34

SHA1
0a235de5caf2fd124202e1142c90c7ad0ebb4daa

SHA256
bca188e18b2b82cf10e445212fbcacddcfd3acb9217123a5e7a1592553bcf426

SHA512
ced21476354e73e74e65f2f972dde7a28d0d7a60163d802a629436d7a7acc7756d3a4da9574d42101297de4342745ba97c39ec8f643e1c90a504d6155572ed07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
16KB

MD5
6bd297ca3e7194e80a3b03d545a2033d

SHA1
6720368ae50640eedbdb4b4d3e1311a3d696bfaa

SHA256
e59224be8c0105da450467d1986adc9c315ffe34282c4b6def19ad9cf413db8c

SHA512
885a70a2634d882188241c5c725255bd2611973c3a6999220d1215ed90452bd418250e9f18e81722277777c66ebc2f693c37a988b6a2f7623295b34356b3cdce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
62KB

MD5
5edbb52e5511558aa8d4b0a7950bc430

SHA1
03a92ceeaf97436869488efb1737ba94ab85143a

SHA256
a2563a812305172aa1e3ce8379e769ced5b57dda9d5afced6b954da60749eef6

SHA512
7978b50b91c41a1fe9c8c470d6a311ae0d016c0c1d174af239f8a4763b29477b36452d2046e1f2ace52f81e62cc5a0ab347bd4fd9e5bfcc11020f0d9b5cdddfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
18KB

MD5
539011b799990d9851f6350858332e47

SHA1
b77fb9f82341e8c8cb65f65bd9273942556af38c

SHA256
321eacf2b78212cb20ae3ebb27d35cc9b2c7ba8a9fa65ad8b7c292f826bf8099

SHA512
499df1c11b0985636e0dca3057024033f23159de94bbc87d484189f50cb2fdd12ec3a5f03b4e7ca314f853d77b8e6fd21d0f83db579a1ae9674e1a038b15fa18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
144KB

MD5
9e1fed571cf119becf38368bf1dd33e6

SHA1
cc505ab810c225a37df030004ac2cf31ddca422a

SHA256
f65c783353c7e0a83aef1f2871c7097b78919f5fa9d4d593ef2b3b5bfd99d667

SHA512
be493a6523a42a65aad0ccc34ec6617162125883c2f2dc61649f25fd11d99d8c91319b575e04881b31c6074d1cc09b3877a34ee74b4f81327bd704c277616774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0

Filesize
6KB

MD5
d91068245a7591bdf8d2e2c5734d6ccd

SHA1
f5d4cab26b425a9eb855f5fc4dab18f86630366d

SHA256
e4d2361a6c5f1465c4f1ad5c7b6476202fbb1e2dc7bced19a654d3a846d7f48a

SHA512
0cf6399dfd5d714581b45790db0d32e7c1beec420ee3a8b21e4944e1f5902ece90f9a34e0870e28e086a94d0d367f97616612f362ff9e7fdaee382d3321acfd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06cdbb7047afc473_0

Filesize
262B

MD5
1548dcc08246b8beb279e6572a15bb74

SHA1
8bedfe72d2ab19adda4e467d3d6fbdd2f0d63660

SHA256
ceba4347f3ea54e2b16474bb98c846d7150540df8f462e61dd0bf0a24eb4be0b

SHA512
250f5fd43c543ce7874cc77d299cceb64b3573a370a69b909a1a043c52edb273aa8d462ac456fd2fbf554b2d066a32b2bc7e53b55caf05b6254034a19402483d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0

Filesize
3KB

MD5
d29af29951bd48d6e768679af8d5a001

SHA1
4b99dfeb8c3bf7b0ff831230691d568e195ca185

SHA256
81b8ef44f1f449a5120e5bfe4204eee51ebd06268e4bd46e721f4f137e82d98a

SHA512
585245253f8366b2dfdad5ced0b427b6a810f97c91bcc96a93791f846a6aa8568d98363f2cde64b21923c83061832a07c9ba368e9571e927f8b96bec1afce52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
61e5dfa608b043a528bf0791f1575123

SHA1
5fea329ae0c9fc0e3adc4fef07b346889de1cee9

SHA256
fd8cbbb944143175629c03756f37f03559b77b3ddc21807943f74fa254199b8a

SHA512
248d8b06cb77179bd3326e29228cd0d7f0bec3af53c948706b37fdc61fb98f6bbf580c9738245104f3237d087afbdd9fb9dafadd58ab9fe24ff6dbf19a7c75a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f3697e6aa4e068d_0

Filesize
200KB

MD5
e518c2d5d0ddcf54a7624d657ba9189a

SHA1
b5b5e6ab2c62d2503f3d8af6b401c8056ac99a16

SHA256
2ddc419eb028c3a8410a10593cb4c27332639f56fe592471fb78db6c03851204

SHA512
071742d3fc8c333f811c1532d5b4002b924fb80e7cb924577365c54482e756b62b6db401296b0a0838dd74638e3475ca25e3b7b3827a8e2a6f0f77d02f896b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\11a64618819c91fe_0

Filesize
24KB

MD5
54b89d7d2e57b4fce1b6672c80599f79

SHA1
68ebb95a3aecb3d569b550413fe4829b94f19162

SHA256
2b1340ebeac23c0fa0df9611c84515f37c4aa2d4bd953135aec7c04ff91e353e

SHA512
b38eded5e3d837bf3a88a92c7b2a2e0200799b13b3f67dc54a1374d55a2b2e9d89a608826278c3380b991e985e26ef5c27505d6256073a8634597c6ab02df63b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13c713c841ac023f_0

Filesize
291KB

MD5
970c1e1c526b59b255728f26852f57fc

SHA1
7bfc4d03402262aa3c433bc4660937d8e256076d

SHA256
db946e066de256c7cf9e7f3d019fbd1670c9019302ad52122a2f620c516f2127

SHA512
4fda99be34cae8b9a7ffbc47b4a6c1fe516ebb8972c6e594bf6be21b9bbd8c3463a6651b5a7c6588bcc6302af2b5e5b528fb0c0a864db33b8f6367dfb9b17292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\242d87fe25e8b258_0

Filesize
2KB

MD5
71ebbc851cb11887acd06088c4d76e04

SHA1
911255f266578ff4cd0226f43b79c442e0605ec7

SHA256
9ca85ce5043fd79ed247ef16010983771524595395117915723c8a51a90ed666

SHA512
5c35d33f7f278b53e6a74a2b081cbdb0a3627f03f5f6935723f47e8ed21e8ec2c457a3b5022ef83413756ddab69e2cb61120dd2b832910d075ccdd9e70ffcb0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
bc38306948c739b59858e5a278ae9713

SHA1
dc78125e7db5f85c397a6c5c0220ed224d84ec35

SHA256
8fb6fac90c00b19cc87338a580726a128e775a13680d6558954e673ba9de4b94

SHA512
0ef350acf81f570299a64eb85d16d85a6d5e7b978d8bccde671f0613910c2bb43bb823f1bcfd4dca992b521181a4f15026000ee904a93bbefa545a0c566cdafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
f0e4604057cce605d9fe0461e72651ea

SHA1
d69d66516d2b464b1ef67ecafb726edd10441983

SHA256
eee130bc71c646a8147687f8623be6ef57aac11cb8263dd05c78457e0f3bee8a

SHA512
e2192fcedcc40b7a3df82ac2aed05465e05db71c4c68731e8a28dcf3a30d2fdf896a919c06ed0786d62f9576404bd6b10dacc59b7f7c990dff0b7fb9c8f5ce32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3284b391b70aa047_0

Filesize
74KB

MD5
63678a019cfae803bbc6873905f7af2c

SHA1
39f92ce65470f76fff8d195da544e82cbc3d2e94

SHA256
f1304fde015929aa706da8e001241deaba30bb4f2a269d96ed8aa07e00c15a5f

SHA512
4e1e58be207be6a5f620d634cd92f8b9dcc93873dcf97cc988a8f95e61a824536a913e556c0ef4968b674a442eea673361499a6611237d97587b987e51922c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
d75618721f4abc101a4b3e60c7e2e8da

SHA1
436cbdf2f80d12adff709e0f5cf3df2d12985d77

SHA256
cf02064b8737a592709bfcbb65be9680fa0facab5af765dd3697eaefc064d49e

SHA512
bc458ea07d37303fb58cb43d7327beca8dd290f065a6a40e6fb0919aca558d43dea5174db9bb2b436d18ba5bc0f43affe6c9506cc04825ea7dc46d911aef14c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
6b0cc9876ebf72af9b2cb0f16c8ce3b1

SHA1
d3f4e09fa646b0614cee237fc39594b617570f15

SHA256
a9d8d6a56d845b438412e74eb56890c14a40f4c27d4c050c64a303ca5eab5c16

SHA512
e64749197094f72cfad0138c7821a25d0e527d1172ade9b1565d6e0ea4f7f5a19953b4892306ee4e6e21eee3e52b976c0954fe039347c7672705154685ba7c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
209d46ac1686054751b9212700999523

SHA1
5de29dc794d1da602abc6aab165e82f998681a5e

SHA256
86bec8ef523325783131cad2a588ab884c1a626b4ea27f174cb2e44508292f4a

SHA512
0d6bcf6ff07341099e5c14cd88b5a147ff4d628970e5eed99445eec2c97aaffc17a65a7ca6e68321fff21bb2f29e62292d810900a992e62086eb7d28a46a7fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
67557de3ce3be6d88f7bc8731acb7748

SHA1
71d7fcdc4ecd7f97896958e1135636ba7d17ac50

SHA256
219b31feec29a0b3a4535a7383fad40beb9fdb653ec00da671635e67cf9eab4d

SHA512
d5c7ce17e4b60b8cf6c7ae96656aa7164f9077fbb2d9510d95c001859ed796cb5caef8d2eb2b91d9216d707d0eae7766be173081718102cc5dc39c6e0dcf6142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
2d1c766ad21efc8ed86280c8ca3bc491

SHA1
0ba75d5a3cebfed2a1fe3385ccf52cea7c4dd717

SHA256
6a472b92914af174b1d43be5a6eadd75113a65b73dc59103f44b4c95b8b16df7

SHA512
30d9efe3935e64e26dc87eca615cab727b4815d89c03689d6cc746b4d78b9cbc689d3f487bdabf4139745410a03d8a5c9d3333ed25df644f506bb422630a9d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
b1fd634d33f92b3159a1c697a2d61a8e

SHA1
ee4ca702bfef38a0725c46857b3fdd254662f2b2

SHA256
4dcc3879e39abe48bcd23c35d4e6c6cf2499c918b40815fe6b8df055c137cdeb

SHA512
4b63e65dcb21c9d0ea032f77bf58d98c3b70e9be18238e8ee5f192140fa1a5358b82c628550ea6315a7c3bfcbc8aaf9a773949c8f62876f45b44695652c37e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
cada59796236b11951a8f8a62fe60abc

SHA1
55ac9052628ea9ba22955e5b8dd43574a5cb786e

SHA256
b6cf2efc4ceec0c1bba022ce0955df0b2efc7179a806948cc6c3dcac19ad6391

SHA512
88e14cf832a577bb471baf2251e3ca55799ad34a5bd10f17ec5254891b07c803b86c3c5eb2c411375926173401b0478c6741b83f6d5ef41b17d251b8e677b5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
35d82e391d09daecb298e022e480da87

SHA1
0be80c51e98c607ba1ddd12e8d116d005d94763a

SHA256
300f4d67caa7e4de895b432377185a81e3e0079f2b51674c06727a6a9035f904

SHA512
ddae6806db0cc56be4beab878a1677cecd857f4b8150dbf8c68dd130a0f9968fd0ae6bdc086d1f0f4b25a6ccbf319b4cb61fb7402e2b19c2332f13868a3e3463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c9136e56322b7a6_0

Filesize
175KB

MD5
0f1c88316e15e3488664cf842defae63

SHA1
dd297a90c9ae45e6f50e3228b44eac10a5b36df5

SHA256
8fd3df9b88e98aea4a80ebdb5e8c6ab63068c1954cc9a6639bfecaa0e4cde4c7

SHA512
65069976f481de74c05d03edea480d6273af344910acce3f728012146290aa0bd0f56eed91179310ef779ff3ec86fd516608c75571e52e85741ae3ec84d4286d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
26c33359d1544a60644942b2eae03d03

SHA1
d798ff4a9ca7a6d1d5055af577fffba81d6078b8

SHA256
735576fa451b6e31311d7edbb529cbfcc85afb6e262e7d19fa879315afa76711

SHA512
7fc043c6490237936c5aac05e5628f6dd07bd80d77e275d7903677480e055bd91569e0995dcd5658f8b95ec38b34a5098dedefd696584674d187502290b088ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f1d94d5862e00f1_0

Filesize
11KB

MD5
b7e23f10c23ff5611b88507d45c1d437

SHA1
d0c634de9641d3ec2d6864f35ab2e4d5558f9954

SHA256
fee1c7737157a0ee17dfaf12cad6adb2e19adaf50da8d3c4a27722185208dfce

SHA512
f40c0d371cdd5cb5ff6dbd2cef1156ae1b029093fe01355cd8575e61c580b66f71636f287ea1f3fb8674dd6a2df7b0ecf8ac81494f575a2054af58b89ba87afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
213a3695dc309e072bc8e2329b64be56

SHA1
3a74973e220376748d8eb759ab010f23040fc4d8

SHA256
60e0d240b31be7d4d35568f5667fc7338670a22a152a70ad61cc444899858088

SHA512
d7fe1c719189ca8c7436ec16c86474f3da7654ce1c9c895ca5112064aec6558520e5ff06aecfb319fd31506afbb65b0e263165a837c61f1bdba726a22ddee70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
cd3dcbfc2983b6babbca8e8ddd6f0b07

SHA1
af3354326b4d5804ebf426af0da168bf6723db2d

SHA256
861795cb26652adf0afb60b19e3f00a27b477b0e0e5c3a6478bdcab174a7cd9c

SHA512
fbed1d5c80eda0b9fcb0dff8bdf17eb18d785732a3f23d13b5325d354055989ed4ff6ea289252f7d8d5625ce0f6aae72898a760b1741b373c2c25e4b94ec0186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
2KB

MD5
fb2cc21ffcb059fd48ef3c5121aafcd0

SHA1
08cc7cdec160352fbb5e197c158139e60908fd40

SHA256
12acd9880f01605405cd82e894513346e6ab35e3f6cf5012dea8038d398b3bde

SHA512
da2c08771d44c545ecee58073d39fd4ee35e11049b2a4cc57263b34cdb75fc9c128401b795106ff997c47629c145a4856797f4a93773595256efe95b4cdd0eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0

Filesize
2KB

MD5
63fe85bc739bd921950c7da68e86f09c

SHA1
f10e25fd10d08562f8c9f985e630dcfb1a644bb7

SHA256
c21cc1bf5f289d7142aaf6573fff07947d96c4e1ce5c6f7fb638454641a68213

SHA512
a3ba9e413fb1563e85767701050c8c7721ad05ff35d1c9ce543c312251af737a5d7039e64bad10f0406670071146ca2032c4042f8187e5f2408236438d23c779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0

Filesize
3KB

MD5
4fdeacfc3218bf599c6ff14da7e7f164

SHA1
ad197d42853d2854b89da3e41309d8d5cb308027

SHA256
05b5097c0a4c8548c73360e22fe7893be208334c97fc5bff0a64a3760bcfcbcf

SHA512
9dd8a7314e698170302510c47734523d4cca5eeb82db09cfd961c834bfd19b0cd3afeba6692f7691602679e98673dc37a99e7dcd9c36b946ea9be1b235e781b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

Filesize
4KB

MD5
f243263f9f547d474a92d85a2f239b59

SHA1
a4c6b19d1f1e408fc18634e8d3648204f79de663

SHA256
af729127ea3e7270005de2c0865fbacf93ca7dc33e7b0140e93011ff421fb098

SHA512
2d4d61e15599577c12d85392574b9edb34fb728b8c3d16db3b51f41dcf6f4896705cb045d6a28525f89aecfae04c477aaf2daceaa28026209a8d6e70ff2b3dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

Filesize
3KB

MD5
71311350be5292056b58ff8c61f13c27

SHA1
4f7eb78827dbdd5428feaad4e7c756fefc401979

SHA256
d6e5d2133679ddd36a5df85c414b0ccc0a67c2e78e49ca03d14e67390680994d

SHA512
21b9bf5f2b0b6e068bced1a85ddd6c8109319885cebdd097489fabaa253cdca7c2b80a3c0821504cff0b18fda52402005ee452dbdfb8219ad0c49448a8fd9fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
5KB

MD5
498d310a428514d0ec82f49fe771430f

SHA1
9c0a1e131ef183615b0c47d7e54f0d03910923f6

SHA256
8178050dd4b109c96e88c6a9885dcfa21e1def787ebf0195e846dca4afaa1a9a

SHA512
69e9d42505d3f19180a9c88375f6aa690ef54bfd1a4ba99fdfd1b49086645995d9dc233dc211480d279374a98ee0ce78072ad66b3b1ef52fed07c59c88e7c20c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
133f98b84b9dcc02f4a0744a9f7e4d75

SHA1
7affea769294fd6340f6a8f4231151eb4fab5927

SHA256
5e8891ec8d3cbc1cc303e6bc44d3116416e2aeaa44220fba271c31bd0f426dd0

SHA512
65948ae2a22b1472ca625cb21fbb06bb3438065ebc2a8b1e041535f708236b32f0aa37578ae8c009a2dc9c272290ca765c89bf952ed5215f11d089b2f0624307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
51b5fb73886e1684ee98351f54a745c8

SHA1
8197a522f8fef986a2484d634af54f75122b2257

SHA256
fdd9382e47292422fbeac68e6d5ec9ee29dbf0b0d33f2d274ae4301979208955

SHA512
77dfebcbe76177d1085f4101cef40c158e01be682049db6426a8b375c93f838dee6db8b12c01d53e8638ad65a59b52c0cec9ff52ad0252484ed19dbb21e89943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782d018d3f59e184_0

Filesize
27KB

MD5
c07b3c05ad25ace8b3111dbe09626848

SHA1
9f8b07050b7cc2e1c643321f6121ff2737a308b9

SHA256
c242c4bf436f4e7207b6551c560b36eead77c852735f226a0ab5f9c7ae897a56

SHA512
17c04a4839becadeecf80dcb419aa212a341a37ba137fa0837be64ceb4138b6ba4af66707b3bc5bc1e69e442b03223a6a5b3be45292da3b8dd26f9e8c6cee190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0

Filesize
2KB

MD5
c39edcf5cae56c226547633380106c72

SHA1
371997cedcd22ae073afa3b415aef4a585aaf8a3

SHA256
b92cf762d8db501085bcdea2667d8060649ed940c377e32e0d896fec0eced2e5

SHA512
bc62d8e03363c43847dec95ffe9073a4c59dad2b43038ade0e96439e7091acc320c9c136dc16c940b4e2abfa0d3451a79384d2cac2aff91de194a3eeba8f0061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

Filesize
1KB

MD5
f0fffbb94f3fedc9892b3f0b8eba2b1c

SHA1
2015ad8560e64b02f52c43ef84ebeb260b4614b2

SHA256
bb13e4f2a732f55f2ab8b54ffbc2aa3b30cbbe22d241a94e6f433cff5615790b

SHA512
d423fd18c4d26a69a35afb648c625ea0e8229df04cb0120a1e99e10ed9b27d0620dd696e4c879fdd4219d4a60ab4f40a96be0ece67bc005b9a9baa27d0a7c36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8551150be49776f3_0

Filesize
3KB

MD5
b34a347e87ed4f1c78d7a84e80330cf0

SHA1
c3cdebdb9ece6cf5a4bbceb486b563d7d061dde7

SHA256
8e0a7876fcf768dd2cae35a9b7177828176f51e039e4995616764d2cd9f0f58b

SHA512
b6580e4de94cd918ba350c1c3fdba6b55c9fb5a35677e50dd55f2fe4631c305552d4725679df75266438b6d28f35d37e2759112264723e1f2a0eed690e6ee35c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
52299578dd265bd037e2668f7ca4eaf2

SHA1
b5cd40f68b788bf0dccf650b0024d05a5fc3caae

SHA256
9488f5a8f165143ef52bf3d43e325d38a300f916c4baf508f511cf8e17f6dc67

SHA512
4b5b34094487522c3a803d2137cd5500b63e0fdb1a5df440b3915877e119c935f2df04cdd67c8f2876ca38473fcb3c4a0eed480157b68f2bbf49d01cfafddb0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
1bbef258108f692b0f3a5f574bd74fca

SHA1
14e4f5abafb5bd2db05e555b083252c1edae6770

SHA256
93c95de5fad2a9763e78b25fb7be0355a38ae8575317f395ede928a678cf6638

SHA512
23e16810cb699b10e4ec67af1a15b474f0844289693feebba2de27c617b4b394993d54c95177ed569e0b3f6203c4f0cbe7aab9b067f3c84b6817e62265e9a686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
422e6395e8e5f4177f82e58bcfaa77b6

SHA1
bd7e07b9d59245cb9e976c4e2e828e6b86fbeeb3

SHA256
9b9f1bef116ec1e98a8b648b02f5c74904e45149d71715bf7ad8ecb16748fc83

SHA512
4d969873b6f90df2cb860b212a179fb5ab0cc04203dea4b6b646a514ef24f493ad3089ab01a51ccc010afe01bbcd742ed751eddd3b2f353e41e3a64b8c49569e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
ca8921ad0d89e097026870fd243fe649

SHA1
d5ff421ba39132deb34e6af671303ce7d080825f

SHA256
1f51ad56e165e778dcc2de43de3e4155751ca8eb06b33232d096d63a303b302a

SHA512
d21c4a2d777816aaca9842dfc709c8ed5778caf068c58a85ec92bc9c6c411daf70acc26f6854c6c2b339a26702bcf6650b53225f5c7d2f24de5f722b2ca5236a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
a3f21fa32d77cc04c3fe00b546917d83

SHA1
4934d9d8044d65c57546f213cc19496592b34fa1

SHA256
4a82a53fb127cc722251c4595a8712f0ea19cb08dd32a3a0dfc3c595e4396bd9

SHA512
74a78dd3e519cf4c1de9e108e67755f5adf32d20cd323793ca7b7ad2f95e63d8d97578f2dc02addc02eb6f52cfb3bc981aefbbeb5dd4940c57051ccac5d4e3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
fb24630cc44810294232cff8847ecf57

SHA1
81dc0667470e548ee6293730af6c3d3b577ee86d

SHA256
c31803d1aeb54504042802af87e1d34e634eca7ab8c0dfbdf724e908bba2f23b

SHA512
7acf3f4ef10dc4b0c57b18e54c9cf62f6f818815d428c3adecab95ecd00c7a2bd0f0e8a8d69f990fd62527c7ff51e075fd6a1a0e661f29e1a3f126e630506bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

Filesize
2KB

MD5
93ea35a94bc3efcebbae022c2ea330ce

SHA1
6b3fe831e18b88d576cd9f1139e3523675559247

SHA256
eb11c4a156aded544abe6c8446d958646753ba70170f081d96b3f6c79fbcd6b3

SHA512
28ead76bd7f832bad15fd809b26a6611bf24c5b1e5ce9568954ad05d161fb7de65d6672c6e1bd246eb7b9bcbeebd120f3b3e81f55abcc193a72dc9af1a42e87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bcfed826403e92d3_0

Filesize
374KB

MD5
564f7b0f82564f6ff291266629cf0c14

SHA1
b76bd27db70219873fd8ff31fbbfa81facd16b76

SHA256
534a732a5f5001957eed938adf3d6aae19dab891882290b8b4931c0729273293

SHA512
0894159a534ea85e2761d15e8f16630065141184a6f2023207465fc5d5a35a034e5d36c65bb6252a618553d69e49e25001be9a37bf93baa01983b841fe6b9013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
e78d832f360658a899d7bffb702e8f01

SHA1
0288244c66678e5ca21b7c843bc94718e58d7c27

SHA256
837686809b2b5d5acf6b2cb7d106876d67bcd4865050658fa2e23b3960a1ef4b

SHA512
910e80d659506518196cfd44a06d420b7f6de7c09c839a20ea92562989cb957411e10a4aeb04bf7798b23ea26c52c81f29ec37a4701e9f1c65577002583db39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c211c9dc68f4bf01_0

Filesize
2KB

MD5
82e659bffe1b6463e5d74f4aaea32e68

SHA1
c8079a7c13fa0d5d4c1a101585fa0cb3a5c865c5

SHA256
d99b901268cec19d6b46a2e5988bdf6fc6e5dc9cc4cb187956f8e69128e2022b

SHA512
dba4e1ac0489a5d8aa88fed563f1d0a5941b8468266feff38bbf55f37ea68ec9f1e6f9ec3a29188299d7ccd60494debc76f0b86ecc9b8836bf3958355e98fd0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c74576f8d7ab2ed3_0

Filesize
210KB

MD5
71b19f90005d44adaac9751aaed00b91

SHA1
8a19d70da3bda8bc9d74ee8c900c8cf07dcaf257

SHA256
7a3b5725cc848959cbb67991a49624e60d4fd6c120447a5d02ef5045b63fc3cb

SHA512
4a703a5931be5a5c2f5cde6863c37021df61a154880b63ca9150be1f0583e2cf20458edf26cf9a4468c86bc2574bcfde360dc77c07ee51e926442377bc82a031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
bb1acdd5d02eaf31fed799b92cf2bb03

SHA1
3018cbe6f697c80af86438aee8a5920183ad3529

SHA256
f19fcb8b1bf8ecbbb869c82207bd2fe6d0100017a8e9514609af78876be19a35

SHA512
465df82b5f93b79c7861ee433602cea2eb15f0ad9266f09222f2a213152503a014f3fe72e451121feab7a08d3bde60333fb0e018827269ddd1ed7b79e7077ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
b35b644376627b62ff3338a6fe060538

SHA1
3b19fec32a9637b83217a77640eb62165a58a408

SHA256
e83cc5e56f237d3181a50cbe0353323990b20dc1b69cff68bcc7bc15ba24b536

SHA512
ada39abd7a684b82e2b15651bbcbb325df602281e4685436407ccdc0c6ba999ad4bb44d5cfd1370882d3d9d1ce64e909bd72cf6d62abe30647c26258c646f963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc89a393ba7fa34e_0

Filesize
3KB

MD5
3be734fce6008bd59e7e579a3f851848

SHA1
d6fa2155dd1b5c2666b4c71fb25dd5db28cf590c

SHA256
6552015386dc1025560457698888a704f781e1737a0f772e66492a2485583dac

SHA512
fce4101128dbfc737c2c2868f71870b3c2b4023a9e8f275b8d364563efd58a9114477445f1b5d4fb0869e6db7c2d4cf1966c65c4feea4fc7a00b0f428c0fe1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

Filesize
6KB

MD5
cd3abe298c1d7c6f5f3258842aeebc86

SHA1
420b2efa6e9164f3fb2835a82e06575c6a5c6b08

SHA256
af277992eb39bcd7501189da65580e29df151972d56d2d574c5c9a9abd573612

SHA512
d4c6ca3621bd49f5747df51ec6c20ac098850a39f30f5fdb29fcce0a721c0ed7458689e4f73b8a6e07239010331e6bc95c0d3971cf58810acfc047621260ddbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d450eeb20ba46f53_0

Filesize
294B

MD5
f12ef836606305620e8c10c6986ae657

SHA1
74ed8e4ff83ecbbe7deef5deceb83accadab8f01

SHA256
7f412ac6e6c54ca4f79109b4a8dd4716452f2e470edf77ed51917c3d584d2872

SHA512
ed24e2bb1d26dc2dedeba2710edee91b99d878ac98865f38c74ec003eb219abc65638efddeae6618b9d1b1d810f2e6a7dcbdf3313d90e163738293335ab50d38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0

Filesize
2KB

MD5
b702c37b5627c8a13a3f551cea6c4be2

SHA1
84735f5a7950091c704eb3d735b550c1ec75ce22

SHA256
ed244083d0a1c157a3b92adb03a56708efb5ecd7d09c293f11816e02ad1a80de

SHA512
5a43397c30ee7bad489ff9044766de9a233c3cc27a2f14844431b8d9c8a58055bc36b1901deb121d57421325d7df0e794630be2fb18adb24793129bb40d15966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
1790fc91c4d792d3d6fe724e543368f1

SHA1
12a32b8dea7b8cc901cd1c15fad0fec0de497f28

SHA256
0ef947d96c7abca3339e2f7a922e2878e3bd8f076646b527c9f545a4ddc71fa0

SHA512
c6bdea1935690f1286e6896b7221046ecc8704c3cf8ead7fe1a13032bc6d8a970bc6da513415f2cf11677ae9899bc7881c41b4c8430069c8c1597888a2dde451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da82014a94532e8f_0

Filesize
29KB

MD5
e43c1d0f1182e7664caabbe702431578

SHA1
e85daa7a32ed494fe08afa45428e5649a131b659

SHA256
d8306469e0d7530d6afb7f895ee8b02e485e3cbdbeaba1c8983f674e54714f20

SHA512
c627ebb2cdc49638012f6efc39334cedcf9db142d660f9b9dcfc5252b3fac729297620f09b97b4ea5e9241031da159c416bb689cce7f088b0320695519c6071f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df368a7f8fd56df6_0

Filesize
278B

MD5
d8cf374d8ab2edaca1d8c6df638ebaca

SHA1
0a04416fb1a62ca1daf9742ffc49169455fd736c

SHA256
07b20de862042eb02e52e2624cebd7f4e09d7757ad477b5ed201afa553dd0695

SHA512
0a92933637dec11619f8ff5239d4d86e8a55a84fea0b37c71a820d9cb3149c0ea5fc128ac2e52484a191078133a5f78247ca29a8b84e9b97510c052f0daa5cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
fc96984c16e10361d9e75cdb262458c0

SHA1
393309b8b1618faf7261a117c87165310044be26

SHA256
7513af650a3079f5d8f665d51f55b64556505c6255a63a160f19543bf8e3ebe6

SHA512
211104dc33e9933fe484fd93707533df15471a1879ccfd75c8ec70b8f1ca9a5a93b595ce71e550f590df83f98d3a607c3fd010b1c66db05700a22da7d8f43666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4e76d992ce193c3_0

Filesize
55KB

MD5
4cdbe7e07bfd85a77e1219e880b6287b

SHA1
4d62cda2d5c0c266ec42c246231a030f49adb5de

SHA256
cadff1324bdac90199d92b97ca7ccb73b42995b45ad38540e15255e53cb73ef6

SHA512
8df2b41d5b8c89d0ad4ae1e7dcb8a59138ce7bcede65baf426da63f6dcc2b6d0f879263780ba907a05a50ce6ed8e1d2ff83d2e52f6cf2cee5d7ffcb6eafd1299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
48KB

MD5
cd3134b08433588c0976ba27c068911c

SHA1
0819fa86cc07aedddbc6690be5e912bbb7079949

SHA256
45d038e7bef754a899c8fc5a10ad66ec336c3a73f6a48b3a5e1d0078104d0094

SHA512
687a87bb1cdeee49fcf704f6930123a24f41b32a27e69ad6450183d27bc99f0c25cd2f92f3acafe84c624a9661c517c4db9d8a6c7b3c8510979e412d58615b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2bbe91ee05d4b26_0

Filesize
14KB

MD5
82ed998e2eea9feafb8fb57f4583cb6a

SHA1
f463a52b6c4902fd865a18d321208db6e5709478

SHA256
bf1cdccf27dc31e47b3f626e27b5e3838784be6e5fac0e83b65095e6ee009ea1

SHA512
980237f8a70fa938c1e06e1817ff004a336600cffe45b0038c6f9326f23e02dd426b74e4ff855f14e04da7acef97d95bf0ea817cede8a0590c2491e72eb6a995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
82ce244a3aad3df82276bc9e077c6f3f

SHA1
ffb53c8fec0f7a509e144f32c978477190f645b1

SHA256
fc132358058368c6e247fd0145c33da65c9b4de00458c7343058a4ac21767468

SHA512
8327b89800f38d0c8505978254847844ed82f9de7b3ad0ac63adee728a3ca23bc265c2b01b10636e76936074ee2642e7fc02f5c9d54312946e0d0ae1c155b00d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7e98dc87f7b1169_0

Filesize
22KB

MD5
1afab21c23d18ac6a01c11ed93cc9173

SHA1
c767f9b60e1246fb6f8933ec786f07e2f2efbf8d

SHA256
7dfc4830dc1b80fac5ede5431fcaaa35daad682e253d32a187261198d98fdeff

SHA512
70fefc29f177f2bf340466d12aa9f588ecb30f93d80fdbfa0e246cac69b5a6d783a08ee770a624f364e4b4378ac9c3e7a6dfab3f882335afdca903ba072a36d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
26KB

MD5
d236630e3ea1f225b52b405a54f3d9eb

SHA1
7051e760a5daef08d6fc69a3c88753420970c96b

SHA256
151f05b355632c50dbd5bf89ec6f2e34d764a5e1524f25d5fa1262df9bce4ea3

SHA512
6c3e40c84bd19d53c3b12415b3ca6979adb054da50ac1c7c8acd75fce3904675f6b3106d24334720f52b7f5077a7752fe5feb7ae81d9ddb925b412cf818bce97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
7KB

MD5
e696b1fef2c51eeec2bd38bce7271032

SHA1
f9eb06e0637714895ddab415f791917f52e9880f

SHA256
d6e2eeccee2b4c7607c520d5946622bf96c67a0e8e3d1c7c91a09d580a50273b

SHA512
66615fb77ca48ea2d1ce9eba5571e144b543e30ab235d555156f5f4b15991fc8117ca430d71da7cdd0f655ad46c74f35be70af87e16a542e28f3567b0d6926f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ef5a5261398b79b512da03e38199d81e

SHA1
d8a34af7c187914790726b253178b57a7e8bfd96

SHA256
5b5b988f09da6221b562654dea62f7d7266e3e7e1382f0b44ce51d6ecc19b4de

SHA512
b810ff5d678c9bb74540e55c4f3d0d837e547d1caeec703c9fce25181aa2fda1af1f5ddf64923037583dd39c109e3cf7ccf8308005028cbc251df4a0b78ea232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1ae32f5eeea800c4ec7c685236925fdb

SHA1
119d57f1523feedd12d24f35fdf4721d6cab811b

SHA256
6d8548f7e1151244a2604c22c7dd2b0f7cebac05da64211c18df9ac86c3638ee

SHA512
5a806500d6446c95a2fe9a7d365dc83fb9ccb98360f474c9b1d2a1cdc7a9268119658b8d2803d67739b1de5f649e08f1769dc6165a5f76bb26080be729ac620e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e2069274851974ff3f6dbc681f06b557

SHA1
c738e17e33ae038cc3d5f450289658db959692a3

SHA256
506507457595f52fc02166035c5b45ae4697e528b4f0a32e58b09c54a072f3d7

SHA512
da450cd7ab30a9c4822ab551f3663a965880f85cfc19a1eb626ac8c8e0acc0baa358c580407882f622f0f829bede974827e974d1469145033fac916ae73df973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
c90d3a6b50ac30303e7bc9f35b71203d

SHA1
7e5c42c7714024c61263e4da6fb28615ed12d6ca

SHA256
694c6cd9d3ec4f4a1395bfdae5926bc880ce098bbe9244744bad64c860c9a7fb

SHA512
ea62872b25c25c9e7da896c97e0f0b69237e240c410d5d2ed734f002e3b054e6a60851af3abfda9de2b3103c7880e36d25c05abd0264a5c6206f3ecd680e0a89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5b10fe8a794f56fd8d4f98290c45c1a5

SHA1
551719d6e31f90ce196334ddf9ba396f4fe24637

SHA256
d80dc558eed5e99a46aae8a8549cb278613d8be1d063c3eb7a98f55e1f7ad88e

SHA512
e1b9136efe707e370310097dd9a6071afa9fa7390fe7eb4c442b09477e900418f663fcc8d9c43a9fa75ca165d96bd1c982d7985105d0961c9411feae67448dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
29daf19ba2498369f532b680ec29f4b6

SHA1
828542f05b0394ae384dfed3821be28c8c9df3ca

SHA256
c9a48b64154479d38e573881551120397d0c8cf9885dcf6f4fdeb1045ade9681

SHA512
357b772021086142430838b12d7351dec50ba0c429e98b3d31d90443b0a33adfde4685063b5ba9d7776363a29171ba1043b512c0236a9fbae6e4cdf5a942ab0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
5a8a38903ca4cffbb37f842a408c9991

SHA1
0a73d371f74ebc24605ef9f9055c4652d731c6f3

SHA256
f95113e525be49195ee373c603bc60217b9e1b8e9d702f94a6c6a271eb59ad45

SHA512
a1cde3a3729ce106f425cf35825d45c89c5f0a66503cea884de92aabe926c10230cb8e2450fcfecbc39046444d9c11a195c054c0a214b29ae725b46166ec5383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
e393317e1000b3ef7cb9ac3f447a8f43

SHA1
ddfd20da06adfbaff12515272647a05a126354f1

SHA256
3ae3e30d4a27e79ac9f2af549c7b77c013e84998f3007d6353cdd1b5ddbd6480

SHA512
deeeeada473218310abfac5aa018292291feb50b7d63beb259803ff2dcdd1af4ac9cbbee0ed0716965cd8decda79b7c4f5d4fd4237aa56c228ae1047213ece37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
268f7cfdd6d9a0672a40da7b1d8387a7

SHA1
e230deb212d5e5f5f8e5a25cb1ae86e81210523f

SHA256
130abf44e18ff8d6a225372c54cdfff7085288184f5e9b3b847b60c8a1b6ea02

SHA512
b4edf7130063c96559935028500b5b2dc78d6b70d10462818d114cb0676a6ef25fa6c154ce02e6946eeb25e7f518ae9fc538a88447a361e47a9eb70776b069cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
18d53dde05ffe5b82590bd91bf79bf15

SHA1
919d9104749bb07434db74bf808e8c4a40c736fe

SHA256
acc2843687a1dcd677f3d9b21637a40df4cc9c8656afbe9ab14aba738d69b811

SHA512
7f75f7a258bb9312877a8e9772ba3e8a09d862c326ffc9d69feb76b34ab8a0f2e6b9560f8dbb0c795696d5fccf2736ea313dff8ffab25d846471be1ff824a7e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
016b09b26f633f9f45494fd450ce91d7

SHA1
0d5c817f4ec055bd2eb108328cce92ec47c71edc

SHA256
4e22c4b1ba48b251e370734d041a031cefd8886a9f1565edb70325854ca4b7c4

SHA512
3f11100a7e84074e568271e2b583f5518d89939e8a8844ae38d57c95bedcade723d24267fd25fbbdbe70ce65ecf4be1baecd353101988f503b50ed1db53938cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4ae5e875b9df7e59f785654a0048646c

SHA1
6c9ee95c1e999800e21a7fa6da4e0dd0813c82f4

SHA256
005b632c7eb3094269eace128006bbdddb8aeb355d002fddcc05a44a7e59a13d

SHA512
30a4a8331aa5cd4ac1277e4593593b5c8f7349ff298b8464c571a9bb9c279a5b35185d1040cd4bba8f789c3ab6e9bf625d943642dfe413fe54805a7339327ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
ae5d00761089b71b3b02fe1ead75a0f0

SHA1
ae2d551cb806eda98455c1628de1feee67ee8d17

SHA256
b22e0a1b3bbf1300740d34a4de8d92e948d7ca55693fcef2961add548ed123b5

SHA512
d6122b1797470df05f88618da2afbb1d4eb1cc3acf34f380a600f2e9067bebc8918ab3001b7208344e0136249ee4d47d40d525dbf1475442930b79a199088682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
cf50570f73913b1801860ed1145c23fc

SHA1
7aa4754df583e47ec8f593f4e0f23010089d88e9

SHA256
fca396079c7f509e6444dfb1d88f8982d1617c1025d10d4c538bb27818d9c33a

SHA512
d5149c6f15473d44e261b83e82749e7a132172a702c00581f182fa2a423216454091969f49a524cbe4d16e6970d3673bfbc110a62dd5d9eeeb49ea5cb56f401d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
0ac4bf694885766cf1c5bdff47d6d276

SHA1
0beae13bb79d4438b1359f32203385d4a92e06ab

SHA256
1ffbaf6cdeab480dd32a37c3822e458b3d8d417f41d4458ead7c0697407407b4

SHA512
9361584edbfd09374d93ce40c46268e77d245eab1f2ba3ff9e74ed148623f5cf00d88912680779650bdb825c787122181f362e324fe5a95f11a63f41e0ceb912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
4af5c2682bc65f1e015fb345af235727

SHA1
0e83e74b8d7e33e5236f77935a468ce94eeeb39f

SHA256
0673ad7994a6b3ef1e55545baa706b1720854a749f27a685ce49eb4aee9a3c57

SHA512
73d26d5ac604bb7ee2b0b08b3d87ad9ae62de59b71ca38ee6f3c933d57e1dfee38534a14fb8b7c29dcb845e6ea4d02724f47ebfa9a5c8b2b220414d518a44348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
2c95e54e6bd472324370dee7f245c845

SHA1
6c6768266698339492e75a120623ff0cc36f51d3

SHA256
7cc384b4a84347bdcbe5c6e586f49d07852cd591f14f935843c4eefaa3e5e39c

SHA512
22b7a7630414b39bc8b206cd1b5ab5a919756c0c83dbf3c4da5442bda44249c2fc5fd0ef5370780a668f112b1827a787522232084e0d526e0ccebdd45ef6741f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f33c99d4484aeec6335f71ec8466222c

SHA1
23f53305a07cc9436e5b815662807eb35221e1a7

SHA256
9278dadc099afc9204ea2d3a9bb6c2e13918ce352bd1ce835ef99c02ab644712

SHA512
43c65fa35b3950c57209d47c89f7ff87f4b43730ea932ed27eefe9b476d4c69def99644556b9b76cf34d3acc08093582832aa7a429a0fa0c5d7875d51557e7b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
8ff746c16eb0019636a11d1752b71066

SHA1
81f7b7f2d38330bdf91dc993b238e39a58783453

SHA256
569e1872ac496be8fca0f1b7955b181d425465ea04836aa0d04043e869924abf

SHA512
cbd384a7c271de6a1caa00ded88cb7d41775bf5f8cba7124c01e071a0e7d6b06922ebf8cecce022ac08a6658f6b9fba364b12961d0668603f9c9e93a08049fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
70730b8f0bfde9649c231e674515d306

SHA1
21256d71a2462098c7e9434b08c291af18101b3b

SHA256
a24b1ec44fb31b0f6e4778d93fb93f8ec277fbbeb14d4cb25294d3cd9ca6ca9d

SHA512
29dc0dba57035548e4ec0d9aca65fa6f4cf096ebf7b6ab6d38e2baa35520c08536dc9bcdc55818524a701b688fd06fd68ee0068a9c60fab893caead27302dd8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2406e40df4f374df18af59c13893fc6c

SHA1
77c336c86ff8e260b0df30dd1d1babd1562247d7

SHA256
e93fc260ee708396175cd357502a1063f8acb153cae120cf74c06371187f88bf

SHA512
9067f916853ba54489368d7eef812aee3ab0f80c290103bdb86924c5db69403e106558580c51887e3ca59160888997114ae45c7cd30a8b1a454d12a5d3a64798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
5401d6b72a12c070af6ed7760d330a5f

SHA1
702030b1969350eb46e9767c0b4084a210c26daa

SHA256
b6011de9c61528356dc1269b791d98f5ca38e7cf45f8f5a073a4e7e3daccd76b

SHA512
10f9f0dff94d71dd9528cca93b8ce23478baf31a9f31dda236b1ad3f977c7389b8c080677a469f0613dcafb733abd1000e7544ee030d221a2471f9a80d51d06a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
1e8fcb98fe092a1a4c746e9bd71dfb0d

SHA1
33f67d49ec67062fcd64da2014b03159a84324a6

SHA256
c624a677bfa38a8e49c5dc296ef06b0067338153d3c09a4be12c70f3303473e0

SHA512
fc231d344b3a55209505786e9fdbe6543aed5e6c861587a44a46bc6417fffb9d4ca4d3f8c0fc9d56816af040da4dc241add24a9bd1b7cc573a2aef4280f54634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
65aa67d0321224c4930c7c497c5e6c07

SHA1
db3fac14363825a4d1ddc2880ad301da6c06f22a

SHA256
fe122fc5c06bd7031eff05a28f4f75414a3c79c384572249afd329c8bae56aea

SHA512
f8aa5b73148b6624a241547675a4d095a307d02a5024ce668d5859f2a69c768efc04aa7f9d25d4449efbe76c1ea5518f01d315e015bce9c3036b1ffd81665090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
42b21a67666203fa6d458344c65a19fb

SHA1
366de19bfeb01be13ba051da69d3fb29e318872c

SHA256
b8c6fb4cc5bddd5456a15d629d3c0aa36aa813eed9d57c26c23b3ecb4b1c2b82

SHA512
2dfb0978bfe9da80f3fafef6b1dcec09084b9df4fac9a1865382a9f4a118b0d79a698e43d986d2dbb229b30111656058c6dbe582dd4d8a9af7a63aa2f2f260db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0d8ba64401556efee0fc8eb06fb27eac

SHA1
2f4cdb86c2568fe1023299b56b438c963871afdb

SHA256
60faf00a91ac4acd80ec22d2f843723e8d92d22529c13576e9b1d0eeb117bb2a

SHA512
737f41a8b45e8f490635d12a1514b85c9fead4111672d4130211ac29368897db3122159cd99a5252a2dc76a095cb04682a3503b6e779a609cc9f9e7e4d806233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5cd374.TMP

Filesize
48B

MD5
c3e17b0cd014a57dbef4a089a74f4043

SHA1
c17eeaa4ef87d6010f376adb476aa76fee9b78af

SHA256
9061b757eacc52eb93ac8e008a42217c3a8db0bc899155ea69b8e1cdf5549e6d

SHA512
15a497ac9a4625fff21ad1c0b178cfb5874d616b49ced69596dca9b476b0b487feb600b9fce266308ab287e3c1300dca5d540eb9600728a15a68817466b19914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
64ab8f65f99ec439d0db503adfd4eb26

SHA1
e6a4530aacced90b9091f5430e5a8f3439fa4135

SHA256
7ceb9c8e778ce2bc06569ba76fb26c2ccc9609adb806b4040fab355a11b1990b

SHA512
aad7c63a72625ed43999ca71f91d90931446a2fe08b306b69b3cf251207dfaf1e8682da78dbe268c3139000de8f0248bd83307eea6ea536367ee30b98b5b293f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ff7028572752635a73db4245843b9649

SHA1
029b283ca5c370e0173f493c623eeb8c9e8a28d8

SHA256
2d221072fd7acd20b51d57b644b9884896e34ea7bd4041f1c0cc68067dc2b11c

SHA512
ff77a0f244077579ae9372415f9df47951ee663d5df889ab9cce81f2ce2b9f498622f107425d0e5565a315b2b646a0aea84411ba8b0babfdb7a041303502fbdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c113934b2d0115cde547d2423d0b681

SHA1
34981e4e240c8c45a55bfba5d11e23818d2f30af

SHA256
619e78ac347275f143d00ede8d3e6aead3eb672bd0a83e87c9c72e08d6204168

SHA512
65b7e29ac7dff0f90d833eda44bc1dfaa1fb6ee2512406d0ae010e8ad7370b4f7097c1e8fcb9187cbc1999f142b19fea0f7a67dd02e8db962fa26ead662038f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ae37582cbc7a2eb60fbd21f6fb9bfe17

SHA1
aa44260c466fbd5a6f4986fafe51fa26290cbaeb

SHA256
7fe5933be57b4b223d14060999a18b0b2b7ddd8d9aa7c364c5bf5c9c7253d65a

SHA512
8644be5307899bb0c8642c299219c19b165914e53c68311df5d00af00b2ac0bb52fb2d49cd282baab8b551d96c041fa97e432334f20a6d6d8514882fce90584c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
91bdadab2e64c6c514b5da8a8f0c057e

SHA1
aa47908ea0a4a8d3eced5c2c073be917c7b9e74d

SHA256
01d217c349754d19eda042c39118ebb5b22a2a7e19b56f921985d0ebb1ef3e0a

SHA512
0c2bbd4320baa4ef470730f5403bb4ae0a50f20ef26f61edb84bc9c108a4d4a74533bcc33686999cf516e7c33eb9a4fd600b1dfc0b8dccd034b87eabc1d3d7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6e7f008108b26f9811039de890b47b9c

SHA1
4eadd52f324af447fe5b68aac55fc4c2e14e2ab4

SHA256
11f6a0a3a28b5ba9759f1561633a423daa358278a58af00c8fe6ab52c4f9dfcc

SHA512
54952ce6ba8e6ba859d496ba7e92ab39051cd126d4e087ce2bff3730dd447190a9419a3c26542059be9a86ec1e3ab45e29bea8d756af2517d4a3cdfa217a6be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5610ffb4927fdfa1a6700ad28704bf44

SHA1
b7f46e74287973eef6cbe8c66d6f1db412d99714

SHA256
56ad2950b83ed9d315cd3db97edcfda2feb9d49017fb4689395b66e49d41caef

SHA512
374b279241eaa7f3f0f02701dcfbb416e75fe22d3f3f17d52b7d3e02a5d830b5085af1d22ff96d6ebfeaf65f90a5568595433171bdb095d572b2a31fafe797fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
dd5df2cee3357f95ebbc8dd1864d45f3

SHA1
a94f163d073cb06a2ccdd523d4a121feb40dbd34

SHA256
d198f909861df5ee7cec78973cdb6b67d2b91bd29ca858f9172aac7362de6839

SHA512
414ea9fcb690cf70d1a4207b8f9cdc77e66a114ade7c0bbd5adad37fec66d95ee5ff7f28f6737ea75d442d2e7f2a7250639e95a4031d88e373292a02d425e66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2e6c7f18a5d4c9f37c28955573d0bb3e

SHA1
bb2c318bfe88275e92be5cca99e59aa623b0c9fa

SHA256
80e6a20b9d6297a80850bc32e46e72d6e15cfed2000e7fc978e995111c43cc0e

SHA512
76165fffa5e04d3f8ab07c393f9979d50c6903c1590101297560bbd3ffe2170dbc9d5003c6b18d5a5f76cbd78d560ee4d92ff50c6f8ad274893a438772a28910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3e793213e81519fb3d89961de9a28c1b

SHA1
43448652b7e9394a0f92ea775884f6749807fe5f

SHA256
5963b27b45b748e0e16cb14731a1c264e381ad76cf797bd739c592398f698fa0

SHA512
f77b4d0f907f421263af1944ffb2404a1d418b754c33611fc2c86ed3022154bb23d71a9f961461edff2955c79c4aa13eba6403a1df6d38a302c667fa967ed5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
08ed8c6e0ddacced33a7514a279e4440

SHA1
61c48b45a82585f23edcf676d2863ab0bc466ff9

SHA256
fb5e966ed43a0f97af7eb9a5d483817979c386c9962a5bb70e1a9b2b30fdc4e7

SHA512
ca2a5eb6a1887e837ae58b561d7064a5bb1843fcf8e56f6f9c976352ba712a9e4765021aa3ed7c200a932309a52088344257652f8be68c85fa7fd215c6561ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6b077232bcba9cf52c6a6bd8d1c88369

SHA1
e138d68ff0c10d1f73ce0e17e0a5b92563c85102

SHA256
847ad84ccde67767683424a822b409eb81a7a1c9e9e0c9cf3bc2d281f2c21009

SHA512
8abd8c652083fe1b35058719a3d7128ac258812e7ddff96c47222debeb88f5bcf2f39e236034d36ee691e4194e2af203bc6a1e66a661118a27bdcf140b447928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5548bb58ae60bc7179a87f187fe541e6

SHA1
5f8d781c771530bb704a2849ceaef599ff117e5d

SHA256
ca1d5d0c080b5c5ec7162cdfeefe442ec11e362df1f43fbc05ffd8e2977691ff

SHA512
4e52f22664f475b78d60e2e6ec12941c16b4edb1001b2dc8259289ce30f5ce015381a4374a334002fb414342743bc481f0db072967750945b3f6454d014c4a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d14f2.TMP

Filesize
1KB

MD5
f4ac843bab07cc7d6d5ae3216bedbe8e

SHA1
537995506ce804b51d235f5a07df203ced9a17f5

SHA256
5821edfa6f0316eb398cc9ec1e9532d778c19a1810894787fa5077e11227f50a

SHA512
51c8f3b19b2f4f524712752c3957d64142dde58d80b698939c7b0d19486a5e0e4d0fbbb37dfc7eca1cbe6be8599a464526bf8b20b32cf65c14c8100ac71b6c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f42dc73f-368f-444b-a6b5-36bc992a2c70.tmp

Filesize
5KB

MD5
595de947c904d045c6c6e34fb1613e1a

SHA1
3f3865d18049d9527c86e3b28ac11809e71930e5

SHA256
cda7ce81f3a60e4b3cc535f93629a888db8db5b6db0dfc39a4fe5e39105e76a3

SHA512
3aed128d5c0cb1c7a1ef6b4ddfaf2be95209a98935d9ba5ff7759b5ec1951ba807a4e14dc8257e47f62435da518bdcb8ed812a7b33a2cdbcd69cbba39f402a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5aefa1f06b632d7718cf1eee3017be76

SHA1
7d1ddaac4686de3970c447c2416f0f7b1c2883fc

SHA256
6bb30fc859dee219bca19ec08b28d44d98ed8c1a350e3cce239a0f3864f6b765

SHA512
4c42005faae51a232ecfd899ce7d97773b5c4018516546f1ed23c182204849782cbe34e55f1c595c95123446f0dadf15747ef4417ee8be39b5f64f3882869e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0546931f5e858d9bfe910d1db5d5fa7a

SHA1
c091b48b1b3ea1490e000e4a170b1425522ca9f3

SHA256
3ec453c4c58fb96c887357ec2e66c8251ac7e9adc0d2584c7113880347997e25

SHA512
dd1658380097bf6c763f37c178dbfc7f94832313110bad45a956f81cb1b3154110a721900dfdaecf27aaef384842d832a29986d3a6c6838389dbcf204a2ed1f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7104cd58f7752ab99a556b013b443339

SHA1
957362dc267568a0637f7c2aeac5ab636ddeb82d

SHA256
628fd7118e92c3ac532088d0ebb4a8f398c4a211cf4bbf0bdcde2c5b486f8b21

SHA512
b33dc0054f28870c5c4f2b0e294da5a10ee19298d71ea6b349d37d402491415d915eca0ed745c54a962ae349b781569ef5e604e00c7bc9f479d9ba23d1142e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9bc1f265b7a08ba87cfaf2f29c204475

SHA1
1d11492c816a3b77712422411513f4cf9ed8da05

SHA256
b5f7000c881b88cd5256d16e5bea2dbae919b796aa2f26d81b2bbe818e29909d

SHA512
9b65d437fa3575135f0f15c0a1275e741a5977d60e7cd5add143ce8edf0f9f01ad25d536329b884fb203949a6bd7e4f0f207d289a0ba4784556e730feb277e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b2fe9d800503a2146374ce17ad1b1205

SHA1
af4801a201d353d91c3375fb6d9869402e052849

SHA256
463c736545c551e61e408d601550e1e326e4a894543c4365ceda462dfded4517

SHA512
51330c3f8d1ef39c8a9479c73de4ef605ff4c07f668e034be46302514294e76f2d55118509cef7772be17c7a8abc288946bd04c912b81f10fa80ba3a14b62ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e7d316bfd865eaa8c41c61c3062b29b3

SHA1
56854153e799fd439af752a94e904bd09bc98977

SHA256
578e5bbb3b23d1d092fb8b7fa4c23597c521293361925c6c2a35360994d09fe0

SHA512
3be2392ce9392be439f6c57e7800a0e2ad83454ab561d5331cd904e00dc278771c4cc7cb88a167740b4be0005a0418ff2edf308a13bf50fc6fe938a8aa4a1c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5fb644122da6a939ec5d87f6d63e6d2c

SHA1
3df08c343c5d4eb2962692e62b461215ee157254

SHA256
6c24e380f0847787db390b2a42f7c82d0b570f125c775b0ad1baedf466dbdc7c

SHA512
c33453a0577b1febc00e9dd522d7c2c52ebb005f7e5acc4c559f480c3072fba6ac370301ec2d89b1a9bf8f731622e30bb99e937edabd5455da0919780e2747b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5c9802\Load.html

Filesize
2KB

MD5
1757c2d0841f85052f85d8d3cd03a827

SHA1
801b085330505bad85e7a5af69e6d15d962a7c3a

SHA256
3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35

SHA512
4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5c9802\common\js\common.js

Filesize
45KB

MD5
87daf84c22986fa441a388490e2ed220

SHA1
4eede8fb28a52e124261d8f3b10e6a40e89e5543

SHA256
787f5c13eac01bd8bbce329cc32d2f03073512e606b158e3fff07de814ea7f23

SHA512
af72a1d3757bd7731fa7dc3f820c0619e42634169643d786da5cce0c9b0d4babd4f7f57b12371180204a42fec6140a2cff0c13b37d183c9d6bbaeb8f5ce25e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5c9802\common\js\external.js

Filesize
36B

MD5
140918feded87fe0a5563a4080071258

SHA1
9a45488c130eba3a9279393d27d4a81080d9b96a

SHA256
25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6

SHA512
56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5c9802\common\js\jquery-1.11.2.min.js

Filesize
93KB

MD5
9aecea3830b65ecad103ee84bd5fe294

SHA1
47ecdf62eb3cf45ba4867846cb61afa70369d23a

SHA256
a271a3f9e3cae897ced669d6652699e947928ef095e56384c4f9dd04bbb942ec

SHA512
754c25b5fc6a3e5d2027326c6814f229f9131396ea026a407dd16d092da6116bb0ee8971417463ba68268098dedc182b6fa10060ddda6ce063a5eca94be3c152

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5c9802\config\config.js

Filesize
5KB

MD5
34f8eb4ea7d667d961dccfa7cfd8d194

SHA1
80ca002efed52a92daeed1477f40c437a6541a07

SHA256
30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d

SHA512
b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5c9802\config\installerlist.js

Filesize
2KB

MD5
f90f74ad5b513b0c863f2a5d1c381c0b

SHA1
7ef91f2c0a7383bd4e76fd38c8dd2467abb41db7

SHA256
df2f68a1db705dc49b25faf1c04d69e84e214142389898110f6abb821a980dcc

SHA512
4e95032c4d3dbd5c5531d96a0e4c4688c4205255566a775679c5187422762a17cbca3e4b0068918dbf5e9bf148fc8594f8b747930e0634d10cc710bea9e6ff5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5c9802\config\installparams.js

Filesize
561B

MD5
8781e981e4797bb0d2bcf70d06320f18

SHA1
2c44415a13b27394d0a3edcb575ba96a0e70cf80

SHA256
03a4412a0cffc63fce7205bcb0b4489b5bce79de833c1d21c11c6760e4d508cc

SHA512
ffa95ee01a7ef18cb7febf6d268ac6e0dd06c4c6be1d7bde5bab04c5a54a93105a7b134637c3caba4c00748e193e92bd9933fc8eea10b12b7bdfd1e63c86046a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5c9802\config\stubparams.js

Filesize
37KB

MD5
91f6304d426d676ec9365c3e1ff249d5

SHA1
05a3456160862fbaf5b4a96aeb43c722e0a148da

SHA256
823f4f8dfe55d3ce894308122d6101fed1b8ef1eb8e93101945836655b2aed1b

SHA512
530f4fad6af5a0e600b037fcd094596652d2e3bf2f6d2ce465aae697ea90a361a0ffcc770c118102a0dd9bf12ab830ac6b459e57a268f435c88c049c127491f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5c9802\pages\Initialization\features.js

Filesize
506B

MD5
7e20d80564b5d02568a8c9f00868b863

SHA1
15391f96e1b003f3c790a460965ebce9fce40b8a

SHA256
cba5152c525188a27394b48761362a9e119ef3d79761358a1e42c879c2fe08cc

SHA512
74d333f518cabb97a84aab98fbc72da9ce07dd74d8aab877e749815c17c1b836db63061b7ac5928dc0bb3ffd54f9a1d14b8be7ed3a1ba7b86ee1776f82ba78e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5c9802\pages\Initialization\page.html

Filesize
2KB

MD5
b23411777957312ec2a28cf8da6bcb4a

SHA1
6dd3bdf8be0abb5cb8bf63a35de95c8304f5e7c7

SHA256
4d0bdf44125e8be91eecaba44c9b965be9b0d2cb8897f3f35e94f2a74912f074

SHA512
e520b4096949a6d7648c197a57f8ce5462adb2cc260ccac712e5b939e7d259f1eee0dfc782959f3ea689befce99cddf38b56a2cc140566870b045114e9b240dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5c9802\pages\Initialization\page.js

Filesize
2KB

MD5
50c3c85a9b0a5a57c534c48763f9d17e

SHA1
0455f60e056146082fd36d4aafe24fdbb61e2611

SHA256
0135163476d0eb025e0b26e9d6b673730b76b61d3fd7c8ffcd064fc2c0c0682a

SHA512
01fb800963516fd5b9f59a73e397f80daba1065c3d7186891523162b08559e93abf936f154fc84191bbadec0fa947d54b5b74c6981cebc987c8e90f83ddf22c4

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
12.6MB

MD5
c7f6e8c08c65385a17af18ce21d56cc2

SHA1
7acb27cc976e9f9e164c87db53a706ce120e009c

SHA256
05b3ce92a6bb7b468a3d6b4db47ac13c582c39825687b955425d323b733b568a

SHA512
da8d2d44c98be47d72fa495166de78e8fae25299e5cda18a4ae6912063a229d79fe9fc34125a510532696021fe88733179037fa70401d021f097288521b82f8c

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\Ransomware.Matsnu.zip

Filesize
62KB

MD5
0a3487070911228115f3a13e9da2cb89

SHA1
c2d57c288bc9951dee4cc289d15e18158ef3f725

SHA256
f73027dd665772cc94dbe22b15938260be61cbaad753efdccb61c4fa464645e0

SHA512
996f839d347d8983e01e6e94d2feb48f2308ab7410c6743a72b7ecff15b34a30cd12a5764c0470c77138cf8724d5641d03dd81793e28d47fe597f315e116fa77

Download Submit
C:\Users\Admin\Downloads\Ransomware.Petya.zip

Filesize
538KB

MD5
e8fb95ebb7e0db4c68a32947a74b5ff9

SHA1
6f93f85342aa3ea7dcbe69cfb55d48e5027b296c

SHA256
33ca487a65d38bad82dccfa0d076bad071466e4183562d0b1ad1a2e954667fe9

SHA512
a2dea77b0283f4ed987c4de8860a9822bfd030be9c3096cda54f6159a89d461099e58efbc767bb8c04ae21ddd4289da578f8d938d78f30d40f9bca6567087320

Download Submit
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 43805.crdownload

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 825415.crdownload

Filesize
2.8MB

MD5
6ad307f2c4bbd4ceaddede2ef728af34

SHA1
c2b423c4bc2a379cf3c40809d0230ed88155b331

SHA256
cd8101ef4ff962026efff97efd7abe38723d8e0f785c833ffb4e030a4d67650c

SHA512
36439867c6a82b00e4a9f63a9a0c303d342e1eb482fecfe8bf4cff206ec8cd943660de3e1eb695c89297396967c21d4197cdf71023db806b18c1873dd9110d0c

Download Submit
C:\Users\Admin\Downloads\WannaCry (1).EXE:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\katyusha.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit
C:\Users\Admin\Downloads\winrar-x64-710b2.exe

Filesize
3.6MB

MD5
3c9512d7311c9e872648ae9e3d2dbf11

SHA1
fb936c0d067106bc49f4dfae0ae884e7e783fd72

SHA256
e279e8e4c1239a734af40eddac745eebca791c0bfa68e67021a472b43fdfb32a

SHA512
acec6ae26528aafa90a4b4abbdca6f21bee23c0bf0b993fa562e40aa7870f24a0dd3cd162eab5ea92fb0faaf636309a4b9e11f5ce633950162ba76f853ca7aa4

Download Submit
C:\Users\Admin\Downloads\winrar-x64-710b2.exe:Zone.Identifier

Filesize
75B

MD5
cc0696988fb91d676adc27bf3949786d

SHA1
0561557bebafa161aff436b63f28e213b99d9c5a

SHA256
c95c0ffea82a8baa88cd2ef8b099ab37c1e78f64dcfaee17e22fa4ebda309e08

SHA512
a8316da6329998903726eb1bc4321f2e30458cc63cf1e2246623a44ce58a26ee7f84ce04c40651d36977ed38b55e12d426f86934b5a5340b7e4bfe1e5449e631

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Windows\Temp\ktsi.exe

Filesize
328KB

MD5
dd2e5fd5109c54cc90b30b88ec0c585a

SHA1
927dc541fd29ef6341b041321fe06bf04b0efcd7

SHA256
a3dabb63f11e208a0d1d9b43b3d2575e2dc2a7d87c14eb654d3062f3bc0ad12d

SHA512
20b19f742daf20de510b0232fb5f5bb231487d5e9da05b8e7037df79b7110c53b4db2e7969a6b978606e8dfd15b6d40eeae84e64b289f2b0f68dddbc8061441e

Download Submit
memory/2184-1696-0x0000000140000000-0x0000000140106000-memory.dmp

Filesize
1.0MB

Download
memory/2184-1695-0x0000000140000000-0x0000000140106000-memory.dmp

Filesize
1.0MB

Download
memory/3924-6897-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/5432-2070-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-6752-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-6762-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-5715-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-5485-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-6689-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-6839-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-5425-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-5171-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-8239-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-4899-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-8247-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-8259-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-6347-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-8115-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-5819-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-8186-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-1974-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-5779-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-8219-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-6254-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-6107-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5432-1617-0x0000000000400000-0x00000000006FB000-memory.dmp

Filesize
3.0MB

Download
memory/5928-8180-0x0000000072460000-0x000000007267C000-memory.dmp

Filesize
2.1MB

Download
memory/5928-8179-0x00000000727C0000-0x0000000072842000-memory.dmp

Filesize
520KB

Download
memory/5928-8181-0x0000000072700000-0x0000000072782000-memory.dmp

Filesize
520KB

Download
memory/5928-8205-0x0000000000A80000-0x0000000000D7E000-memory.dmp

Filesize
3.0MB

Download
memory/5928-8211-0x0000000072460000-0x000000007267C000-memory.dmp

Filesize
2.1MB

Download
memory/5928-8210-0x0000000072680000-0x00000000726F7000-memory.dmp

Filesize
476KB

Download
memory/5928-8209-0x0000000072700000-0x0000000072782000-memory.dmp

Filesize
520KB

Download
memory/5928-8208-0x0000000072790000-0x00000000727B2000-memory.dmp

Filesize
136KB

Download
memory/5928-8207-0x0000000073DF0000-0x0000000073E0C000-memory.dmp

Filesize
112KB

Download
memory/5928-8206-0x00000000727C0000-0x0000000072842000-memory.dmp

Filesize
520KB

Download
memory/5928-8182-0x0000000072790000-0x00000000727B2000-memory.dmp

Filesize
136KB

Download
memory/5928-8183-0x0000000000A80000-0x0000000000D7E000-memory.dmp

Filesize
3.0MB

Download
memory/5928-8232-0x0000000000A80000-0x0000000000D7E000-memory.dmp

Filesize
3.0MB

Download
memory/5928-8238-0x0000000072460000-0x000000007267C000-memory.dmp

Filesize
2.1MB

Download
memory/5928-8255-0x0000000072460000-0x000000007267C000-memory.dmp

Filesize
2.1MB

Download
memory/5928-8240-0x0000000000A80000-0x0000000000D7E000-memory.dmp

Filesize
3.0MB

Download
memory/5928-8246-0x0000000072460000-0x000000007267C000-memory.dmp

Filesize
2.1MB

Download
memory/5928-8249-0x0000000000A80000-0x0000000000D7E000-memory.dmp

Filesize
3.0MB

Download
memory/6024-3843-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download
memory/6024-4904-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download
memory/6024-3842-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download
memory/6024-1702-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download