cryptolocker | 56d9cb781bcc6ec4aa4933c98e8451d0ccbe41cfea832367dc4792fdf39603a3

Resubmissions

20-12-2024 18:09

241220-wrh5ea1lcx 6

19-12-2024 22:21

19-12-2024 22:19

17-12-2024 16:11

02-12-2024 04:02

Analysis

max time kernel
1800s
max time network
1800s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-12-2024 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bloxxed_v1 (1).exe
Size

172KB
MD5

66ddf5e574409a5999cc1dc528cc200a
SHA1

fd10666096fd8f56f7ff43fc13206a67d417c290
SHA256

56d9cb781bcc6ec4aa4933c98e8451d0ccbe41cfea832367dc4792fdf39603a3
SHA512

e4d4056e85ddb1f47ece180ea65864723c907fd233f9a2619be8f7b59291065c09d7c66160662a4be19797e2f9a9cc063895e771ddc97688c6dd366651ed66bc
SSDEEP

3072:GMobR7ezAjLOZvmX1i5GWp1icKAArDZz4N9GhbkrNEk1LzB:beR7eammGp0yN90QEs

Score

10^/10

cryptolocker wannacry defense_evasion discovery evasion execution impact motw persistence phishing ransomware spyware stealer trojan worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �

Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Signatures

CryptoLocker
Ransomware family with multiple variants.
ransomware cryptolocker
Cryptolocker family
cryptolocker
Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD7090.tmp	WannaCry.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD70A6.tmp	WannaCry.exe

Executes dropped EXE 31 IoCs

pid	Process
3372	CryptoLocker (1).exe
3972	{34184A33-0407-212E-3320-09040709E2C2}.exe
2316	{34184A33-0407-212E-3320-09040709E2C2}.exe
1448	CryptoLocker.exe
1972	WannaCry.exe
1184	!WannaDecryptor!.exe
3836	!WannaDecryptor!.exe
2920	!WannaDecryptor!.exe
2036	!WannaDecryptor!.exe
752	Tor_Browser_V14.0.3.exe
2464	firefox.exe
1080	firefox.exe
6036	firefox.exe
5092	firefox.exe
5736	firefox.exe
5788	tor.exe
232	firefox.exe
2736	firefox.exe
1060	firefox.exe
560	firefox.exe
748	firefox.exe
5840	firefox.exe
5552	firefox.exe
2084	firefox.exe
3804	firefox.exe
2836	firefox.exe
3624	firefox.exe
3888	firefox.exe
1680	firefox.exe
4332	firefox.exe
4156	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
752	Tor_Browser_V14.0.3.exe
752	Tor_Browser_V14.0.3.exe
752	Tor_Browser_V14.0.3.exe
2464	firefox.exe
1080	firefox.exe
1080	firefox.exe
1080	firefox.exe
1080	firefox.exe
1080	firefox.exe
1080	firefox.exe
1080	firefox.exe
1080	firefox.exe
1080	firefox.exe
1080	firefox.exe
1080	firefox.exe
1080	firefox.exe
1080	firefox.exe
6036	firefox.exe
6036	firefox.exe
6036	firefox.exe
6036	firefox.exe
6036	firefox.exe
5092	firefox.exe
5092	firefox.exe
5092	firefox.exe
5092	firefox.exe
5092	firefox.exe
5736	firefox.exe
5736	firefox.exe
5736	firefox.exe
5736	firefox.exe
5736	firefox.exe
232	firefox.exe
232	firefox.exe
232	firefox.exe
232	firefox.exe
232	firefox.exe
2736	firefox.exe
2736	firefox.exe
2736	firefox.exe
2736	firefox.exe
2736	firefox.exe
5736	firefox.exe
5736	firefox.exe
1060	firefox.exe
2736	firefox.exe
2736	firefox.exe
1060	firefox.exe
1060	firefox.exe
1060	firefox.exe
1060	firefox.exe
232	firefox.exe
232	firefox.exe
1060	firefox.exe
1060	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
560	firefox.exe
748	firefox.exe
748	firefox.exe
748	firefox.exe
748	firefox.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	Bloxxed_v1 (1).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe"	{34184A33-0407-212E-3320-09040709E2C2}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r"	WannaCry.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
70	raw.githubusercontent.com
71	raw.githubusercontent.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
257	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp"	!WannaDecryptor!.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 4 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Tor_Browser_V14.0.3.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CryptoLocker (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 4 IoCs

evasion

pid	Process
3996	taskkill.exe
4720	taskkill.exe
1280	taskkill.exe
1604	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133789255433671694"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Tor_Browser_V14.0.3.exe

NTFS ADS 21 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ransomware (3).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 573627.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe\:Zone.Identifier:$DATA	CryptoLocker (1).exe
File opened for modification	C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware (2).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware (1).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\a (1).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\a (3).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 486584.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CryptoLocker (1).exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe\:SmartScreen:$DATA	CryptoLocker (1).exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 142128.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Tor_Browser_V14.0.3.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 186655.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\a (2).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 916753.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\post-download.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 796695.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\a.htm:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
1112	msedge.exe
1112	msedge.exe
1488	msedge.exe
1488	msedge.exe
2384	msedge.exe
2384	msedge.exe
3884	identity_helper.exe
3884	identity_helper.exe
3372	msedge.exe
3372	msedge.exe
3176	msedge.exe
3176	msedge.exe
4520	msedge.exe
4520	msedge.exe
1008	msedge.exe
1008	msedge.exe
3196	msedge.exe
3196	msedge.exe
4504	msedge.exe
4504	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4768	msedge.exe
4768	msedge.exe
3932	msedge.exe
3932	msedge.exe
2500	msedge.exe
2500	msedge.exe
2920	msedge.exe
2920	msedge.exe
996	msedge.exe
996	msedge.exe
5992	msedge.exe
5992	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
3848	chrome.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
3876	MiniSearchHost.exe
1184	!WannaDecryptor!.exe
1184	!WannaDecryptor!.exe
3836	!WannaDecryptor!.exe
3836	!WannaDecryptor!.exe
2920	!WannaDecryptor!.exe
2920	!WannaDecryptor!.exe
2036	!WannaDecryptor!.exe
2036	!WannaDecryptor!.exe
1080	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 3852	4284	Bloxxed_v1 (1).exe	77
PID 4284 wrote to memory of 3852	4284	Bloxxed_v1 (1).exe	77
PID 3848 wrote to memory of 3532	3848	chrome.exe	84
PID 3848 wrote to memory of 3532	3848	chrome.exe	84
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 4180	3848	chrome.exe	85
PID 3848 wrote to memory of 2356	3848	chrome.exe	86
PID 3848 wrote to memory of 2356	3848	chrome.exe	86
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87
PID 3848 wrote to memory of 4120	3848	chrome.exe	87

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Bloxxed_v1 (1).exe
"C:\Users\Admin\AppData\Local\Temp\Bloxxed_v1 (1).exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c bloxxedbyfronbypass1.93.bat
  2⤵
  PID:3852

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fa6ecc40,0x7ff9fa6ecc4c,0x7ff9fa6ecc58
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3728,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4284,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4256,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=2196,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5100,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5168,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3460,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=1496 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4724,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4736,i,674828562970322268,9264719420002216690,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1364

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa04f73cb8,0x7ffa04f73cc8,0x7ffa04f73cd8
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6652 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6320 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6948 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Users\Admin\Downloads\CryptoLocker (1).exe
  "C:\Users\Admin\Downloads\CryptoLocker (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:3372
- - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker (1).exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:3972
  - - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
      "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000234
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7092 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Users\Admin\Downloads\CryptoLocker.exe
  "C:\Users\Admin\Downloads\CryptoLocker.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6848 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- C:\Users\Admin\Downloads\WannaCry.exe
  "C:\Users\Admin\Downloads\WannaCry.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:1972
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 195731734452449.bat
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1716
  - - C:\Windows\SysWOW64\cscript.exe
      cscript //nologo c.vbs
      4⤵
      System Location Discovery: System Language Discovery
      PID:4752
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe f
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1184
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im MSExchange*
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:3996
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Microsoft.Exchange.*
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:4720
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sqlserver.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:1604
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sqlwriter.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:1280
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe c
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3836
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b !WannaDecryptor!.exe v
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1148
  - - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
      !WannaDecryptor!.exe v
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3164
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8776 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8772 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6936 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9152 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8680 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9212 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9760 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9860 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9368 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10196 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9612 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10204 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9984 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9600 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9236 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14086724996779882660,11846931020681523887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8060 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Users\Admin\Downloads\Tor_Browser_V14.0.3.exe
  "C:\Users\Admin\Downloads\Tor_Browser_V14.0.3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:752
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2464
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of SetWindowsHookEx
      PID:1080
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2580 -parentBuildID 20241125154204 -prefsHandle 2552 -prefMapHandle 2548 -prefsLen 21009 -prefMapSize 252047 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {53f07b06-b8c7-4821-8dbb-e21c22bc9911} 1080 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6036
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2100 -childID 1 -isForBrowser -prefsHandle 1948 -prefMapHandle 1848 -prefsLen 21821 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {471bea86-8fe4-4427-b6b5-33e6018f25e1} 1080 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5092
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:1ea5816194b3f2466068d1667196e5c2b968c37dcde08b703d3047806d +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 1080 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:5788
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3356 -childID 2 -isForBrowser -prefsHandle 3348 -prefMapHandle 1564 -prefsLen 22589 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {240299b1-9384-4a34-ac0f-fffdd235db0f} 1080 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5736
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3724 -childID 3 -isForBrowser -prefsHandle 3568 -prefMapHandle 3572 -prefsLen 22665 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8049fbf3-bc20-45f1-af74-1d94144b12ae} 1080 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:232
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2132 -parentBuildID 20241125154204 -sandboxingKind 0 -prefsHandle 1928 -prefMapHandle 1908 -prefsLen 25411 -prefMapSize 252047 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {03856ed0-2e4c-4a53-a834-407ab957d715} 1080 utility
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        
        PID:2736
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3880 -parentBuildID 20241125154204 -prefsHandle 3652 -prefMapHandle 3620 -prefsLen 25411 -prefMapSize 252047 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {05c55f49-1c1f-4a4e-8eb0-569e8224e73a} 1080 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1060
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=1928 -childID 4 -isForBrowser -prefsHandle 3076 -prefMapHandle 3652 -prefsLen 24122 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2502769d-3a21-45ff-83e7-c877e85f0c51} 1080 tab
        5⤵
        Executes dropped EXE
        
        PID:5840
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3880 -childID 5 -isForBrowser -prefsHandle 4448 -prefMapHandle 4452 -prefsLen 24122 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3be94968-281e-4922-a0e0-545bebe39722} 1080 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:560
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4620 -childID 6 -isForBrowser -prefsHandle 4628 -prefMapHandle 4632 -prefsLen 24122 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {82ff919b-e497-4367-b739-155f9d63d571} 1080 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:748
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4956 -childID 7 -isForBrowser -prefsHandle 4644 -prefMapHandle 2504 -prefsLen 24491 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7a1f72da-0084-45ff-b238-5c5bfd72d982} 1080 tab
        5⤵
        Executes dropped EXE
        
        PID:5552
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3368 -childID 8 -isForBrowser -prefsHandle 4824 -prefMapHandle 3356 -prefsLen 26106 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {726ad986-2227-491d-b807-1454626ddd92} 1080 tab
        5⤵
        Executes dropped EXE
        
        PID:2084
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=1648 -childID 9 -isForBrowser -prefsHandle 1844 -prefMapHandle 4460 -prefsLen 24769 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {565635ee-6182-4b0b-847d-e22f9ce5eb0a} 1080 tab
        5⤵
        Executes dropped EXE
        
        PID:3804
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5064 -childID 10 -isForBrowser -prefsHandle 4092 -prefMapHandle 5268 -prefsLen 24769 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {67bb79c4-e370-434b-8f92-24d3e3bf76d8} 1080 tab
        5⤵
        Executes dropped EXE
        
        PID:2836
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4692 -childID 11 -isForBrowser -prefsHandle 5460 -prefMapHandle 5560 -prefsLen 24769 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {adac0cfa-a0af-4cb2-849f-b109536ee577} 1080 tab
        5⤵
        Executes dropped EXE
        
        PID:3624
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3628 -childID 12 -isForBrowser -prefsHandle 3364 -prefMapHandle 2352 -prefsLen 26106 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2c16c193-d941-45f6-b007-b7cc72c1dc3f} 1080 tab
        5⤵
        Executes dropped EXE
        
        PID:3888
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3524 -childID 13 -isForBrowser -prefsHandle 5160 -prefMapHandle 5576 -prefsLen 24769 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5edd6383-eef3-4f4f-8454-35f27f9227a7} 1080 tab
        5⤵
        Executes dropped EXE
        
        PID:1680
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4212 -childID 14 -isForBrowser -prefsHandle 5644 -prefMapHandle 5652 -prefsLen 24769 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5966ef1e-ae1f-426f-838c-9a56771f778d} 1080 tab
        5⤵
        Executes dropped EXE
        
        PID:4332
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5392 -childID 15 -isForBrowser -prefsHandle 4404 -prefMapHandle 5300 -prefsLen 24769 -prefMapSize 252047 -jsInitHandle 1228 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4adae5a6-471b-426c-9ded-ff4d44c4b0f9} 1080 tab
        5⤵
        Executes dropped EXE
        
        PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1636

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk

Filesize
590B

MD5
b1b7b3b6afc07b57227a4ad8ad4b9c33

SHA1
a7fb6738c38d14decd02db69c459bd81fdf7688e

SHA256
a08bcef1dcbea0ad65c10ffe97e96e247b32f753ed2b0d1a66bc221525012f54

SHA512
47f5fc9531c3167986d6378953074cd02738b9812ec0b23330c6a73346d23c7748450d778f4b6e654702c2eb769beae8a2c3d5988bcb11ad92ad293eff90631d

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
67fb316a219ef1e86ffee1e30639686d

SHA1
54cbd2be2d7912d67f151595c06fd04fc3707946

SHA256
f3f4037a1ce5d6a4c6ff38f38288b2e65ff0c0c252f83129711bf0ceae53078f

SHA512
477a78ebc749a4eaac1bed2599f2d2ad9e736095cf767b1b69b73df371626cb16c030c6c4c6a600e55022bdd21a68018b93a7b466a4f4c5d38f53fb10efed23a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\71d76fa3fe9c02ef_0

Filesize
280B

MD5
7c0722587eea5c62964b87ff107ff85b

SHA1
605c84c5473361556afdc04ed907180f3673c8a5

SHA256
2d85e25242e603e0d00e12c4416eda99f8d73d06023b9fed80a71a68bba9a607

SHA512
e59c50ac6642648c2666b6204889b638069ecfa07dfd3a787fd4e1285bd4d5467fb53e290797f017881092c265ba962b6e65d85ec726ebd24c143884e7ae4472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9087c57cba673a94_0

Filesize
19KB

MD5
e1be34f9d0ed7e7119ed1ae50ad7b7d3

SHA1
9678417ec257a3b1e856ea151020ed2670400642

SHA256
b582890347c54552ebb14123bbaaa2bcb0109406cd29faa5bb048eacb2e7e3c6

SHA512
cee7291b44993222b3807fe24977e695ca44e4d7d4bafe3423c4c7170c814fc730d2854ce309a954335e2b945371f6fed4615ee25f70a8d244daa367c42db830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d57625103830e3cb_0

Filesize
374KB

MD5
fcb1c4a1955dfa9c5bd1379f1ee6dfee

SHA1
b7b5e64b95f5e1dd897835802b52bcfa81a79512

SHA256
73aaa3643854e2691410df7077da19c3d74a2856b27d64d3efb859ace5b7a9b0

SHA512
7ad53e359061180335592f7b23c482ef7479835a30a2a229c908077fd0878158509c1e66684a0606fa6a9a22558ca8cb07918b1a3270b2b48003629fe3dbd58e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f3ae0d23e488645b_0

Filesize
289B

MD5
133a66406355c63572030551aafc6513

SHA1
a6f9f7fdf6906bf6e93a7ca3354a0aed1ac6fa76

SHA256
a463ec572a22e60b8763ac9cb6ba50830b63a62b62fe3c931c21c317091dfa83

SHA512
0fed394ebb2f5012531dd6c00debeb586c7e0059a7379ff1972ba0765c58e0284db429e3c3cd5be332badd6ef3bea09f435f8b1bd9aeb6b1857290ce59cfa6ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fcfb988aec9d3048d77ff198c02a7120

SHA1
e69568b4e29076907fb648f07c19badbb37d774d

SHA256
de25f0d0c244e9a8d3570fbe6031f99a31fd92d7156c9deb583864342963d32b

SHA512
9d1da8ebd6f7c5f342232ca8afb93f7c7cda3629a163c944d0e35f809510fddd73588de42f29cfb480f8fa983d36bea7224821b256e2029692be5e0e6873dfa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a1991a5af66834a266ae05c927ca51c4

SHA1
514ac52727e2a670e6c9333eb380b76c5c45b907

SHA256
ff240c16812d4dd942ce497dac9eb4c6490319f27da32c23bb3d9d9bfa0f89fc

SHA512
1b6bfd3cd6da488289815d33690ec030c6ea63cd6de1acda830e8b6ce1163f9b50da90e5f0d893f67116366d1bb720fc153bd30b942b37546137df74a46d9f19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a70cc659c76388b3236a206bed836e2b

SHA1
f3919f8d5f9e0bb7191b675ce990bf051a1c9daf

SHA256
2111a58d3fc35f51ef293d3a8abea37a093e3de3dc1bd593b83d820fadec4387

SHA512
54a0637ab2cf5888cf68b10c1621d0a3ea04a023f0a316e1523c3810826890a757c09b8ec8b435c0aa10947875db333924ac6e588f98f59410921ea9b16a7d83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
993ce56b17c810d7164b4cda9e191bf3

SHA1
0a73fd96e5b1cd0af408a2a404e7d1bb412b0067

SHA256
7b1ee03081bb8586cf5a539d75d8ed5000c08dfb3d8617880e36d90ed31b7c30

SHA512
bac5b54409e7c335ca9fcde7acb4c63ef9c560c7981f7036e357ea58a8efb9a8e98112799e1d40a3bbf60836e7965ff52e4238972555735078ee8b89b77be0fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0a2268374403c2ca1ec3dee5e5987756

SHA1
7a36aa706576f51668f985fccfb9cafb6b8b18f5

SHA256
a6fece632f038a2abc5d418156895b4dfcaba344019a888854a24c05438c1367

SHA512
c7fac46f6121ba32dfd55a6b70555b08b17aac77117466226b4a59db0ffeb141806bd2a9a1835da9f45c20b6552ea7f4b0fbefd9fd3c5503e0754bed3a7227f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
de393539258ef9f1d747e7053663cbb7

SHA1
d09ec7c556eb0ea5c2d37947987f94424aef72b7

SHA256
3c03cfc88cc363b797de30f5cc98da150e367e7cdde4e2953b42e6e904e7d630

SHA512
44c33c3c9aee22bbbcc217658efcefc0ae9eec19b44835016d1fd19d79ede82b08e5a99671612570cc81d94c85643f31951f6a9be2cfc28a872fa6eb98cf9bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3c71d7d3f85ad062ecefdf8b488db6e2

SHA1
6e1747e21883e307c758eeb9bca4df1e8922ce99

SHA256
d28ac1d9525adadd06f2806cfc6c27ae9f69f39ec570757256359c6a265d97dd

SHA512
a455a8d0aace8ba432db937a832b5874cd62aef4628ddb454ad59d381c7e25d72773490ea79e2eea0ac9fa952fc5bf1318ee233c0b774797927dc04569243bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a44da526eaca68ec3e73964e6ebca468

SHA1
93504f07ab5b361f6187b93969defcc41551a631

SHA256
f7a13be37d15bd7d68f6e915586ef2780233790a54231143e7d230f63e5ad231

SHA512
18027b5c061cd22a73b5b14409cf80828ec8c62cffb8e0903d356d73e5f54e414ae700bd1cf70093e2f00e1729051355dbbad52a04372a931a37dfb050abb8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0b8025c3e0dc7a245791a7298857fa8d

SHA1
90967f8550c76377dd29d9d11ee4f4eab567d7c7

SHA256
d1318a8dada95e6df52ff83d616affbfd1a9a2cacd067d009e9c5e22e50246c8

SHA512
da4cacf49e6a655a899bad4789cf6eced9dd51ff99c8de8f42feebbd265082a43664438edcb5746dffdd38c58b2990567b91bf7bd787f87f3bfb362332a237d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e717018f982db91661d3015926d91995

SHA1
599502f9248ccef4b572cd0e65fcff41715c4fe9

SHA256
0d9156490b1961fcd139ad6dd078c474a50f279218bb7eb324929e3217310888

SHA512
3ff199bf70dfae8aea8e0805b68ba9d601db6baf5237d33056f4720a0f84554886e8104e7e79f12901b5f2fbd0ec3d13448796e11b3713f476cd8fdc135b0b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2ee5ece0bbaa857581ad785e175848b

SHA1
bac5759b07be3e5d9b0b12aebaebe6de777a20c1

SHA256
c4fab85059f3c131efdbaac0894c3b6f6f3d0116e34d013c6fca5003f6f4f074

SHA512
d2b893d5c2c6199eea93cb46fae69716b2828e15d2f878c5434098d9076e0c3d76a817473eef5f9baa64c2e85a743e69d3dfbfc49922a02193d79ce445469e99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6a4c04ca1a4a92b8dfa5317d09e48ee

SHA1
9ea098b0c3e699b779e50715c94710dbd67bcb20

SHA256
4649a0954ade9e91d8ae4b675827bf4a85651071030e795cc75f0caa19ea8d58

SHA512
b143f926636aff9a9d9c7bec42070765afb9436e072adce8163d93a566a14067cf503293e0e0a2dc53b7005318e0020dbf0af31b40dadd4f83a95baf5e60c688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f89cb4cc41d2222bd28a49f06fddec3

SHA1
d629435c4003decc5f671484ae21204a9ac29b4d

SHA256
b40143c25a6064e68fa39c0ddbb4cc4c5ff9a237ad6a02a2365dcfa0310c66df

SHA512
4fbe7f621ada240ddde3e7bdc2a4d4f51dd411bc4a5e05f8311b978d3c1a7c24e8bc7554fd0676fc74a0ff5774bafc83405df44f3594e456217bb79b636e0b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7783cdd89f1b69a044f554bb167794e9

SHA1
2a340bdfede14d12d06aa1c117dcfc2d0f70c41c

SHA256
cb56e3b9b761ec25ccfdc48ca119c1bd245949a13339e2d8649c98e24eea9c36

SHA512
f3d3876b1df3a4607aa8702cc8dfd4421126d605120dd5fff9dff24365ef0f1af884d21d840f80c4257591ca2582bb5b894ea189f0a351ab6eb8273d0ab80548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c816712f391f578c0d0ef95dc3c7183b

SHA1
da170133eacca9b9bc9d0f945e8fd989be1538b3

SHA256
7d7ff208860f7606a75c5de6337de76e071c1b42e90fb3a4c2230dda6d9dfa79

SHA512
5cdad5e66175de8535865f37458d65596723592adf5cacbf1a8e744529152cab32f668d805863b1a5d0e16782016fe5647a292d621d3c7420b44383e6013b7db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
80bd1109113136d60c441ff881bc4d12

SHA1
18cf8224a899d8d8cba9ae8120431ff7d128347e

SHA256
1e3cc23ab223dbf230b207308b5074487def5848e95f21458e0a0d7d73a045b7

SHA512
e12df011b4f5861770fd6dc11c95489c47cba074128c165ce1791e6b169bea62ab374063dfca1752845ab31af84a3795d9663104c61561ff25cc21d54a92f6eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a6e0341d3f0a28c2cab7a9f951ac5ea

SHA1
d53b8530c7a56c3a589fd3047cc35456a0544694

SHA256
c3c025eeb8ab542aa6dccbcf64b36f5dde7e6219b6a43d21c0011ba080c6f2d9

SHA512
0a39a1a271fc7cd6b046e68d6a3d1c889f41986de987f48383870edd21b0ea5438191ba5feb0308e937d85e1c5e7ca01ccb11eefc01749d926db853b25ce7af9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dee21ba80d64d5026521536b1bdcd323

SHA1
3ee8596bbf4cf4e062a1af3ebc49a1fbd7fa4c25

SHA256
a9f4e56b23b893a01c16abff8a2bf05583f882ac3ee35273dfa2b43dc043c1e6

SHA512
a6c55674423ce3301afaa806a56ad3363a1ec85f5815b9ad926b51cdf77176c79a44a07c725ddacd86cad48d2f269411f5ba8ab6583dff753841dc455a9107c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d053620e2f0bdfbead80625817b84b93

SHA1
84e7b6357b0137f0c2a6894fae7d51e212aaf75e

SHA256
ce2bed632d3b08a778be270c3f0ee19694f8d3b20e8ad7b3d9c374d47d1dfacd

SHA512
1df386c36cb9f0c67cea253333891d2120e80970aba146afd2d002f10728596ae022fc0c22c84e9ecbee39ec473b898532567743ca661c5fdebb977d7f95c2e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81bf98b653160b0aaeed512eb9ad2815

SHA1
a8e6ec3d6447f10c45af2c1d88fce89a24fa4a4e

SHA256
3a0ef7726e90dc958e79bd718f609ddb69c794da6afd4557b8d8ea76afc3b8c7

SHA512
2bdd2d2dda65ff9cf5ea01bb17877dc6ecdc1ed9b40dcea73a97bf18d8f668df7463db70e3b1b1a1d5e5e1e3b6de89a63272fe5bb38b7d9ca8c378c89322a795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e7caecdb4b1bd23ed1ff6b25131eed7e

SHA1
2219a3c63120915b6a80ada7290691fab8bafa39

SHA256
9c9ca29f3e73b0a87046a3d76ba91e726503bdfd2da147b7ad1626c67ed6d14a

SHA512
2371edae77e6fd3e18665bfbebe2c05f8cc9c5252c7c23ad3d96485110713a1e2163ea12bd2b303caee5106f09adeacb1ba52c1e179b68d8032138d2dfe4d832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9fd7629a4c03e3baf11c77512a1400f7

SHA1
0012ca708060685808b4c4266dcf67095cefffe7

SHA256
5c963915acd7aa7221c3f3be42e9534ddf717ef8f7b12f1f5026f4d809057083

SHA512
8f25aa717874a7910c74461e1a68594a1e2832869499b4356ac16d0953e9d059dcf09e6b7c14a58d8cdc937e3360d4136cf8b6234510c49dfb22c2db5a77a8dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a2d2552a3ed0f1b7816ef23eb3275d8

SHA1
958435b89a4b5022554f122a5a5f335c9c7e17b9

SHA256
ba744228e7f900001164eb28e9d69fe6913041bfa2da52052709238ee8fdb51e

SHA512
3bf05838c071c9193783fc01ae7993dfc5b8b5f85988138ba0ee8cca6fda4867e8d705ec4db65f04a8234d3649581a2d05f6f8114c3ebb8153496db4270da6b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe47324d406cf08808515737328412b9

SHA1
9a6dd563468d6d2bc68deb83b193a268c9122ba9

SHA256
bc52809c2675e9bded1e17474e7040990145a3c1a0bf548fda7a189638746cf9

SHA512
6ebc7a8320f5b1fbab5346698ade64e438feed646068fd7a41f7a39c07124dddfbdca1a46adafcc068b9ae7d8cfd2a936ccf3e572558656b09433eed4d5ef4e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7252578a526839ba3df898bce9eed2bf

SHA1
97ddd62a311170a91916d4e66d89463164b7a084

SHA256
2d10e6942611fdea55231f17a8ac0fb5f90bcc0364633a7cc80478ac4eed1b7d

SHA512
500de2de8082d175a5f5f059be554b2a18d6799bddd67a0894f5894b08711fc39fac57e1cf339c4410d74982fc2bbd9dd37fdc8d7c2cd19cb4ce933f7748d550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f4b38688b58f1bca7e1372dd1c2f1e55

SHA1
31f7c9926f85cff746d06fe08b1575dc9f7639b7

SHA256
302e8f21cdf6eec9a4dcc72b4637a6eac5a71fa1babcb2ffc65ebcc66a00b78e

SHA512
e0ed7dd9c61f5cad03457b82398b9bbfb23a0b77654b97820d7160f716ff46bf06ced9f27fa2feab336152ca5164e56f62ed09507bafc03123466db78e095dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
209e67b283deb819f0eb68e14aa65420

SHA1
690e6a8b643cbd7c91dab392d7d6a1d9dc8a184f

SHA256
21c210e02af70b3a60ef563f5d6139e53a5f04d83c293969591c4805a38c057a

SHA512
483690e6e767b7ae858a4fd9539ed4352629fd831e22e81d673a74471fb24c7cb17d54e2d81db55cbd6f878ad58cc8190517edea339b502309227ca690867c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
96cc28380753e37145c43f3fb8bf08ac

SHA1
f42b7bde557cdf9eb9026a5bd102c781f7a5acbe

SHA256
3e24a5a6fd753ec0c246367262c37f47cb7ad9960afff2875074317b0985b16e

SHA512
a2291e337ecf856d65912559234ba01ed6f08a43805677c8c88391fe656c0b59849f7051e2b74d57fd7f7f36e255dd4abad45a498e4d24f226c6b283ff086115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
5f7b5d286b8f41d16eace2572d4a0007

SHA1
3a4d9370524fed9d8eb48ee9ed04bd1ae5a82875

SHA256
7335f45832fc443e6f00dd36ed19acecc08cf88e13627fbb3b15c1b28c719fa8

SHA512
9215488768c664f96cf147b44686c63ecae8f26be1b91f24ee9194da31f426ab310e281c728cc60535a25387af5e445bba230c0592342bee295cef6ff928dd4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
656e2a99799152e2ba28285f93227586

SHA1
494fee4b2beb3754769bb53aca5a6882b4e88566

SHA256
09ca23ed7c44690700ff6b305841688565aa5ded800d47c24306586164007cb1

SHA512
8c59825b8083bdae0ec3498a146d401f86707fdfac9c75cdf9f4bc49b552a592daa7265424791526f138bd935f2b0879c6b1cc7cc2d42da65f382ca1207ee20e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
ea3139a14f9803c68c08b6f4a864cb29

SHA1
f7b480c80fa30ec578b75d547addce2cbd67dec3

SHA256
44abd3f548a2cea77d0ab1b9ef58244c18d35704d50fa86e9cd40559a4c294bc

SHA512
547719d1a10bbe86b0f1912fd48814553120ac2308cb8c7c383b71e40318b7505891ea66e41db2a3135bb18535cd3fa18419fb40ede1ec37191e73eb02de4026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
feeefb4a6eeca0e048fa73f7005ec215

SHA1
b6a1b1a0533dacca677baf935b34728d40220bef

SHA256
73949d7bc6b9b786c2a68b1ac205cd2bb26bbe86f621b259f7562c4857e09955

SHA512
b0d841e53f2d9cc3e15b1cf21d652add5726bf1721663181f6adf06e7e0730aba61356d168f61601769ad0fc50fe35d488988d434ebab5ef9ad94125523b0db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
38KB

MD5
53214f37c15ce68a217e2915c835b235

SHA1
912add71f2d55aef34ceed48859cac16207759e3

SHA256
5b50f1bacf12105016c72bb57bdb3a468b274fc21d4485d1922a14e2e127f803

SHA512
7289364baa2d22ebe8754a3b0c0ee75e707d88cb925a7a2e871644899bff3a91afff924eb5f3bb1afac7ec6d5fc571dcefc20c5bbf049a1bdc1e0a8515f6fad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
37KB

MD5
fc8b9283e9c3686899120581f73dbf88

SHA1
5d2c3af2bf4a2054daf15098d95992c9aac1bf17

SHA256
27d6e4815025d7fe830001e206a4dfee19b496f302332f195ece6295f5d1f216

SHA512
9dff216af5570c81213c24076f9afdb150b52df46d0143e199d12cc1d05d7e8b21e096b129d5d722ab0b51996a41cd70f0b2f06a65f9cd127c5700fc6ce49319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
7be57a45cb4cfa25175b9e6683e6ec46

SHA1
da32d0bccb313405a270f64933b18b125455d0ee

SHA256
0920423488d6702e1e9863f78345fda0b9a34e5e26f3442046b35c8c19ae5651

SHA512
d48bea4ccf7e40e30551aa0b3df81a87d64ba44884ec915c13dc23491a27cb6ab15d3c7e5a7c47203ef69d7f6bbaa8ae07c275ffa256b7a3e0aeee2a5950ed7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
18KB

MD5
5874476248aa64a7474180838abbfacb

SHA1
82bce12fcef16b46aa29747f1f4f5b3675ea920a

SHA256
69633ea1317c6e008ec045c365f8ac1bd633db8454c1d90eea7b77368e3462a0

SHA512
7847bc55ebe9dbc4a77f634d4f2f0ad508bf2e81ba175beb071b927d0361efb6cffed65479211c719b9f6bc29b91ed8d98164ed9ac393ac31162227aa50eaf8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
24KB

MD5
4ad64b8276b4c91e8b4a8c29c286b0be

SHA1
1ec3308f54f831c9d77091c7778856376682e3be

SHA256
dd7f2ff3804aa453d5a974f21e8a432903ec9d51443467f53c95e97dbedf0b4a

SHA512
be01b165393d8da062c4a1752711a01edd94b051160a2f7f8e6c4f4bdf6b56d749fc3cefdf5829221527b222a7b31770b544487b2d6f4bce52cf1aac4a51d243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
18KB

MD5
8cf4df82cccabc1c6590ed3d1a871f9a

SHA1
0c6e60df121acf74b5b61eb3eb25233c842ab315

SHA256
17592034935d1a5216d9d24bb190ea8f72473bb4012a8458ab728840a3e60bd2

SHA512
65a60ad5a593eed506d8dabde41ca5c17a920d1b034ea971a70a2f4d614f5b15bbebbee9ec0c7047ef13a3138d4f18ecedb7e9b05cd5a0cc151226bac9ec3997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
58KB

MD5
978ad2854fad775d9934688bcbfb7799

SHA1
c1e648cc4e23065406e0a70c5e5493c570ca5ad2

SHA256
5e92948cd63fedd2a5a7f8c21659290a1d518a20f6e3a34b221efd5f5806ab09

SHA512
370620e6f497acbe5787cc5becf07eadab51e7bc274df47c4cc6df07db3b54c86db9e3bf921dffe56a0a4dd87f2797820253345ee5f13ae8b200dfdc8a0c4865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
39KB

MD5
28a155e2ad0e42f9038b87ea28fd0877

SHA1
68058b0188ef02b85219d32374c4118320df4d6a

SHA256
2b229c4f7e42724238a11079581e56810307fd4d231308eba68757502f6008ed

SHA512
094568637227e8765d68c19be6b80964f0065ec2887c911562f47b3fc0122bf087adbf0fd655486f779b4373827f1c08442b65f23758932fc5bd43cabdb2cc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
105KB

MD5
b8b23ac46d525ba307835e6e99e7db78

SHA1
26935a49afb51e235375deb9b20ce2e23ca2134c

SHA256
6934d9e0917335e04ff86155762c27fa4da8cc1f5262cb5087184827004525b6

SHA512
205fb09096bfb0045483f2cbfe2fc367aa0372f9a99c36a7d120676820f9f7a98851ee2d1e50919a042d50982c24b459a9c1b411933bf750a14a480e063cc7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
b64471154ff618b63c14c46598fd8a34

SHA1
0a235de5caf2fd124202e1142c90c7ad0ebb4daa

SHA256
bca188e18b2b82cf10e445212fbcacddcfd3acb9217123a5e7a1592553bcf426

SHA512
ced21476354e73e74e65f2f972dde7a28d0d7a60163d802a629436d7a7acc7756d3a4da9574d42101297de4342745ba97c39ec8f643e1c90a504d6155572ed07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
16KB

MD5
6bd297ca3e7194e80a3b03d545a2033d

SHA1
6720368ae50640eedbdb4b4d3e1311a3d696bfaa

SHA256
e59224be8c0105da450467d1986adc9c315ffe34282c4b6def19ad9cf413db8c

SHA512
885a70a2634d882188241c5c725255bd2611973c3a6999220d1215ed90452bd418250e9f18e81722277777c66ebc2f693c37a988b6a2f7623295b34356b3cdce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
338KB

MD5
04fb36199787f2e3e2135611a38321eb

SHA1
65559245709fe98052eb284577f1fd61c01ad20d

SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
16KB

MD5
144fc04495ecb8dc94d13a866ab0f3d3

SHA1
c4e4e25b100b08c5777263a99709ec4b74652ed3

SHA256
9ec1bb323a1726e8c749002492e873a76c31ffdb7be05a3043d9a978a2ec8503

SHA512
add788c2c78d5ab09bfe897a52ce20345d72b5def5881f63af77933858da3ac1b21b673b957b657ed4441450e9f710a0dc5a90f2d5438ed668e8cfbfce83bd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
17KB

MD5
663d0d0966d3e0fe61cb9cd631c35c4c

SHA1
d371a2344f891ad2dc585f66eee08f4330634184

SHA256
97577b7db223876f9a048ad8833c7b55726ed464d8e9d34c303c171a6f32d7e2

SHA512
75be36c722dca266a10e3d8003d7b68906e25f369d9009c6778ecf2f3a4074b6c6307e37eafbd5e9cd755c2a850579df765a1d1d7be1caabd17bf0b426a65d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
19KB

MD5
ab7532c8d5e38228215da168e80637af

SHA1
00d5eda03bb3dfe84356d39e2d445d54896c3797

SHA256
20ac4ead3e1e487b273d9a733b36efad29462dbe10644f65ee5a69d8aa971240

SHA512
38d0eb27d49db442b3acc674853becc280979a9d2d34a972cebd61b803e5b8455b4f949ab904079d640911db81706ed23b75f3f36cd3ea5aeb98fd243aecd6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
103KB

MD5
c12602b8ebdfd5ea5113f42ee978d526

SHA1
1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b

SHA256
412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794

SHA512
00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
32KB

MD5
2bfe8798e328f961328f6cf8fc346cd4

SHA1
5a020ebcf39acdea90500f806838f4b4726e4ed4

SHA256
f6b4343069cc192398399361ed629355210dc648145cbf623ad758b1925b80da

SHA512
b8c7e04210378d6da51e0f12e409752a77a5aa9f749d69c12d19f488f6de67abd94b9dc6e8ec41d2a1838b56d60ca697fc19448464141ecb090da30d1b881709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
142KB

MD5
c2111f6e2b067cdb45dba6810730b956

SHA1
01a708bea9f70932f415be04358286bbb9a9d870

SHA256
356c4f3d3832939f5894162f598139f046f5910131be631da114d65132cb1c85

SHA512
71ae7638447b710a6fd4f0d5878adbfe6b0156a826911a5e65a5b9e2b4ab2cfacde8220978535b9ad59160a46266b3683e4cb9515c0f89bebc8d10d37aa5e308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
95KB

MD5
2f1a220edd5e3847b0a803653a4dddac

SHA1
bfc0279eabd64db5d291f00c9498b80bf93cdb80

SHA256
6e7bd22d86164b3d1fa0993da09797fdc62ab290d2765625bd58e4f047497bb2

SHA512
c388a2f03acc2a03fa2822616dab5cf1a31883fe4e69f648e2d56a9a299a822878dc910cc493c7e462767305ec046389572ffdfdaabb16764311b48e128ee8cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
20KB

MD5
323c0dbc3678046d7cc37c8060083f9c

SHA1
a4cbb87d0a0cf4c07fd995c221e88a3a47cea38d

SHA256
e8d36c70489e878b82bc6f790d114d1a32c7b187b1043212a76f8146d9fcb005

SHA512
caa84ca897a4ec335cfaa2107dcbeb56956584a11ba4f4a4b05cb942f95c9676fa7b921f1f01a7ce1de912441216a55247d7926b35480e9ebe0e9ee173b54d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
27KB

MD5
bc7321f62fec1792b4b4b06eb70b55ed

SHA1
1ec07a8dea6ba3e7cfbcfa03fd41e4fbcab88d80

SHA256
4568f3217ad7eca8b87555678b82e4fe003aa5df2c4dd7cd27f469961b3bf303

SHA512
6fb01025e6d815f26047d4f2c0eee18a992ed550b73b4d23733b2d00c70827e1407828986c2fe13f2f08a991dc45e555177199c7f226ac5aed5323bf5436fdd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
89KB

MD5
246acaf3c03501d58dff32d6b65a4414

SHA1
170bc4f1d40082bc75648152c41c526f69f66d81

SHA256
53ebfd7aa8a75c254a2c162658c4f5bccf311fabf175fa99205312919dcb6fe0

SHA512
5aa9fbc6c1d971911fe38761671caf41d2ba897d4028a77128adedcc7d73f9283b6d2d52e804fe809ce52ac9c525e68d88eac6f65a881075881d253ed90631a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
20KB

MD5
be42578da113be82ef161157874207cb

SHA1
9dbb8f4bf675ed14844ec80f509572b489ceddf1

SHA256
b1356e6883c723ee65a82b2e0d29e2f5a067846a33ac984d8bc7cb063915e868

SHA512
0542a3cf9cf3cb3341743dce4ad96def53ad7a8a455f4a3d582bc96df05d7077efdea8af4b67c94f6169b60c60bb513431acf21961cc43adeceddfd182d7b73e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
153KB

MD5
1b2731006f2b2597b02859e501bc2d4c

SHA1
118d27a703cef3fb083593a56bbc93e62420f30a

SHA256
59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

SHA512
f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
84KB

MD5
59adeda42ab6010f53147910ca1adb71

SHA1
d3cd01fae74a84b2079a171fa3c14ea7bec4ac25

SHA256
f385a909760dd6e799d4f857842b974204c68c335ce5a5d4e9876fc364848306

SHA512
7ab065f368850cdbc4d7f50262c66f7a4477ad7f71227996fd48c7f61b834c52503000f04ae9b0554cd9900f7cbd5280f9564a943f9ab109f91322d7e2f42a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
138KB

MD5
36d9c196b33dc05d8ef7cbe7132c8f1c

SHA1
dbd00f0df91148c3e09885ed8b0dc5a3ce55b6bf

SHA256
51c5b448b6cddcd33989cb78b17f618ca0313e45afcae462baa9fe23900394d3

SHA512
9a7f37de1092cad6d2fbae23a56787d1fdcf96318854ac6afca9f137fa868409a3c34cb84c8cc0ae4cfdaa993d7654c3ceee23a3b6da5496f9be3a6aafe3804d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
43KB

MD5
5337681d1dff81a4f4f5dca65cbce5ae

SHA1
a271a1ce63cf89555fbee60a4eb8f84b8f12e4f1

SHA256
dc42a734c12a6629ee9e9dad0e12bdbd5c8d2183a9c92d173ea7bc44a5f28b44

SHA512
7bf3b1d76c96434357a94979b470bf5909e70112f119211ee94d2adb8ae27a9f2e0d1d1cfec48d4c985405b9650b05b95971fb4d9e406bca8a3a8ccecd988df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
28KB

MD5
82f5ecea0d36555b3e99f6267a1d71f2

SHA1
0207d91f8383a722b487b97b7481ee92ea9662fe

SHA256
e4fc89a3b03ff4ba4f294e17b55448fe917da61326c3d76e945d7ad0db04f155

SHA512
70d973fcc4b2ac5258f259a26fa7deaa4ff3ab8bd82b4dbaabf50c9ee680bdf25c2454ea7addce081aa6a458915b1c7d861b317ba7b45b361a086a9c1d691d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
89KB

MD5
3232eb823d253b5a807e128fa4346424

SHA1
44995c351660f42144f99582f3207d92bee99940

SHA256
705e0651cc764fde5d9df98e466b838a7b9892c6db92e0fcf73a9a04c0787741

SHA512
8b64ab3e46bb8dd34ff9e362ef5a137d13eada07d5d483b7ca47d21aa9f0b65a300e35fb48c5eab72d03cb803d5df46d7439d5c675dba5b6cd870719ccfe38bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
92KB

MD5
7cedd5101fcf02952fbce29ecd5c1395

SHA1
239b80596aaaf4fcb9863db8872d889da19649fc

SHA256
26198d05ae192632b6e86d4cc206f510e5072b68dae6dd8a2044fe47930e8e47

SHA512
f6e94cc202bf587b8222450d29060637adc8b2732651531af79a338d2670cfaa191eafdbb51d3982b78a637ffcb60a540842e7fda508ca705d630fe051ee065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
124KB

MD5
b61a1b2dc5058c3700069404f78dcec8

SHA1
a37e20ef0bba0055f2ead0f31e6304dac2d87235

SHA256
6c0a0f916a25065ea81742e1546aaea167edd9f561b9becadb4dabd8f5d83ff9

SHA512
7fa6658dbb932020f14bf0d6835f1a2ffff58596f6758838680870a310833f12a8613240bf6bac389be1f46ab3567956139d786680d143fd4694dbc273f12b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
20KB

MD5
60dc4c8d075c2f821712c1d627bed9f8

SHA1
e9a5b07e40ff832ca6ea5647f2ce0c673216b5ed

SHA256
ccac68fb2041f85eed7ed7c6bbcd88de575a5fff4d9e1951c85224582f857fd3

SHA512
5f8f1cabdd1c2c42d868bd4e7c8e762c5c8a86034716926f21ecbec0b4a0aa4e6c87eac90febf256eeeb6009a699caa2e252c64ed8c385ef212fc29b28ce9b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\213e86c1da315ddc_0

Filesize
31KB

MD5
441651a657fecfa8c4d2c4376f65440e

SHA1
e3aca54c8fe3ac26931da18a979f0d3c288f63c4

SHA256
149ff35513a60c4833b419c72a585bcce0048df8a50705ba542490d92dcb0834

SHA512
1bbc8b6b4f71a6612648778edf242ac9399699ab50da7f6db6c2ec014a788d11d86734c4b5a818541b81696fee6809029b8acb10b0bbf70b27a0c15de01aa259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
f93def5c28b8e276613a80781ded620b

SHA1
b385ebea6b491a41bfd002a44eba815fbcf71666

SHA256
7e581e6e8af14d199d348185f5fa02add5fff821c78ebed3b4fb32c019c73167

SHA512
d7d13b05da52363770924b936f304ccbe1ba72e7ebc2d038bbdd05cdf3a49d5e1c092f6905cd502a3fcc4ff6cf217d0480c44fd613dea3b27c443efe1a937978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\485a1a5d8c7462fb_0

Filesize
3KB

MD5
c72284578502c9f762cddbbab70621aa

SHA1
4e7da5e80fcc2d396392c838a6518422d349218c

SHA256
a733c0f9f0034f5de746b0ac8afab26a8957a3286ca26a85e84dc11ab4d64138

SHA512
cff899d91cd09a0ca46aa242c0420980c687b9ed64d1a028eaf3ee563a77854799856bc36229b9146072d12c3aa2908fb6afd155503e230f2614a76fa0113a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\496896a412f061b5_0

Filesize
366KB

MD5
d3b1cffb145f4cd14283c1cdb9912fbd

SHA1
d72d2719b40a5fdc7ab5fbddffafc01eaf5162db

SHA256
c5408db94e8e61ab3769759358738d4878930692df84dc991c692a32b9c82e97

SHA512
35522c5ba9c416e1cef5a84d0bcbe3562c8f7f1bc824749e85e7d0ef0a608a2262d0f338ccf9fa5436ad1bd38ca73693204347a4d438f0b04b688b26eefe5de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
23KB

MD5
40316d7a3de7d16dbb229ca28a39304d

SHA1
974c6eaf36472ca9cf69a7eb09fe7a93c0e44e86

SHA256
70f1a2cd3570163b1e7537320ddce06e3808c7a64babb5be94574f9b363005e5

SHA512
3561c8f1f4c22f8dd0bae3990dc6b37e9fc2cd3747b89b16097bfe5d4fe8679ad8649f12052aee0449c7ac2ca069b26493d36d5f2bde2473aec554e46cc40bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\906f4fdd06cda010_0

Filesize
399KB

MD5
866d87e578f01f47255f045d3b951481

SHA1
e103dfa0d5fc820c561bf1d518e231c5448226e3

SHA256
dd5c4143d847cb690789786e8a63e0f6ef3ab3216806f5a74881db9e3ddb13fb

SHA512
6523fb2afb35c0d93b8b7b33de120271890baa172e5af5d32ebbf9b85f84c64dffd3534cc0ef8e3ee577bbd64ea480fb307fec82fe2960d6ecaf08dcca19ac48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aec8a6c419c34911_0

Filesize
32KB

MD5
07a37f3b070fcf7e03cc27d401685ca6

SHA1
7bbd9385b33886333198fb4e55f22b28fac6c213

SHA256
5f1b3621ebc4d7233559126a1f27a10b968d9ccc10383a0ba48941103701fcbf

SHA512
b187bc0b03512933c444acb7ff0c79198464820f8459f85c4f4d3daeaf74e7b186efa6cbcdc9a78c682c00919a7281a3e2650cff5bb517e4ebce4f6f5a34273d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0

Filesize
300B

MD5
dc3d690385e39cf1e678202c1dd7bd6e

SHA1
8da06373285cd2cfe27b7c1f2db86ea465fedb36

SHA256
0dceb8c25e7b3431910f9c970cd430d507cdd77bdc3edc31e27c04fd92b3c3e4

SHA512
6043ab8b453914c5445e7e36d2a61a268ffd523e754b59fbbd564fc9106111c37c8a3fb08409cfe988c43f2ddd6bf5ebe1ed203dd0be8c6286641c8261512c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
9e78cae55e4c8218bb91649d86513ed2

SHA1
354394a1996b03add770b53d684910ee62c5408c

SHA256
92027116ed5068451c9787b2aefa7aa16bdcab06bcbb2be8b3fd24e3b5c6893f

SHA512
6dfe7c2dcd08b6c4bffbb7a234853c255d74cb7c34f85153c20542d3e6912026ac224e490f2991dee943e9a3bb1da291baea7f3ee34ef580c33ecc2ffb254b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c75532969643beaf2896a305d66365d9

SHA1
b54e4b622e0af48f66c984407172190f6a7f4f5f

SHA256
dacb15004e036f685d0f59ade20f16f6b5abe1bcd6dfc04260d47369d3adf4cc

SHA512
8845ce3e6bd952731b4f4c73c164263079c5d9e83083c2c1ff96a0c7fa2da12e0a433cc3985a54cb77c1d0c571669ad3b68161af8e7b22140fd8d945848ccb57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7887ef1fdb857bb255d3d8e9312bdf5e

SHA1
f54466a376fb5ab9f1fc72028639a39c66db8dc5

SHA256
ce8e2066b04f14820417f44d61b1564c227dfa2b01806ae25c7b04067aaf0408

SHA512
531e6b1cf47f7a768bfc3d046bed05373c139f15e35f66aec81c49966576e4afd25ad9b19d94c1c475f3ae8b882e5e01f37c118b18643c0a22deea6a3e038fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
94e7e4d1808137b61cd0d53555973139

SHA1
cc0e739b65b53acf74ed62e2d133cc5acd63ad46

SHA256
973512ed89854d87e3d6dece2a95ad6e92ba8797fc824ec78f2c9804fca0b5a8

SHA512
5ca9fb76520c1259a44717e669496dc7dcb8ef0396d053b5086f90e98dfe1536cc52656024481e736464c44e370948bf527759442bce64f54e94a1d3b1224feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
01deeec97e79073be9f612e8fb54e13b

SHA1
5e7dfd7a23182bd3d45fb5322c087c67e24addf5

SHA256
a7b50c3c5612c53093487240addbd9e3d24f462b8058622f09144cb6c57b48d4

SHA512
f939e652b9d112b8350d7de9e5fa0ec8874b82b4b8edc6c4e96c57e1f17826c3d4094ce4e89ebfda8a316ed8e5dff7370fdd4bcdec864bc5d3f2fe51d2f56989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
1c7f6773f4713205e83ec093ec2c3fe0

SHA1
3c2ce4a14290b574222affdb90d5ed251be7418f

SHA256
21e435ff788afd56dd273c4fdf990732ac3872dce90becbb981cd45b78c397b7

SHA512
1d2d9f7e6d5b0312c6fd53b2bcc3fadc8970721eb0da3fc103d7de74dac3032c5dec3dccd90d5bd7837d84b011a5a22931320e5681891b2284365a5ec42c0bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f290d98b6ae6ddfde57423c334de31ed

SHA1
d2a15d285ede2f1cb06c8fda90cd65fe3553e932

SHA256
4f0a98b7341431a7eb256445b2b5dd582ea419dc8503552ce9b37496984d621d

SHA512
99f2fa6f28c405dd2ffabfd75d01261302cf84588d85b7a34912f38da2e08f895e7c788b6dce760d886c54b7b4bb69a9e17b2edf4ca1849471b8e941aff4d166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
788B

MD5
f45c614eced8196725d2b636ae3074b2

SHA1
0c09d197b5d088b935ab9285942f6812be7f07ba

SHA256
9b21555ef9374ad46031fd0b5dd7b2d8e10328ce6d080cfcd38ece31f08d9dc7

SHA512
d33282109da7c8531a4a88b420b4af597f25373475f0b07e0b2c4046331e4d3de8d61f7b75a24e457a55080a4eb9a8b5a327196d22bb22e249fd72d978252d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
f9823857fa38b4d327ca47290b983e2f

SHA1
b680a7a5f8c23efc59d8ce782b6916afaa85f3ce

SHA256
3b06eaf606baff1662ddf4e46de90091398ad0fdb38be9a8b9575808711b639a

SHA512
e8881b4ac7f71589147c180311ddd636bf24fce080f078ad8b6e0cac7b12b8f754b25c20d09dca6b052de53616e4b2fb0856234c598d2cd73a779f990975d347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
6a4decaf0fec91578d33914c7c8ddafb

SHA1
0adbd714734033e813e4849679cd81df06c0cd79

SHA256
647aded8ff64033f90cc03902309470b2b11d28625ff8fdb77af36865a06b5fe

SHA512
8ecabfaa51071ace2865e4b3c768f11f0bc1bdf383e607496fa1f6a05ed1caf5e11fd8712a8f6153ca7693abb8c264de319d1fa3a0b59ca0e4967b4c2976cb31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
51a7dcaa6a7a6f5fce44a3183db9c8f0

SHA1
459cd2e62dca70b379349dc76f1198e143a0447d

SHA256
6570db09e63c962eb405f89d6e8d41343400eea777387ed09dec2573c1948d0a

SHA512
beec89f85b43947dd7ed7fce6d7799e6b585796c44f465e8512e16e0fec5118d8e82df2e849600dc9895a81f5bdddf52f41695b6f58261da43b2ca4dd97ef84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
96bd8a58a1c8d9dac48b544b693bedfb

SHA1
6cf038ba961eb8e7a62f8196da5d705a6d8f3850

SHA256
61fcfb9d1c69ee75fa7759fd7b2ca6fdb02dd2e107d86885d9f4c56190bd4f39

SHA512
bd6f111a288bca1d301731fdb31cf6c909a9d7355fc2427ebd807e3f6808a1faade7937a9ebc736da542e1f914d3b29856535bc5fdf6f5376276726bdd6e8dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9bb6d49e5a7cdef13e574af2896345c9

SHA1
ecb53dcf77c74f7f4719540aeeaccab3a19fad27

SHA256
e00b5f7ce2b7fb53ba7dcdb946254284d2991d82da8c390f90c730a9e2fed9e4

SHA512
3d40507f234733e844ea54b55001df8c30a30b09943c210904fc55ef213d55c9fc42008ccab690c222c5b27572a606aa695bbf5efaaf424c1c942ebdb9cbc092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
303f7dd57ae6dde83b462b4a002fe9ea

SHA1
faa66720b948777415ef885cb60f399e0e12f3ae

SHA256
755769f783cffe9a1659612b506938b358fbbc1363e6d3cc4fb17538345f8448

SHA512
304280f06b13eb008d3056ff3f394194930116c7498c8d5b1ebfa49fbebf847456a1486b08af513e862b7c9f9ef800005ffbc87fd1e80b40e9b4453976794df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3528b2354b0ed4c44148410dcd3c255f

SHA1
c3c2bcb508ae20c1af15831eb02474a0d677be29

SHA256
1d9d1649b13e14d7fd607943a838c2f7a7024d1bb40bc55d05c5b0223ba02e02

SHA512
488e5792408ed313cf787649691947be6a180ccd827d4001ab6c21acbadf06ab33aab82fc2407aebc48e61f45b5d76c26432eecfa5d2cc1838ea36e0a407a226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
430d957ccfe2f270f03d7253a3272f73

SHA1
2520bf9cfbc482cd3762ac119a55e95470b07520

SHA256
3b1cf80eb6ee7b4f8169aa2b2d3c1253e8436e5621087ab96b594c1b08bf7f1d

SHA512
93f00e41904526e030ccdc96847109f18a5ef93f4558bd0cb08a0ac2204204271415b3892e60fe54220d9309c67664bab2343ae558748f3e2948c61f3b0cdf34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6614a0981b739cd7938a744a0c478560

SHA1
ebb6e5f838491357261cf027a7aaf91d70f7948b

SHA256
de285fa2482323391f0fcbe5bcf1879a17d0c59d1e2bf655ec7343a87824cbb4

SHA512
63c639e6aa6238b3e0e1c1cf73a5f8c3e474834e730c340c22d03f4f6041df53804939285f04315dfc340eed4ca814b0a50eca881112944aba3c8f0e01ca8147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8f3f72cc832bd1a8004c7621ffc8ec3

SHA1
c59e3cb81bbbf87f2c3ac048889bc6e24af7642b

SHA256
b67361d80dced54983c1d63712fa358204f51aa68454b3319cfe2a31c2285bb4

SHA512
b79993cb27f43ceaaad91c7b552f33d39aeeb906158f8a9a63d1231d3bd58f78539bd2a29ec8f33db526fd25cabd411b9a9a1533d9f35b8a99f28a0e6187d978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
de3d5d3ac497da3381f9ec9d6807ccff

SHA1
3d5ad153b2c52c9bbaeaf55624899eac6e44a07c

SHA256
0f24e36b0c0bbd5853f94081163c8eceff83ca51f7c6230920cc3765db0a0c3b

SHA512
7ff0edf71e93bd0a8bfca966cf30e2f88e25e0377ce99db94d1b711fb7c5423b97f5c05c0eeb9e1f760dc7c5e53c958ea4b3ed855d64e6d206d8fc5b209b7be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53045e12c273eddface7079ac5f5882f

SHA1
3195b4f5789af112a9c1deb6ce356c7557ddb154

SHA256
3bfd310b95bf0215babbc983a2678768b5fc74ebfb55212254d40471750b8af4

SHA512
1dbaf6036dc849215ca19283205ec5101878d51a0af836ee00f4c7873e58ecee8c88e243c3267cb7fde59337d8dce3ff14d731f67f126b696dd6721af3d01155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b6f8c788ce94cea0f625f6adfa51fa2d

SHA1
4fd0b39b3d1b0861e1291e06ac90b30bc0e2322a

SHA256
7a2d223996550b1641111ad77de5110289b132a4ef5dae53afbbe5210b67ab2f

SHA512
9f5140d34ac4a02592a3eced245c8bb8a18214268f482951e5f0ac6f03c80f724c658b805147cb95a1c30a385bc3319caba7271f24f268b50abd48e9bd7e6aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
35451e3dd336bf4374aa6d643b5c7df7

SHA1
52fcb73e9044ee51ac99b146c88085066be4eea7

SHA256
67dac16a4386cb06e774f3542e4d696ab2db412b1ca81f87ab2c6c1bc51dad40

SHA512
550339976697aa78b0d756df101c5358cc34d2db22f38d9c6d3f98a4fd9b7eea87546cb4fd7272b88e34d60ea39eb431779c28af7ee55b89c348f079d700582f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
748285f167087c2c40a9ec0689cebaef

SHA1
745ab28e5a756cd3fb16cdb97c76b75ee5fc1ee8

SHA256
e30b17e0ac5a448c29ea6438c92e8b47ee9de6c107512bfc1d95458a535760f1

SHA512
4e721648d595c7b7388231ef24b39e88144a1a0a86f466467958b46d49e5ff8a087691a5c5811de401b001c96e338efbb21a167b485814daaa821489f9d61d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
12867d50810631dcc298b0ab44ad22d0

SHA1
12da02da633a82cc14b9e48a9e3f53bdfaf5c70a

SHA256
f83d71530483978fa7fca9da7bf56a47835bfb29e78dcf8dc6b7cd78a40c9b42

SHA512
5f9984a4d05d4d32354619caa1a222e47d2bcbe816bd2e34c74646d7eb8ac47881f601cdcbc801cbe1cb95808a7794f5c1dbe1cb0a4bba2bb87d9fc2fbc061c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
28e4a614c542bca5a4eb26792d822953

SHA1
c1c245665fa3cb77db36e4624cdc68095e1a5edf

SHA256
6fb9617e028b3678ffa5d74b99555a997b6a34ea0dd7a2c9d8166200806db79d

SHA512
2630fbdc9aa59c6a6f1f4ed019c65800f754fcb8c76394f162a4f02ee79a7e37d2d72bb278b4676e32ecc2de0326d78848b4e3bcf72fe2ba2bf3447868b9aeaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
69ad9877c3af24e0e2e0391bb8c7935f

SHA1
1ad68d4545217de1be582c110520bdaeee3c6df9

SHA256
5906a7ee24c33d78e016fee31d7e4c7c2984b6f9e1af71348819fc5bb8527cb3

SHA512
4ac3f94df9077132bf2dbfb7a673d46f0fc86de6748eb37f3371a165a00e1233705cea89375959adc893097d2392005ff86ceb045c59a8188c7f7c25cead1c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
f08d77223057419173e6d43e34946c7b

SHA1
d6a927558fcb318112a6f179d2e29e64f90b9812

SHA256
74171bcd632cbf82ac4887b4f42ff68ca3accaf53c80ac3aaaa2292ff1ca7743

SHA512
a9a7e594204af4effc19f392053140cb8d69b9c28f4e5b66126b844b3773efb7ab9a30a94bd12e5f07865ca15c96d1fe9702bc8d25c0c550603261d1c94af865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fde4f25a805d8eaf11bb715579bdd7e6

SHA1
d1a26a32e5ad8b485870f87cc7f1b17bef29bfb1

SHA256
2b1b93bf4a843945cf7235c217006ebbd407db96936143fce5511b9b8f7fddc7

SHA512
a545cdd3f5651d7cef512d3d4f259c95e72d9a5190d012b3737e86cf544a575e29888f8fae6518c376b6576df697b4fae3c16f60edb899cda2cc52b6f078a0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9a02dcb6ef78773b48aa73d7955a512c

SHA1
efe29baab46b8156cbe2a3a0490086b2645a1a0d

SHA256
5520688de06bb4833db49202394829ecc2769e0a15bc7d3f69cb8e131313884d

SHA512
fedc83c41ed5f323f680e4a8883dd4f5b04393acc9d9b2c610c3d3f66eb76ba45a9fbb093863edd097fcdac03ffa1d7b6ea636cb351efb625a44d385945bf6ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe605b05.TMP

Filesize
48B

MD5
a62ec7398b229bc278ba1651839d4992

SHA1
d1414e828bd7a36acabf19dd2f26afa78c42c40a

SHA256
53798ee379588b647b38af2a2b218e5593e09d6a3138d7bbbd10c4a3f2a9ccf7

SHA512
1c0b5ab8c675bc591ca78497bda9f54dd867c674573ebcb998efa7dec99d3ddd0ed5b8d8e2164d99dabb2b5998e62f5e087c280c82880187b892a0284d6adbbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9728100f220568092de67ca49df9d30

SHA1
1367d864487af428496433b82df2f08e51259645

SHA256
7d38d262fb392ee2bf23ea1b5dcd2db79812c33ea4feb5f52d1d2d00b89cc275

SHA512
588a5bab5e310f78f0e14c00d02c17c4c1e01cb8c80c4978f22e4513663460b42a0a339ed7d61cab979699baee2f73257ad155a6bc88299a55b1906f751b0d49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8207cc1345ba26138e0fdc9abd8f41de

SHA1
c44b9ce00e6296530df0fe2db924bccbfd45f8d8

SHA256
dbe491c6f0d781ee1f7e09c49042cd74bc8df630c4b0fc6f4314dbb6790c474f

SHA512
804b0b562bbb13b780b62315f66ec2b035d17168152d6073fff875570bf8b862f0bd4a0158e012087fa6e0fed6d9853193bca5809d097e183ce9076f16dba66f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a9fbdc568ab2bdfab4634ec7c191de9d

SHA1
38933b1caf6d46296df731f0ad69ff5be29970b9

SHA256
b5c58f00b06781a59c4d7da4d15ca38a8135cba04b7d19fc6baa86b186b99c23

SHA512
591cee3653fdea6ff7779309bc50b9fa9b14ac251ba07aea12d9c3426ba629bb27c87bad2b4e910de9cd68d554e590cb05a96412aaabefbfa699d5218144118e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a567ab1e65d09364c8637f1398137764

SHA1
b100bd25018e2f9cf4b2219ceb6860650d4c393a

SHA256
1ae751312899d3ac0d60ec0dd91d649e525f79a24a9f047a1446cd828ad428ee

SHA512
d5810538fc9da75fe8ddc4a3d8579a9767e4b9374b466bfa17df9999325fd9317d0d73bc8abf39543c90ced93f403a24e8dd783b84110a47bc4050ed57b17e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9d86bd2083f9e2c5db6d695087933524

SHA1
0b7db49ad91919937ee2363694a0806e944468c0

SHA256
8a3733dcba30ac100a46038e72851360e5af66e364b4db8809c80a64c748eecf

SHA512
e6a9bf1c1c4c90286d174da8b0291b2ada2bae205e64c686b63b5e8ec4c225857881b1ff3a334d6f8773ee5f9f2e3e9a396498f048752100a3d02c8d9e350eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1fcebbbed92e008e876901bc49dfdcfa

SHA1
4bf69104b5301bcb0e01a7d0c26506b2968f9aa0

SHA256
c28ef97316486fa0f5bb6a6ea91728187a902398c578244a836d2ae0c0ab5ac5

SHA512
a7a8ba8feebcbe147933bc47520eff773217af012aa919e08d68f392bbf4d55ae156050092307c6f882fa138141bd8f72055ac53bad794922e541b3c6c35fc67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe63ce6f5606c1be1bc1d59e2905cdec

SHA1
5cf83aaf78b99409f3b732221a3538c5b42d5a6c

SHA256
f36eb1fc43e4cda6ec793aa67c934a78d9f27b14cc9dfc91282497056cffef6b

SHA512
a34070e13bbe7f44bd7af2168258e7c21fa3042ff4a529e954140957cb6d0fe82a35506faec365d70902f6cf096336adae30ca7aba477813f66fbe2e8d1b1fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
89578ecf62a1f439b2307d5d27bfea56

SHA1
b471062d1123fd012993c98139685ad740c91506

SHA256
4f0efcb807bc1e6ae8637285879fb601ea55c51ef6687e6bf5a42774eebea1fd

SHA512
10c7f4ae47126c1a0755e83af1898483cd34650a0417b45ecc543949d73ea12b1171c1acd80da8d2031928f630be452d302732f101baab92bf651fa43ab0d680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
95fd55d5e5a64423b6cc7660ec720ff3

SHA1
45511b6577d17ac52e2fc6e57e63f491cbae587d

SHA256
f1cefda664a2fe90675448018a462672e6532880a2ba64440a0b2374fad52156

SHA512
7f6e1f148d17db1280d9d0e700811cbba38962fe5bab35bed1be7939e97d67374795bac74075aad6dbab4865568d411564dd6c34da97b4463d81bfd6c7e231f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c135ff4933a503e53c5cb287a0f304f

SHA1
3fb428e54ec05dcf93a87da8dfadfe009ffb8555

SHA256
286651bffc8ba5ecbc7aa6ec373613e3f9391f3d25c4b53a05148db8123d8b34

SHA512
8dea922782c4aef2789b654eceb97079fdbe705da0216034fa12b6bd9ef36ff8c28d96ffe82a10e4de2e8a2fe49d65d48d73594194401358cc3e3f2b446298ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7f0e762ae17dcb836a1e788c380a6fa6

SHA1
6709ad53efcb5b1cb21eceb3c7f22a5dd445e87e

SHA256
cee5c5881899a3ae38f424558d8d629cae3c6fa6f81b7e756482b35fdd588b6c

SHA512
6732f3a3a8a008b204345c1f03212516c7cd236daf5bf68585548a2d1adbaec0ef3dca27bbb4db8dbf75efe0de40dc221a22600299a648bf93d21168f73a4641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
75d91dbdffae057e1a84160aa6e7477a

SHA1
2ace7e8443d8d13c3b0fde834039a7a8ef05b965

SHA256
c76ff8d70a9e534aa2d7da3f4dd8629f327b11e286dbc7542ec331b6938c19c8

SHA512
5d89bbef175f4b8c798524f32351f52428897859d7434c508849e63b4a15d70832f601c99b7bb4c49e1c1bcd8c0eb1a13660ff7de38e5ef8f555b3cbb359eaaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0cca92e8d6b39c5ebbabbc7f9ef37575

SHA1
c219ea686e46f3c34ee28af176d66b342a51536f

SHA256
65e46f506336a3f89a5e2a93d5b9cf88a20cec27825a7a98eeb6bd0a43c3522a

SHA512
4efc5b949fe46f2b414e27949801fc542ec5800e28ba8999c4abfffabb7721aeeb8ed55b95de7d38fc43e3a089c8d766b90942c3edb70a4d8b4e3d5c3e82f987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
731bdfae8de255f7ac3e444e8ce83cf2

SHA1
4a9584de80f582972eef76394a0655c91c788d35

SHA256
e5dea04ee91eca581650030fd4f98ea16f9cfd06655c48bf8095f2bc9c6ca78d

SHA512
170bd17ed8418d0fc4f9e067c86350d6d503b370f33746fa10ac0da886d9cd33dd90979c85a73bd8597f277977e8ea7af0467c8a59dc0e788513cd2d9f3feb2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8d0b5c1804131a7bd214fdf324557674

SHA1
ba3f8844572275c3f73e27d9c646d5d6f5f88455

SHA256
00055ad904e953f6aa25111f5cf38664bfc1378d7cde59fc740a38a071c6ca25

SHA512
28aa2718ec4574be612e575f0ec0683d301431b7b3872a7a4d3f805939f7111cf48f7b6ab3c4397fd18a9cee52fbc53cda280ba90c16c283cacedbc1ba43ba36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1c4c498a3834ea60b877bd32d4cb2f8

SHA1
2d7b063452ea171af75e09c8a8c34336c5019239

SHA256
970ddd51902825b9f13bad0dcbfdf6068ddd46f1fdc21641dac38e71e8537b4f

SHA512
a95ad4d7a9e3052c5a2b71afd5019b702945768d910bdcec0418813823a487740cc918f67ba9bba8b094ae9dbf26717b6e51582c6dfb2895e5c75c32f6227bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
25fb86fe9e2790dfea8654fe3df20b42

SHA1
5241d782579d395f39d4ec695745b4ef2a571041

SHA256
cf41b557c4050d27d88d010275e0e41a38baffbbd33882d88d0df1b3308e8dcb

SHA512
21d21691ef9df5c760af8e9be3dd4bd2f72d0e40f504a903f3b1e3ed233e001becfad0eeb3b550c98bc6d55f18187ebc43e6054e97b28727700d1c245358eb4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5cc2cb.TMP

Filesize
1KB

MD5
f24b0e313e558a32190f13380bd9e89c

SHA1
ff6a0d8263d5b92cec6016f607efebc22364e0ae

SHA256
0bf3e7791e1e8070e78b81cf508b008072132639814c3ef3ffe58f11cb7ffe91

SHA512
bf049cad6454a4e4536be6a88d075aa07f54ddf9c3621ac1ad9e320d089fdd7f7cd2fa456e38b01ed1cf2660ef4de9f59be95424facab76db7633ceb2e7cd37a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0072695865d7101b707849c38ea4f4c2

SHA1
358e17583152370736b7aee4b71c7707c12fbb55

SHA256
39f7b1d4995cf65a6010bb0bc1703ecb8a0fedcce05196eaa9f329d31dda1109

SHA512
73b7139589060d9cf4ca150e6cd27f35055e3cefe2cf1ece54da4416fe81bf21bd0ce795c52dca11ca952d9fdd4217b553441e29b3aea53cbb8132d512634898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6443f25e8d984fe73fe95848a8acac14

SHA1
1d8edb01a2238d226a398365d9d12f8b050cec07

SHA256
ce54065cfe4588d4af506c791168901200437e4202cae0acd4d27ffb1de8410f

SHA512
ccd7b1eb374b9b97fffec754362b1f1c7c544b40623148418cfb5e0006f79ca78816e403122f2877ca02c91b42c4956eeec6a21ea33cd15cc7fc6e8b1bb42e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72f2ddb6476ae22a593406e36ca0c177

SHA1
60ec4d133ce11f49a0742a800e639f6b5f474bdc

SHA256
e8f13a6eadd51e29e2430c16968f8e0d452213ef9fc4b3bc66b889ba71f1e192

SHA512
0b367067c13d1ef438743cbd6467dcc5e546009d51cb7c01e174813e54e40e7e0b72b2bdf8130411580008244622d160e42bbbb27a5b1375ae578f558fedb50e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
866fc864b22d11abc0567aa0d0799927

SHA1
6550ea52999beca0e0a354eb6dac52227abac2f7

SHA256
1294b82f9377c5923afc9acc93c54689c2842c31dd84eae4a0b07c8f8980551c

SHA512
ce4aa64e2da15972b7658de99475ea79d23b8518b49fde2f1a6b94db07a71c79ae7e4647f4435c05380fc641c58b2f101ef967b18d3e4f9c68f3c1fc5bb0bf5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
33faeb55113d95824ab067ff531e863a

SHA1
8b6e7558ae8effc68676260cc71c323306fe1bb8

SHA256
4c9aa7890f713a5125fa9c9a93431d5c6654c6254f08468e9fb202932af78d52

SHA512
0afd5253eaa86b816fbacd30ca034257a57a00472b0d98194a1468e95d85d4d53d1cb984ca2ae63d54d8316a84de37cedfc6c780489f5bb5979ca99935841c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21a6b2cd406345e5682dd6370d677403

SHA1
b9db91e27294b8e9954fb47a3ae3ff948d44cdbe

SHA256
c46237567b17f18ddcacbfb8e08f6939096c5b6a47bc1b83bea29352875c662a

SHA512
9a9f312f67dc079cd365fc3048e3d599eeea9c59f2ee138ef6061934c99840b6c05220944648888e17f7b21a761defddac8714f099ac3b237fbd79d5bdb8ab09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f29eb7ad989f37ee2d74bd0a468075a

SHA1
4094e2e70dfa3d2e3860d0883a27822d846c0386

SHA256
0b1dcb406fee7d9dc40ae37b694620db6c0679d32dcae38d0ca603d5fc495cf8

SHA512
99f838ea2448edcb93b641f47558d6cf65fdeef8be0bd62b4351f794338c707ae41db26711262b3b158e091a91206d46feeeb79e2b1884c10793b7f16647ca02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ba484fcf63992ff80747a1372e4ff33c

SHA1
10934f29f53ca31c167725d9ff46f1acd67ae87d

SHA256
c779f8d4af6c92d7e3401880c49cc446a0f38f1891e22bf1c9f867af7a3d6cfd

SHA512
15d339a43ba3d2a057e9676ff9875eeb03f189b405701752b2d0481e5eebd20057989448698c39cbe81f51e3796b156cfce23bdf84cf6a62da808e15dbe30a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
93bf6b802cfb40cc5f1db3a0f3a992f9

SHA1
c10fc8b46204b0fa26f659b5bb02a0d006e2d508

SHA256
72477d3d0647d03aea6aa51d656477d826a622a711a72ec288dcbf45bf1d3ed0

SHA512
ade08fac8aa4a60f93a1123f86ad46e6b65eb0a291bd36ba2998aa9275b32144df288f5ec6abdbebb9544b7a1cee189c5d10be89900dbf57599a86335d056fbe

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
069c37bf9e39b121efb7a28ece933aee

SHA1
eaef2e55b66e543a14a6780c23bb83fe60f2f04d

SHA256
485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8

SHA512
f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8034.tmp\LangDLL.dll

Filesize
7KB

MD5
9888fb6b91a680305b2a3e7b71d6561d

SHA1
4a7935da38f88e9f74f425078ee39eb6269c4e63

SHA256
81726604d47b192620bcf90d6e42ba8ee8b4c54935b0081655e08247d6b6c675

SHA512
f50755e5624bfc3a60a23a7dda012509c1e31d9772d6a0ccaca88e32ae8d4602e10e38003d78b1626464502db7ea7c47d772efb7b3ea7c3e2238bf3b9809f833

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8034.tmp\System.dll

Filesize
24KB

MD5
d997606c77e880be2744c44128843d60

SHA1
92bb9003dc14ae03963f503e82a668877ca4295f

SHA256
abb2613ff851b2cbfb61bf97e4eef9d4912abcb46e04774ad84812ab75d4dde9

SHA512
714d7ce786e9fbb6f0d0e537a146a3a24aa79089669dd168b7c110dfba667fa7afb794b3dd2b93fa76e1d1771af3347a0f568cbb0fbcc8d9755de9e6e54382b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8034.tmp\nsDialogs.dll

Filesize
13KB

MD5
bd0d7a73d0fc619e280372587e9e3115

SHA1
0cde473dda5d4fda8190e6460f3229cae2571af5

SHA256
c7f2afe3a2424e71563e69d862dc027d299d84fba4ac1ba11e593361daec0a80

SHA512
914983bfa336f9ea019bf5dc9ee403af56a6c7c1d88b8092609e4026a3377daa6ef9a8e51a93537f6769ae165c264763645a363fb6a89f8689f59caf985c18b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ce5c54bdb94e24cca24798dc5909b187

SHA1
f98a82572a49916b54eed10e3c837102a0002a33

SHA256
070936e8b03c4debbd3987cc09a3852fdb778ca3de289580f84759377990c877

SHA512
2946958186ced1077a7d78b5ed927ad8d38d0cfdb475e130d80aded7a98780fb63aeff6c88ef95b3a403afffd4764eb13f56f867f081c433c238c3ff3a0decfa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a3f3868324381f44d158dbb199f23052

SHA1
9a129f21fcce7f37fbcef1392f118f6709e2b6d1

SHA256
ce4e5d6ac75d2bcd8f4a4088f47b7837d512531df603d217838a46202e13f72e

SHA512
b71e5a069105e11d48d6af638290da5ca25d011139ac3b73267e2ebe85b3f6d2ae3410c3ed49d0db3b83a2a35f524f9629f898be01383ff9f1407bb7abf79da0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
bbd9bf2165b96b20439c92514a958b7f

SHA1
b4e8d54dc2eeb14d2bf6e1d41064bc5324ecee0e

SHA256
4fe4d5d22f245eaf5ac34d87ec3ec8f89225ce84ce37e3c856dc0dc31388c6f0

SHA512
dd5704c04ae3d3de7403118483a0f4d278bcc9aeaa43d83d450bcb411c21fe86b51161a9827672eb6f75c18b173011db654a3c3a2b90e76369f67ad6288321c2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-store-menus\data.safe.tmp

Filesize
245B

MD5
4739996064bc69a04af122214e11dc8e

SHA1
862b1f36b4d700a5d9d5caf12099f0a28f697cd7

SHA256
10d1811fbfa9bab315b60f991ca0370d3e250ff0d5f2a9e83f8f838ec14ad120

SHA512
d3aef729c70e0f7ce3ca83f88b1f70f4c0e5cf1be154cf37f12174ddd50a92a8b7e65b8cca3af81f5d4a238c91c83ef20c9ad0eb041dc2f8ff2dbbffc3501e52

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
16KB

MD5
bdb16b2dc9fb72043054bae6842ca831

SHA1
4e5add32e308d9d4bedc34bf1481b05e50a294be

SHA256
576305e647e9e022464343cc4a257d90849961791d53ffb20a5fca8b6c556fb9

SHA512
90e6d89d7dfa5919ddf5cf703fee9a37cb8fed454c1fbbb98355ef857e5ba4e62d5d59772db59afcf2c7ec7b7d7d54fc6be89cc548dbe8612f85999bd437e032

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
8e57fbd0f4fb2faecd59fba97e04d35e

SHA1
6cc39a2f78bd371864f477a2eafbea2cda81a93c

SHA256
aa28ec35242b4e44972129becb2a23d1fec3394137f157689c6ac3230863e596

SHA512
a4fdb4f45a6d6f8bde49d8621a19ee3c27f2f53fb22ef441568e10e19a1846f32507c646ade2147d5895932009e38bdc543c0d99e2e662fcb5b66e46ce365fa9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
4KB

MD5
c29d6a5c67e69ffc85d85bd1e21c6890

SHA1
8e040293f914a68ed4fac9c080cb1d5115a12863

SHA256
ec07bde0a980cc3a340d978fb3fc01b0ad8197928239797bfe31b5b8a21b7aa0

SHA512
63cb75fc969fa3a508bce5b8fc96172f4c661e9d7b8895b14f618a04d4575e1c6f926287d3ae52f868b89e8b77599ef5c236681a8740bb61c658540389769d2f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
1KB

MD5
819aedbc7a00f897482e9ffd88a933ea

SHA1
d5b54b158219ea61418188cb7beb29c35297353b

SHA256
698a0818af4dbec00ef8c9df974f1ab1f74de446d1cf58dcf422b8b5affe49cd

SHA512
2c74195a3af803098ef5c108b1eda063424876a69fd7feff01ea10cc4af046105a29c5f4dae804baacada304da13af9cd77e147352025bb5a2ee7031397c7d88

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
4KB

MD5
a7673f50310cf4a0153a99c383255ce7

SHA1
4a8a3f6b5432d7520ef9d55ae93179b9b6e64302

SHA256
b7f88b3e66f05640fc04ccff5db0264778ee32ce963cf8d62367d1f9aa944d9b

SHA512
192be9c3af42843e45596cb902b490c82e77c0d7dbd2481745f5eb1b1790c0456354da5f120f76964a3adcb29f59cf539c4ac17d653bc84db77eff83a8d26921

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++78692143-8258-46a5-85e1-36f4974b8538^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

Filesize
48KB

MD5
d253bcf90182a942189e1ee6bfbdda95

SHA1
813b618a3bc3425bb234f6c2d308c1356e8f4563

SHA256
deb8ac4b312789c47f30e894bfe2167cde82ceee5a3d259170e93ebc14aa0d2a

SHA512
206a6dd60aa09821f3ecf0ad55cadf538c3344695511329ca69734d7151f99a96dbefa0711aefdc06ccd61d70a7630343579bfb2cfbf3a4e9ac689fa9c4062de

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++78692143-8258-46a5-85e1-36f4974b8538^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

Filesize
48KB

MD5
e7e000a03c895d6f4ef7682d4e0353bf

SHA1
0ffe837d88914ccb4dcb9d6b0839746de41e68e7

SHA256
1f152591f61802891a4f8708b36d110b294406c2b0cbfa321783ccef5e3b9231

SHA512
f617fdfb4d61448b17fe5dfd233611c8be55492e9e030eee3d69f1e09ec4af52cdf5f09f6c3da1ce86a2b8d53879d178fb17e9c0afbff435f2f785c3a82f4b17

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
136KB

MD5
20cd543fc619208511391fc56e5fa2b2

SHA1
3a91089852faf9698de9f6ca266683d0168a2cf6

SHA256
064533b2db09fb2efc5d7bda33f9970a60ed8e10f2c50edec87eb0dd6a0e7fde

SHA512
baa1ed3c157c24604447e3e63b31f292503d94a9259f135bb115455febdc18e2c00a701ab40eb523094748737851462b040ea5d7df30846c7c9c2284bfd2804a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus

Filesize
2.7MB

MD5
27b7a3e94897d56f1df85a0edbeabe5f

SHA1
9ffeeb7729a792e4d949f455cc84ec40a0a8119f

SHA256
626309f3f0f902f566c1f0ebf0837045474e81c3831f47ee06130f0f3f173cdd

SHA512
e0945ee679fc2c606ccfef37be30d5ed7c318c26a48fe0f8c0a92b51793bcb1ba5b258c4aa3d6c25b71e93fb8e078a888795283bc0fbc2373bad457c1af6ed91

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
21.0MB

MD5
00a1972a2d4c657ba674a284649652a6

SHA1
ba2df6554a8d13439b29997a2084cb0e186e9cbe

SHA256
4ad4bdf65a0effc40c842ea6900758133b83bab49af6cedff6b6833c8c06639f

SHA512
f7f7af3eecf64abf3bf4a67175b9cce5cd05a5be7d3158693b74282e176b39eb745d928fd11da84d1ea6e2b0d7b1a8210f5050c8ec5a1dee4eb902481aaacb5a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
3b4fab842371bd6f28494a288a339256

SHA1
cfca591cae4bfd28486e5a23b406e8f12e408942

SHA256
ddc7a6c3a4b50d23daffe8e364c575fd7df9af9711b14d153b09553ddd3670a0

SHA512
90f3de43a01853d0029e8085f2107b3640074aca10ba8ab9f73648f203f270974fe0ce4df882ba9320c2aa18e2048c058bd82d7816bda7bc94a8baf333a05132

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk

Filesize
829B

MD5
b76811e2806eadd8be72f7fefaa733d1

SHA1
deabff396098d5a33e4cd8d112a5aaf1158a6c74

SHA256
0d2798988d3d00e7622ccd543ce1434a17f714ffa6c1fe7ac50e3e57a296d1da

SHA512
9c757724571c42b997af12ba3fd77974d450dc376ee40b3c991c27155a9299d40849a34bec0697e52a97c81f7698cf9451574f9d9a38410f41a77d2329eb36b8

Download Submit
C:\Users\Admin\Downloads\!Please Read Me!.txt

Filesize
797B

MD5
afa18cf4aa2660392111763fb93a8c3d

SHA1
c219a3654a5f41ce535a09f2a188a464c3f5baf5

SHA256
227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

SHA512
4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

Download Submit
C:\Users\Admin\Downloads\Ransomware (1).htm:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Ransomware (2).htm

Filesize
292KB

MD5
ea888a3313f59d3801d54dbfed8fd48f

SHA1
c1823d715dc1b7b0dc6acdc0a451fe0e14e73287

SHA256
e375ba9a8a9d0142925399387cc2a5d0c84bfd8d5c68b6d88ca540ce95cbdd65

SHA512
95eefb95cfa34c1f94b39062155fc79c19a100df747a1847a0878c3164eaae94d341c89c26bb8de38d0380db211bde3d5dae44db6e26e1a68ecc5f49fcce017b

Download Submit
C:\Users\Admin\Downloads\Ransomware (3).htm

Filesize
166KB

MD5
6f2789749bfcc27b241f0409dca1d1cb

SHA1
a9e7785cfd3bc0eeb28e889a8b57db83ff4a15cb

SHA256
960f65ff00b4fe69ddbed7cc0c577b1a02f3b9564d8d780e46abbcb0330f665f

SHA512
524a9b35b619af9182f4f3e147ea30c9b27a2ba9d2a0f660664ee6e0772a301bcba351f8583badb16cc4354069344b2fabf224164f1bd99f3acf2bb861032e89

Download Submit
C:\Users\Admin\Downloads\Ransomware.htm

Filesize
292KB

MD5
c9a10dd3ee1e5ff778c88f3c73e90d3f

SHA1
e7cf59e598e2c12844925c7b8b1bdf6a8d19a6f1

SHA256
7894fc53c18b1b0105184fbf13cece24aef629c75fe2588b88790bfedde1563a

SHA512
2653426114c72d7298b5ad8c0ddf619272b81e668a9ed1a37d668ecba9759a6b48b7552a390e795c73048310bf8d677b69aa201a9feca9dc627af49649dee403

Download Submit
C:\Users\Admin\Downloads\Ransomware.htm:Zone.Identifier

Filesize
161B

MD5
051d69fea7331d843992bcea41daefe3

SHA1
cf86ffd282de4e63145a379376b99ccd7f58d31f

SHA256
235607ee3d3fb70227d7ddd89e79614c78bed5faf6af86e9819e4369492a4a01

SHA512
dc6a3428860331ec9a090b19633bc1aecdabc5d10e76d7306e431c219340f7acb3b1409e6b70cba0ed49203c1b85052380ab8e99160dfc6a37328db1ce2332ab

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 142128.crdownload

Filesize
225KB

MD5
af2379cc4d607a45ac44d62135fb7015

SHA1
39b6d40906c7f7f080e6befa93324dddadcbd9fa

SHA256
26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739

SHA512
69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 39869.crdownload

Filesize
1KB

MD5
008eb3ab34f072865fde9f00ed20fb45

SHA1
c38ce63a94636220924ed026d83f83550f1ca2ab

SHA256
c6e96e3187939360ad6c727502e1f1307d9b4890961e0506e07fd854e099329f

SHA512
33a94816e7b696780b01886f240be45e4de801c940a7124a0f263c64a7e91f7d0a6943a614a2657e6417e4ab19d7817cb82009d3ff87432752182abb7e2ba818

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 916753.crdownload

Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 916753.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\a.htm:Zone.Identifier

Filesize
453B

MD5
53c2888d62d5f611ae5025a2161fd43e

SHA1
068a056c8c844ce6acfc1a87d1f866af304187d8

SHA256
5a21741134d981c283c6a97c0323249aa8163b11ffd1d4c77b2b19645cd2c813

SHA512
8f77309734aff1032faf2eeb6990c750d7e388d119e3d440407c7da6f8edf66222dee8069af2327e2b1ae1f4b7e9bae79f0cbf339089b34213137e844686791b

Download Submit
C:\Users\Admin\Downloads\u.wry

Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
memory/1080-5026-0x0000014B2BE60000-0x0000014B2BE70000-memory.dmp

Filesize
64KB

Download
memory/1972-1751-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/5092-4896-0x00007FFA0ACC0000-0x00007FFA0ACC1000-memory.dmp

Filesize
4KB

Download
memory/5092-4897-0x00007FFA0BA60000-0x00007FFA0BA61000-memory.dmp

Filesize
4KB

Download