Overview

overview

10

Static

static

1

URLScan

urlscan

http://black virus d...

windows10-ltsc 2021-x64

10

Resubmissions

10-01-2025 17:21

250110-vxcddazqhs 3

10-01-2025 17:21

250110-vw1dtasrbj 4

10-01-2025 16:56

250110-vf4rasznbt 10

Analysis

  • max time kernel
    500s
  • max time network
    498s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    10-01-2025 16:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://black virus download

Score
10/10
wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Downloads MZ/PE file
  • Drops startup file 2 IoCs
  • Executes dropped EXE 39 IoCs
  • Loads dropped DLL 10 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
    defense_evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
    ransomware
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 12 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 51 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 54 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 42 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://black virus download
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3648
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff83f3546f8,0x7ff83f354708,0x7ff83f354718
      2⤵
        PID:1068
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        2⤵
          PID:328
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:660
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
          2⤵
            PID:4404
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
            2⤵
              PID:5084
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
              2⤵
                PID:4540
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
                2⤵
                  PID:2356
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
                  2⤵
                    PID:4412
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
                    2⤵
                      PID:1472
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                      2⤵
                      • Drops file in Program Files directory
                      PID:3744
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0x7ff75d565460,0x7ff75d565470,0x7ff75d565480
                        3⤵
                          PID:2908
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3028
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
                        2⤵
                          PID:4240
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                          2⤵
                            PID:4264
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                            2⤵
                              PID:4564
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                              2⤵
                                PID:4344
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
                                2⤵
                                  PID:1488
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
                                  2⤵
                                    PID:228
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                                    2⤵
                                      PID:1984
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
                                      2⤵
                                        PID:1156
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5728 /prefetch:8
                                        2⤵
                                          PID:4232
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
                                          2⤵
                                            PID:1868
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6824 /prefetch:8
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:3840
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5828 /prefetch:2
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:7032
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                                            2⤵
                                              PID:7088
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
                                              2⤵
                                                PID:5732
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
                                                2⤵
                                                  PID:5780
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
                                                  2⤵
                                                    PID:6032
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                                                    2⤵
                                                      PID:5772
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
                                                      2⤵
                                                        PID:6424
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
                                                        2⤵
                                                          PID:7088
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 /prefetch:8
                                                          2⤵
                                                            PID:5816
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                                                            2⤵
                                                              PID:5232
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
                                                              2⤵
                                                                PID:3088
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
                                                                2⤵
                                                                  PID:5676
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
                                                                  2⤵
                                                                    PID:6156
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,10844967384230903414,10759797522657222196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 /prefetch:8
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:6572
                                                                  • C:\Users\Admin\Downloads\WannaCry.EXE
                                                                    "C:\Users\Admin\Downloads\WannaCry.EXE"
                                                                    2⤵
                                                                    • Drops startup file
                                                                    • Executes dropped EXE
                                                                    • Sets desktop wallpaper using registry
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:4256
                                                                    • C:\Windows\SysWOW64\attrib.exe
                                                                      attrib +h .
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Views/modifies file attributes
                                                                      PID:5292
                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                      icacls . /grant Everyone:F /T /C /Q
                                                                      3⤵
                                                                      • Modifies file permissions
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5356
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5656
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /c 27871736528379.bat
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:2964
                                                                      • C:\Windows\SysWOW64\cscript.exe
                                                                        cscript.exe //nologo m.vbs
                                                                        4⤵
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:6804
                                                                    • C:\Windows\SysWOW64\attrib.exe
                                                                      attrib +h +s F:\$RECYCLE
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Views/modifies file attributes
                                                                      PID:1432
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected] co
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:6960
                                                                      • C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
                                                                        TaskData\Tor\taskhsvc.exe
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:5724
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      cmd.exe /c start /b @[email protected] vs
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:6976
                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                        @[email protected] vs
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:7024
                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                          cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                          5⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:3952
                                                                          • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                            wmic shadowcopy delete
                                                                            6⤵
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:60
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5424
                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:5380
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • Sets desktop wallpaper using registry
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                      • Suspicious use of FindShellTrayWindow
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:5364
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qpyphsxnqogwcg162" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5196
                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qpyphsxnqogwcg162" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
                                                                        4⤵
                                                                        • Adds Run key to start application
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Modifies registry key
                                                                        PID:2356
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:6064
                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:6036
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:636
                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:7084
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:7032
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:896
                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:6520
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:6532
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:6576
                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:5852
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:6928
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:4856
                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:5148
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:5540
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5168
                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:4344
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:5584
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:6500
                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:6100
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:4928
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:4352
                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:5200
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:1108
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5308
                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:4236
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:3612
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:6196
                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:440
                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                      @[email protected]
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:2624
                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                      taskdl.exe
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:7136
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:3756
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:2688
                                                                    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe
                                                                      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe" -ServerName:WindowsBackup.AppX7g7ckthmr138zk16nhs1hb5tyevsa9p6.mca
                                                                      1⤵
                                                                      • Drops file in Windows directory
                                                                      • Modifies Internet Explorer settings
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:3716
                                                                    • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                                                      C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                                                      1⤵
                                                                      • Drops file in Windows directory
                                                                      PID:3468
                                                                    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                                      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                                      1⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:3148
                                                                    • C:\Windows\system32\vssvc.exe
                                                                      C:\Windows\system32\vssvc.exe
                                                                      1⤵
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:7124
                                                                    • C:\Windows\system32\OpenWith.exe
                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                      1⤵
                                                                      • Modifies registry class
                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:6688
                                                                      • C:\Windows\system32\NOTEPAD.EXE
                                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\UninstallDeny.avi.WNCRY
                                                                        2⤵
                                                                        • Opens file in notepad (likely ransom note)
                                                                        PID:6880
                                                                    • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                                                      C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                                                      1⤵
                                                                      • Drops file in Windows directory
                                                                      PID:6460
                                                                    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                                      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                                      1⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:2228
                                                                    • C:\Windows\system32\SystemSettingsAdminFlows.exe
                                                                      "C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
                                                                      1⤵
                                                                      • Suspicious use of FindShellTrayWindow
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:1212
                                                                    • C:\Windows\System32\Upfc.exe
                                                                      C:\Windows\System32\Upfc.exe /launchtype periodic /cv u3KSWDEdL02foc75dSGwXQ.0
                                                                      1⤵
                                                                        PID:2940
                                                                      • C:\Windows\system32\rundll32.exe
                                                                        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
                                                                        1⤵
                                                                          PID:6148
                                                                        • C:\Windows\system32\usoclient.exe
                                                                          "C:\Windows\system32\usoclient.exe" StartScan
                                                                          1⤵
                                                                            PID:816
                                                                          • C:\Windows\system32\MusNotification.exe
                                                                            "C:\Windows\system32\MusNotification.exe"
                                                                            1⤵
                                                                            • Checks processor information in registry
                                                                            PID:2832
                                                                            • C:\Windows\system32\MusNotificationUx.exe
                                                                              %systemroot%\system32\MusNotificationUx.exe ClearActiveNotifications
                                                                              2⤵
                                                                                PID:6892
                                                                              • C:\Windows\system32\MusNotifyIcon.exe
                                                                                %systemroot%\system32\MusNotifyIcon.exe NotifyTrayIcon 13
                                                                                2⤵
                                                                                  PID:5032
                                                                              • C:\Users\Admin\Desktop\@[email protected]
                                                                                "C:\Users\Admin\Desktop\@[email protected]"
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:2000

                                                                              Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Reconnaissance

                                                                              Resource Development

                                                                              Initial Access

                                                                              Execution

                                                                              Windows Management Instrumentation

                                                                              1
                                                                              T1047

                                                                              Persistence

                                                                              Boot or Logon Autostart Execution

                                                                              1
                                                                              T1547

                                                                              Registry Run Keys / Startup Folder

                                                                              1
                                                                              T1547.001

                                                                              Privilege Escalation

                                                                              Boot or Logon Autostart Execution

                                                                              1
                                                                              T1547

                                                                              Registry Run Keys / Startup Folder

                                                                              1
                                                                              T1547.001

                                                                              Defense Evasion

                                                                              File and Directory Permissions Modification

                                                                              2
                                                                              T1222

                                                                              Windows File and Directory Permissions Modification

                                                                              1
                                                                              T1222.001

                                                                              Hide Artifacts

                                                                              1
                                                                              T1564

                                                                              Hidden Files and Directories

                                                                              1
                                                                              T1564.001

                                                                              Indicator Removal

                                                                              1
                                                                              T1070

                                                                              File Deletion

                                                                              1
                                                                              T1070.004

                                                                              Modify Registry

                                                                              4
                                                                              T1112

                                                                              Credential Access

                                                                              Credentials from Password Stores

                                                                              1
                                                                              T1555

                                                                              Credentials from Web Browsers

                                                                              1
                                                                              T1555.003

                                                                              Unsecured Credentials

                                                                              1
                                                                              T1552

                                                                              Credentials In Files

                                                                              1
                                                                              T1552.001

                                                                              Discovery

                                                                              Browser Information Discovery

                                                                              1
                                                                              T1217

                                                                              Query Registry

                                                                              3
                                                                              T1012

                                                                              System Information Discovery

                                                                              3
                                                                              T1082

                                                                              System Location Discovery

                                                                              1
                                                                              T1614

                                                                              System Language Discovery

                                                                              1
                                                                              T1614.001

                                                                              Lateral Movement

                                                                              Collection

                                                                              Data from Local System

                                                                              1
                                                                              T1005

                                                                              Command and Control

                                                                              Web Service

                                                                              1
                                                                              T1102

                                                                              Exfiltration

                                                                              Impact

                                                                              Defacement

                                                                              1
                                                                              T1491

                                                                              Inhibit System Recovery

                                                                              1
                                                                              T1490

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
                                                                                Filesize

                                                                                471B

                                                                                MD5

                                                                                52597e9d833a0c26e46e45b7ab100b18

                                                                                SHA1

                                                                                970fa6cae553ed67a7f0f85f27af755804ca2c3f

                                                                                SHA256

                                                                                4948b08d75d8b8102065132037fed397534902ca17f972e9f61943404ba6351f

                                                                                SHA512

                                                                                7b62c096019f5917da5726a1b2b0d585a5143a5da307f0b438277d557989e75c9babc701216712320a99e9bdaad1005c30db8f56160671763cc4847edbd4105f

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
                                                                                Filesize

                                                                                412B

                                                                                MD5

                                                                                8b0d496d4417fdf73b101f44aa9a06ca

                                                                                SHA1

                                                                                19a9d47a9c5a082e877a757f60162fef2f36c3f6

                                                                                SHA256

                                                                                cde5b24b1d97910db7a7a8c56922df9ecbc3d2df1df14464cf088c95770294d5

                                                                                SHA512

                                                                                e5fdc9a9faca329d9444bc388c994319ddc975d93b93284e29aebe5a59b2332de0035feb531d60e7a74102315a1398964e0f021458944e40ad173f8007e5a69c

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                7b19b7ecb6ee133c2ff01f7888eae612

                                                                                SHA1

                                                                                a592cab7e180cc5c9ac7f4098a3c8c35b89f8253

                                                                                SHA256

                                                                                972bc0df18e9a9438dbc5763e29916a24b7e4f15415641230c900b6281515e78

                                                                                SHA512

                                                                                16301409fee3a129612cfe7bdb96b010d3da39124aa88b2d111f18d5ae5d4fc8c3c663809148dd07c7f3cd37bb78bd71e25be1584bd2d0bacf529fa7f3461fd8

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                23fa82e121d8f73e1416906076e9a963

                                                                                SHA1

                                                                                b4666301311a7ccaabbad363cd1dec06f8541da4

                                                                                SHA256

                                                                                5fd39927e65645635ebd716dd0aef59e64aacd4b9a6c896328b5b23b6c75159e

                                                                                SHA512

                                                                                64920d7d818031469edff5619c00a06e5a2320bc08b3a8a6cd288c75d2a470f8c188c694046d149fa622cbb40b1f8bf572ac3d6dfc59b62a4638341ccb467dcf

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                Filesize

                                                                                67KB

                                                                                MD5

                                                                                69df804d05f8b29a88278b7d582dd279

                                                                                SHA1

                                                                                d9560905612cf656d5dd0e741172fb4cd9c60688

                                                                                SHA256

                                                                                b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

                                                                                SHA512

                                                                                0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                Filesize

                                                                                366KB

                                                                                MD5

                                                                                e6940bda64389c1fa2ae8e1727abe131

                                                                                SHA1

                                                                                1568647e5acd7835321d847024df3ffdf629e547

                                                                                SHA256

                                                                                eef5dd06cf622fb43ea42872bc616d956de98a3335861af84d35dbaf2ab32699

                                                                                SHA512

                                                                                91c07e84e5188336464ae9939bfc974d26b0c55d19542527bdcd3e9cac56d8c07655dc921acaa487ed993977a22a0f128dc3c6111273273ff1f637b20bb56fb6

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                Filesize

                                                                                19KB

                                                                                MD5

                                                                                2e86a72f4e82614cd4842950d2e0a716

                                                                                SHA1

                                                                                d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                SHA256

                                                                                c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                SHA512

                                                                                7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                                Filesize

                                                                                63KB

                                                                                MD5

                                                                                226541550a51911c375216f718493f65

                                                                                SHA1

                                                                                f6e608468401f9384cabdef45ca19e2afacc84bd

                                                                                SHA256

                                                                                caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                                                SHA512

                                                                                2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
                                                                                Filesize

                                                                                20KB

                                                                                MD5

                                                                                fe6e182c22ce8e0fca04e21242825a4b

                                                                                SHA1

                                                                                363fb33914dd0ff41a473aa2fc0f3d8e11670384

                                                                                SHA256

                                                                                6648d0b2d3cfade77810ab3e50524488fb4aa8e0dc843c66782c8742149d60ff

                                                                                SHA512

                                                                                7442d0b86bfa2386a8712e70a7af21adf0494800d55a518bf3bc1ad55a9f24a1c448c99e4ea5e5a9412105398b68255933a262a8ceab103b676645de039f65fa

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                5c7cb890cdd34b6348a47d18c35542be

                                                                                SHA1

                                                                                31def64a0b31f479d11e6d4aaf17a95481716b63

                                                                                SHA256

                                                                                e7209ea973402333ed23b1ae0c110077a9129cbb157c9d9dacd1bf52a5edfddd

                                                                                SHA512

                                                                                49ef588de31f4c499335f5d5f24964ba75a5c4ccdc5809fb360b1c2dc37ce2e8f18d0950e9634217141bc5251057a02e6472c505ec21c9766987ce1b7341c3b3

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                Filesize

                                                                                48B

                                                                                MD5

                                                                                885fa80031e6a1da4c79d424582379e2

                                                                                SHA1

                                                                                15d666bb3e1d8020a8726b9549edf7ec46c56f66

                                                                                SHA256

                                                                                8633b7d4dd4d3c08975c55503a506de2009c96b48046b670f5add857f3ee3f56

                                                                                SHA512

                                                                                2eebb05164bbab0ac02fb9b1dcadf2613fd549cb475ab04e8a1fe891e3f321602540cee196a7daa55b25d16b6309ba7127a5f6c6f675f4a29bccabe16d5bafcb

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                066aa4f8a971a49db3a753018b9a6259

                                                                                SHA1

                                                                                51a01dae66f03fa6e597d82b7dcfd0af38ab18de

                                                                                SHA256

                                                                                f5c66cd67942fd4963da04c77234e1c1b42653340749434b87c1898b9975a1ff

                                                                                SHA512

                                                                                5c058902a97a7c9336b58a66d4739611a004044141030f8dc99383b91f33bf66f7ff724564b6116b8a585c5f78e70f668be42d059e07262065b528d14719e37b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                                                Filesize

                                                                                70KB

                                                                                MD5

                                                                                e5e3377341056643b0494b6842c0b544

                                                                                SHA1

                                                                                d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                                                SHA256

                                                                                e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                                                SHA512

                                                                                83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                46295cac801e5d4857d09837238a6394

                                                                                SHA1

                                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                SHA256

                                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                SHA512

                                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
                                                                                Filesize

                                                                                41B

                                                                                MD5

                                                                                5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                SHA1

                                                                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                SHA256

                                                                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                SHA512

                                                                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                41876349cb12d6db992f1309f22df3f0

                                                                                SHA1

                                                                                5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                SHA256

                                                                                e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                SHA512

                                                                                e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                Filesize

                                                                                871B

                                                                                MD5

                                                                                8c3b6a7bfc3c5b3510fdee7a9c65d4e5

                                                                                SHA1

                                                                                abc19aadd53782a59026547ab04491e1bb4a277a

                                                                                SHA256

                                                                                50cbe9406f0e55a7f69506952dffdbe7c14f85f442f213563bfb34f218f57317

                                                                                SHA512

                                                                                fb1328b300206655d572196fd374fd95c5914d0ad67c4bf62cc50a0170257312e62e116edf23cbf4824283ccdba68adbf510adc3ef2d87dd076a26a4c4404041

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                8260819a033bfbf7c358d9c7dd24b59e

                                                                                SHA1

                                                                                c9e2d7c59cce4f6bda2115197778bd247f87e793

                                                                                SHA256

                                                                                72cabba142745d60a0c01e987a8a6f76cd95585ebb650adb44029dfa153e2218

                                                                                SHA512

                                                                                528de20ed1b75091ecbc53b67214b684432708548d1a2ddd34d3ea8aa7095b386092c267f6802eb36597cc2bcdceaaa5fd197d6873e96ddeb97d21b4870deba3

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                a52c029b62127a48dd0bc64eb39d008b

                                                                                SHA1

                                                                                ee4a052f862205e3440fafbbe97ba21d4abac9b0

                                                                                SHA256

                                                                                1b28c9adc59c9354d489806b65167d58f7a36690f43f0a93bacb83a57932c9ed

                                                                                SHA512

                                                                                7f560ffa65cce114b761b44a337d7d900af6d91ff6622916aa9ec5d2722ca7c860a6cd2723018ce96d342001e04b38e77bb59b3d7ebae23ebae9b33b684835f7

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58c09c.TMP
                                                                                Filesize

                                                                                59B

                                                                                MD5

                                                                                2800881c775077e1c4b6e06bf4676de4

                                                                                SHA1

                                                                                2873631068c8b3b9495638c865915be822442c8b

                                                                                SHA256

                                                                                226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                                SHA512

                                                                                e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                fabc64af96c06a625dd96b28a588364a

                                                                                SHA1

                                                                                deeef948f0636526871128c9c6bb1c9c83b8fb0a

                                                                                SHA256

                                                                                11e7a326f5b74b7478ce639d79496d7d07998a7eaa0e6e18108eaaf476980bf9

                                                                                SHA512

                                                                                34848371050083fe551f3414075d94aec1c2c781f99df84d29bea1ab4456c2712136584f24367aef950392ada5f29aaaf5af5eedc8df48d7d8c942c3166a5c8e

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                82cd1b12396f72dd5a1c4b1d08cc580d

                                                                                SHA1

                                                                                b64f4f74c21a9d746a8138c2896e628dd4e8407e

                                                                                SHA256

                                                                                05e123889c6547cbe75a28c4b13748576de5f6d4001efe9c33e82849620d4992

                                                                                SHA512

                                                                                4714ff886968a98fe4ca8f1a8fd0953412f4aa7045b51590cfbd01426f75444ce48e2fc851ee2dcd356a8567e96c14203caa493159ac34514022285ed8bb06c8

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                e3a00eeacbb361a125bdf09ad777c32c

                                                                                SHA1

                                                                                6424a29f41d0dd9bd2d50399049a3adc52e579ea

                                                                                SHA256

                                                                                5e00c1295e28e2168eefb95c040a9555c640dca7947ac8036d4140638af60ff4

                                                                                SHA512

                                                                                3ee748164611b92fab2042d36736df81f793db40b2604598cc081928ee30521fb9139a8efcc64d495fbfb7cbfb04a44e6bd5add2a64e54993729cc7e326d635b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                3925298df55fef92a0b22b7d230fdbc9

                                                                                SHA1

                                                                                0b5b3e56f7ed5ef8a5ace939919e5acab9707048

                                                                                SHA256

                                                                                e9b5e9bd065ef99d831954930fb288620954e327b96e7be703e419e1d396e93c

                                                                                SHA512

                                                                                3436c44145c4e0bbd0dff74686f4370810dcef7d6fde467dfede367d81ee10ce02060b31c6f60c22faf794bdcb77a11e578e20e83da10b8de6e97b7e5761b937

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                12a859d0006bc25e338f5510f3f9cb9c

                                                                                SHA1

                                                                                f2e5d29b5d6165820ba2cfbdea1267604e9451db

                                                                                SHA256

                                                                                e371cae255c8847ff6a302d259f20eef656d71cf1c5f6778b357b06c2a759489

                                                                                SHA512

                                                                                ce4c2db69ba3e706ec160ca942110456d75d59afae7079696d364ba86aabb5af276900e44a94c59bc756817cd8f44ecd0b557bca5aee00e66c0214c4fc852e53

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                d71e84f3c89fe7f22ee3ac2485daa647

                                                                                SHA1

                                                                                543f6ac0c092b70a9f3ff2814d20a6da4f05e5a1

                                                                                SHA256

                                                                                78cd7f5b4c05dd153144a4fc0a99ea6b5cb18be1d77a9bcc1ecc15292efa9c31

                                                                                SHA512

                                                                                343516ba08d37b61107eb68319c207e42badb761e882530d2ce2adb17a57adc53e19740e5b093512419d7995be37db5e462ef036bcca2c342acd2219b2c5acb8

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                6ae74c8ada2984b703555f8e4bfc7cbf

                                                                                SHA1

                                                                                d8ead37575727b9590c49474e40609739fce4e1d

                                                                                SHA256

                                                                                104d8a6d051a0a06d827268c3fb3ba7755cb63c3cbea3c5cade36c98a40dd6d7

                                                                                SHA512

                                                                                4b405bbd0b4308193bda56f1e4a735aace62513753389361934239edae268e10805d84a59b867eb5c0090e05a77df8ca59415450cc3be99efd0ea5bdab9df56b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                Filesize

                                                                                24KB

                                                                                MD5

                                                                                8cd513127214e252edf0454f329bc002

                                                                                SHA1

                                                                                6f47fac6be8e7331e54203a7865e86b32cddf16b

                                                                                SHA256

                                                                                3df220380a8bf881117c17102a5c70ae7deea18ec92e7c478df2ee904d882108

                                                                                SHA512

                                                                                0b6d2f2e12bb8b15175875b7118778e57475934dee0476bc3ec989c5408d1ff5cf1c2d5dce4bd980a3ef9bfee232f974fa90050171826f3f0847f9682ae7e4c9

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                f85b7e9067cc0a637017491bcb8ba946

                                                                                SHA1

                                                                                8f2d72f09de1181e29cbe10bc2283515e01fe1d1

                                                                                SHA256

                                                                                e0010abf78d1840e46ccb6d98a29bf6a166df3a0bd84404fa64734145dc38dad

                                                                                SHA512

                                                                                66b1263c9cc3eab0fde959f187d6023dd122ca4ed7bfd1782571e49108d4d187154d4bcfd6359e2dcbebbc83f73ee88d8b9e2d6a92b0a3baa2eb57bdf397c3b7

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                306c2aa67323000d572c6ebee29e0eba

                                                                                SHA1

                                                                                b4f7c20a04bccf80df98871c41d969cd9da7ec7b

                                                                                SHA256

                                                                                daa2f364712664cf6bc4e14c102fb472ea328a93d9047c7f07c2a4acf749f823

                                                                                SHA512

                                                                                543381e5522c45332703f48d9d3fc2fd0363cfd33160101ed5ccd828e2602ffe608de47e2f90cfe207a3d6fcc9d41e6bd63588fabd10e614736c8221d42fabc6

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                1599c303c82c52514db8029cb5c64463

                                                                                SHA1

                                                                                eaed5ea222eadcae883f1a0a193418032c8648ac

                                                                                SHA256

                                                                                7cab3acc55b43747f9dd41ec1f49b5e8b850cf8881f78be9d2f73f2896c33b0f

                                                                                SHA512

                                                                                86e489ec8c0ada3a8768565858369b703452c0fcb6efd685a4c620525d667c709b5b12f324db9708568a8dd256179db03526d8577ad5eede8e2ff5a38bb6ff58

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                c374e761cb50531e5c3c04553bb914a5

                                                                                SHA1

                                                                                8cd9855aed4022f479c2ecef7c445372d6b94c91

                                                                                SHA256

                                                                                f5f86eb9d707c326b31b004a6ef77ca84cb059cdbe460aaeec15014db027677d

                                                                                SHA512

                                                                                333980557a344c37765fa84f0a8bd09b9a3e12fe7d66af9c59edab232918f1a111735c0000ba50ac1112b60cd026c1c32504b7bc3be5c1f37c8ec4c3b8075cec

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                1c4ba00a51bc5fe82d97feb0e9c70112

                                                                                SHA1

                                                                                27004b8ece431d1bbd98e1f3fa3bdbc127622fc9

                                                                                SHA256

                                                                                5276e3d483382c2af7adb8502936e24e2501963fe7827286fe7eb00071e2303b

                                                                                SHA512

                                                                                91b1d025ad64a69594c326b23c81e4143ce290cf29711da7edb419315e91409599bfedf254e9ec47ea9c42263de9b026e95aa643845db51c05d361e45c6cd849

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                7d5bf0864e33b9c84f6c2a816726e012

                                                                                SHA1

                                                                                dbde7e6276545db261674d15bd76765116e418e8

                                                                                SHA256

                                                                                c8ffe1630f118c22f8a309ac0bb0b99da8c02fb44a468fe5015ba8535dc79fd6

                                                                                SHA512

                                                                                fb42def541f448361dff2dddb537702eb3274c1827e36a1b92567ca055f5d21bc7131acdfc63d1dccf3e6774ce6ea44fb4bcb309a745564f9a19cae14b2cc35c

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                b73e8c09eaf9463f034644b2e38fbbca

                                                                                SHA1

                                                                                d45498a665d29255ca3ce7d9dfd0b0d8ef36f23d

                                                                                SHA256

                                                                                b043ceda49ae6fb6e2d92062a1aed4cc4427c66f3c6475527733b61a7db920fa

                                                                                SHA512

                                                                                43b8616af751d530e375fd08ebd91251417b770af2404d54206e8c4f1879af8cf19b11438e6e4a229684c803315e9bec7b6d56ad52a101f5a007f353604a41ed

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582bbe.TMP
                                                                                Filesize

                                                                                534B

                                                                                MD5

                                                                                49c6051268bd8aac5fddacfceeaaf7b5

                                                                                SHA1

                                                                                63beeb004812d6686824968abc5e8929208f499f

                                                                                SHA256

                                                                                ac6675f791eaf755482cb5485b970e56271d419f2f939a294b3baf0082c3ecf6

                                                                                SHA512

                                                                                b606dc44a852faccaf14dde2708cc1e61b686e05bb21f6ad83329a2dfd5cb81bde02880b0830548f87c5ecd1931d0eeebb49e4e11d11c0ac35566c014c59cf97

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bab9bec6-70b3-4628-94be-7303fe2fba3a.tmp
                                                                                Filesize

                                                                                24KB

                                                                                MD5

                                                                                371edf34cc4edfe5fc16d906571e1a49

                                                                                SHA1

                                                                                2b0f160569aff513f7ac25a16adf02758cca07fc

                                                                                SHA256

                                                                                ee07b7e150c132312f076f2fe4c58445fcf86aea9eda0468b6ee040b5f690d35

                                                                                SHA512

                                                                                9598bca019b2acf65bc0511062e8edf53e00b3801d7a9b49f9c6b7209bcf7ff782ec215716955d5f378f952d77435bccf210384909f28bffa83fa9ac8589cdb7

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c7b6f531-7746-4a4e-aac5-1182154f1d62.tmp
                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                f06e96ab70f87192ed139b4fc46de95f

                                                                                SHA1

                                                                                32cf09460cf91463998a6f3525bb9846df195c46

                                                                                SHA256

                                                                                003c03a176b6028f3c113911d225733e3b69e8d84ffc5ce6b74e10e738a14c0b

                                                                                SHA512

                                                                                6583b944d0e3bdc35155bb6110e95b5af988a6249be56ab70cd19173d92e09b7ac876bdb5abcbfa5f7a408dc97de05dc165e92958b5c5fd8a8d52fb3a23680d5

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d2c03e99-fead-4961-a189-e2efd034f214.tmp
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                e97d85503d1c2dd4e1c999f7740c6966

                                                                                SHA1

                                                                                3e31f48262d9d7aa0f7cd5b0d4aeca5d9eed3ea6

                                                                                SHA256

                                                                                44277b84a7f4083624ef36a23f738474e2b6d5d555b2c5965695467d4b0ef23b

                                                                                SHA512

                                                                                9566825b106ed7c2c5d27a80f94c6234a4fd053197fe972bbab61f0ca49173d85a4e4f418b0e2a1f420be99850681f304697412f17fdd2d50f2c53dc5c9d1f1b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                206702161f94c5cd39fadd03f4014d98

                                                                                SHA1

                                                                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                SHA256

                                                                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                SHA512

                                                                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                0962291d6d367570bee5454721c17e11

                                                                                SHA1

                                                                                59d10a893ef321a706a9255176761366115bedcb

                                                                                SHA256

                                                                                ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                SHA512

                                                                                f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                6232b4e5925bb83802d7d5578ea4a071

                                                                                SHA1

                                                                                aa537a9178ca1efef6c202ae7b7d6054ff470963

                                                                                SHA256

                                                                                de79f002a47f3daddf0d4fb8f6fcad63018acc7a1691a57424033ff61d568bb3

                                                                                SHA512

                                                                                6bd80f90e24b4461e4e5f6b420d788c6ca333e59f53ba492fd224766260b5cb4a9f7f52f8db1348f4dd4cac46166a6134d95b042be68deef7d8af2b6746292a8

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                b1c83e4a13533d92000703a5725369e4

                                                                                SHA1

                                                                                bc33cc0d9ce1a1734eefb945457b33e604ece2a6

                                                                                SHA256

                                                                                a9d6bf31ab567372b97a0aa3cf64db62ec7882f1649625f10127f1aa7ba95e9b

                                                                                SHA512

                                                                                807b6859e0d9e0e52213580049baab5b818dfbf36a050b4ecffb334ab2f291ee55022b3c08c643f9b1e8ae4c5413d9c10373d7b05723ff19f794121e78c21750

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                ea58771d631a2898a249bf7d88641a6b

                                                                                SHA1

                                                                                bc24f7bfe2b2c316c494d6614ff3042e2a0920a2

                                                                                SHA256

                                                                                25279ebaed223357bba7bdf4d2adf9f267b8002170107b74c39d9db8c553ddba

                                                                                SHA512

                                                                                2218f1b707e310ac62840c9d9c232385745f7ad3c0b5b595adc6267eeddeddff38f05ac55cb85f02fe284cea0edeb8ed0bed4f30e468efbd557f6c2da3808faf

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                57cf792b0fddd1d969ab12d3bc01c257

                                                                                SHA1

                                                                                10d9b4e7b004090ee9b555c1fdfc32f39904003e

                                                                                SHA256

                                                                                61a8f8ab159e3966b5511469c0c0a74108cc911fddbb75ea61e94b6847ad706b

                                                                                SHA512

                                                                                cf6a653666dcfe9f161a939c2ba324b95e1aa0046b16e4470a14758fea7bdfb553e1cf8ea1cbd8dc751c288b9792174edc8302c01bdc7c05542837b16b962ef8

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                51d171c863b2cf17b4dc5287237be17b

                                                                                SHA1

                                                                                15abf89dfba2a38a95cf5310888b483e3eb44fe4

                                                                                SHA256

                                                                                5ed867c6d72a958cbc09324c7198e2baac2e53aa5115b445eb3cbad58fd61c27

                                                                                SHA512

                                                                                d3eb6440d599f40d1217a1b72b25fe8b07a3baf6a9f371f2ea5ca6d9020d65f51538798c4ffc0e2aa835f44a267cf41f7ea7518bd837da7f9ffba62f91773c5e

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                9d814b906035de7863bf94c6050f5896

                                                                                SHA1

                                                                                b243dc1b34d2519c46060c18ceced7bb6927186f

                                                                                SHA256

                                                                                15736257f142839884291414a058e9613b8225d11d35f70580de438b78b201cf

                                                                                SHA512

                                                                                c27c0716be716296145b7d9601656abe06e7dc36e6479ec7f76408fc2fcf0cb125cdf9d6dc2dd48973b31bd4c2d0b91da0926c0e1b87c87fa59ec157bd45c2bc

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                c6cd4a6d4ba6f778160a48a33a793810

                                                                                SHA1

                                                                                68c9228a87f8d8cd8406832a31aa2049ba8aa08f

                                                                                SHA256

                                                                                a7254c1654e28fbeadf8206f540d7b0c6ba348d576c41658d7a688f4df7d03ae

                                                                                SHA512

                                                                                2d5e5a02e2e230ad762bdb35112c465ccb9f210a9a947ff686f718921137755096a6c27eb7207f0b9250b874d7ee45d815b89b67b29aecb5c68145b0d6e2105b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                9cd6cad9b07d31bc06880c3f0be169e5

                                                                                SHA1

                                                                                77eb50c73d38d06c5119c5f31c6e3df4767a4913

                                                                                SHA256

                                                                                e81ccf8385851bfa5979bc4bcccf346bade17f238c0369353bce27231f2bf133

                                                                                SHA512

                                                                                f6254f6d195cd78d8f0c18cb80c6f56146e9670120e343dc92133a59ce3128f4f8fbe6b00524fb9fc8f358f960889d4b7c03a9e353281e5e6073f658d4fef8fc

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                9aff197fb8b19b6145f5e366fbb741b9

                                                                                SHA1

                                                                                dcfbd45e23112ce86508fff19207e246002c59dc

                                                                                SHA256

                                                                                67a3a131ae55f943a7a9a776de74b467f11a18b63790479ae66ea3ba31f547c9

                                                                                SHA512

                                                                                bebc9f27c8ff0aa168d12dca7c95b08fdb7383e7c4fd510a637485977b52b369e9b9c286211be8a5239d5ef5f73b75ab412c5af4b17363f0224294873b0b8a17

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
                                                                                Filesize

                                                                                13.6MB

                                                                                MD5

                                                                                167fa1e5d2440b232381a2784b9ec6f5

                                                                                SHA1

                                                                                043ed70514059acf7cee8810f210c6d24f9be699

                                                                                SHA256

                                                                                2aca5e6d34e83c5133ffb247d0c803f81fd2c475248723e2f645ceda7a427264

                                                                                SHA512

                                                                                9ff8a93444acc5dc0b2bfe1f5e1371d87f847a8be10c80da3d93a15ee41d143135dbb6cb63d39a06b45e0e6ecf36e16165b31131b3abfd7d7869a6d5907291f8

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\@[email protected]
                                                                                Filesize

                                                                                933B

                                                                                MD5

                                                                                f97d2e6f8d820dbd3b66f21137de4f09

                                                                                SHA1

                                                                                596799b75b5d60aa9cd45646f68e9c0bd06df252

                                                                                SHA256

                                                                                0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

                                                                                SHA512

                                                                                efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 393202.crdownload
                                                                                Filesize

                                                                                3.4MB

                                                                                MD5

                                                                                84c82835a5d21bbcf75a61706d8ab549

                                                                                SHA1

                                                                                5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

                                                                                SHA256

                                                                                ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

                                                                                SHA512

                                                                                90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 394089.crdownload
                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                93ceffafe7bb69ec3f9b4a90908ece46

                                                                                SHA1

                                                                                14c85fa8930f8bfbe1f9102a10f4b03d24a16d02

                                                                                SHA256

                                                                                b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07

                                                                                SHA512

                                                                                c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\b.wnry
                                                                                Filesize

                                                                                1.4MB

                                                                                MD5

                                                                                c17170262312f3be7027bc2ca825bf0c

                                                                                SHA1

                                                                                f19eceda82973239a1fdc5826bce7691e5dcb4fb

                                                                                SHA256

                                                                                d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

                                                                                SHA512

                                                                                c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\c.wnry
                                                                                Filesize

                                                                                780B

                                                                                MD5

                                                                                383a85eab6ecda319bfddd82416fc6c2

                                                                                SHA1

                                                                                2a9324e1d02c3e41582bf5370043d8afeb02ba6f

                                                                                SHA256

                                                                                079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21

                                                                                SHA512

                                                                                c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_bulgarian.wnry
                                                                                Filesize

                                                                                46KB

                                                                                MD5

                                                                                95673b0f968c0f55b32204361940d184

                                                                                SHA1

                                                                                81e427d15a1a826b93e91c3d2fa65221c8ca9cff

                                                                                SHA256

                                                                                40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

                                                                                SHA512

                                                                                7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry
                                                                                Filesize

                                                                                53KB

                                                                                MD5

                                                                                0252d45ca21c8e43c9742285c48e91ad

                                                                                SHA1

                                                                                5c14551d2736eef3a1c1970cc492206e531703c1

                                                                                SHA256

                                                                                845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

                                                                                SHA512

                                                                                1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry
                                                                                Filesize

                                                                                77KB

                                                                                MD5

                                                                                2efc3690d67cd073a9406a25005f7cea

                                                                                SHA1

                                                                                52c07f98870eabace6ec370b7eb562751e8067e9

                                                                                SHA256

                                                                                5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

                                                                                SHA512

                                                                                0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_croatian.wnry
                                                                                Filesize

                                                                                38KB

                                                                                MD5

                                                                                17194003fa70ce477326ce2f6deeb270

                                                                                SHA1

                                                                                e325988f68d327743926ea317abb9882f347fa73

                                                                                SHA256

                                                                                3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

                                                                                SHA512

                                                                                dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_czech.wnry
                                                                                Filesize

                                                                                39KB

                                                                                MD5

                                                                                537efeecdfa94cc421e58fd82a58ba9e

                                                                                SHA1

                                                                                3609456e16bc16ba447979f3aa69221290ec17d0

                                                                                SHA256

                                                                                5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

                                                                                SHA512

                                                                                e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_danish.wnry
                                                                                Filesize

                                                                                36KB

                                                                                MD5

                                                                                2c5a3b81d5c4715b7bea01033367fcb5

                                                                                SHA1

                                                                                b548b45da8463e17199daafd34c23591f94e82cd

                                                                                SHA256

                                                                                a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

                                                                                SHA512

                                                                                490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_dutch.wnry
                                                                                Filesize

                                                                                36KB

                                                                                MD5

                                                                                7a8d499407c6a647c03c4471a67eaad7

                                                                                SHA1

                                                                                d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

                                                                                SHA256

                                                                                2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

                                                                                SHA512

                                                                                608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_english.wnry
                                                                                Filesize

                                                                                36KB

                                                                                MD5

                                                                                fe68c2dc0d2419b38f44d83f2fcf232e

                                                                                SHA1

                                                                                6c6e49949957215aa2f3dfb72207d249adf36283

                                                                                SHA256

                                                                                26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

                                                                                SHA512

                                                                                941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_filipino.wnry
                                                                                Filesize

                                                                                36KB

                                                                                MD5

                                                                                08b9e69b57e4c9b966664f8e1c27ab09

                                                                                SHA1

                                                                                2da1025bbbfb3cd308070765fc0893a48e5a85fa

                                                                                SHA256

                                                                                d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

                                                                                SHA512

                                                                                966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_finnish.wnry
                                                                                Filesize

                                                                                37KB

                                                                                MD5

                                                                                35c2f97eea8819b1caebd23fee732d8f

                                                                                SHA1

                                                                                e354d1cc43d6a39d9732adea5d3b0f57284255d2

                                                                                SHA256

                                                                                1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

                                                                                SHA512

                                                                                908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_french.wnry
                                                                                Filesize

                                                                                37KB

                                                                                MD5

                                                                                4e57113a6bf6b88fdd32782a4a381274

                                                                                SHA1

                                                                                0fccbc91f0f94453d91670c6794f71348711061d

                                                                                SHA256

                                                                                9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

                                                                                SHA512

                                                                                4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_german.wnry
                                                                                Filesize

                                                                                36KB

                                                                                MD5

                                                                                3d59bbb5553fe03a89f817819540f469

                                                                                SHA1

                                                                                26781d4b06ff704800b463d0f1fca3afd923a9fe

                                                                                SHA256

                                                                                2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

                                                                                SHA512

                                                                                95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_greek.wnry
                                                                                Filesize

                                                                                47KB

                                                                                MD5

                                                                                fb4e8718fea95bb7479727fde80cb424

                                                                                SHA1

                                                                                1088c7653cba385fe994e9ae34a6595898f20aeb

                                                                                SHA256

                                                                                e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

                                                                                SHA512

                                                                                24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_indonesian.wnry
                                                                                Filesize

                                                                                36KB

                                                                                MD5

                                                                                3788f91c694dfc48e12417ce93356b0f

                                                                                SHA1

                                                                                eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

                                                                                SHA256

                                                                                23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

                                                                                SHA512

                                                                                b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_italian.wnry
                                                                                Filesize

                                                                                36KB

                                                                                MD5

                                                                                30a200f78498990095b36f574b6e8690

                                                                                SHA1

                                                                                c4b1b3c087bd12b063e98bca464cd05f3f7b7882

                                                                                SHA256

                                                                                49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

                                                                                SHA512

                                                                                c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_japanese.wnry
                                                                                Filesize

                                                                                79KB

                                                                                MD5

                                                                                b77e1221f7ecd0b5d696cb66cda1609e

                                                                                SHA1

                                                                                51eb7a254a33d05edf188ded653005dc82de8a46

                                                                                SHA256

                                                                                7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

                                                                                SHA512

                                                                                f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_korean.wnry
                                                                                Filesize

                                                                                89KB

                                                                                MD5

                                                                                6735cb43fe44832b061eeb3f5956b099

                                                                                SHA1

                                                                                d636daf64d524f81367ea92fdafa3726c909bee1

                                                                                SHA256

                                                                                552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

                                                                                SHA512

                                                                                60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_latvian.wnry
                                                                                Filesize

                                                                                40KB

                                                                                MD5

                                                                                c33afb4ecc04ee1bcc6975bea49abe40

                                                                                SHA1

                                                                                fbea4f170507cde02b839527ef50b7ec74b4821f

                                                                                SHA256

                                                                                a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

                                                                                SHA512

                                                                                0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_norwegian.wnry
                                                                                Filesize

                                                                                36KB

                                                                                MD5

                                                                                ff70cc7c00951084175d12128ce02399

                                                                                SHA1

                                                                                75ad3b1ad4fb14813882d88e952208c648f1fd18

                                                                                SHA256

                                                                                cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

                                                                                SHA512

                                                                                f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_polish.wnry
                                                                                Filesize

                                                                                38KB

                                                                                MD5

                                                                                e79d7f2833a9c2e2553c7fe04a1b63f4

                                                                                SHA1

                                                                                3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

                                                                                SHA256

                                                                                519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

                                                                                SHA512

                                                                                e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_portuguese.wnry
                                                                                Filesize

                                                                                37KB

                                                                                MD5

                                                                                fa948f7d8dfb21ceddd6794f2d56b44f

                                                                                SHA1

                                                                                ca915fbe020caa88dd776d89632d7866f660fc7a

                                                                                SHA256

                                                                                bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

                                                                                SHA512

                                                                                0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_romanian.wnry
                                                                                Filesize

                                                                                50KB

                                                                                MD5

                                                                                313e0ececd24f4fa1504118a11bc7986

                                                                                SHA1

                                                                                e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

                                                                                SHA256

                                                                                70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

                                                                                SHA512

                                                                                c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_russian.wnry
                                                                                Filesize

                                                                                46KB

                                                                                MD5

                                                                                452615db2336d60af7e2057481e4cab5

                                                                                SHA1

                                                                                442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

                                                                                SHA256

                                                                                02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

                                                                                SHA512

                                                                                7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\msg\m_slovak.wnry
                                                                                Filesize

                                                                                40KB

                                                                                MD5

                                                                                c911aba4ab1da6c28cf86338ab2ab6cc

                                                                                SHA1

                                                                                fee0fd58b8efe76077620d8abc7500dbfef7c5b0

                                                                                SHA256

                                                                                e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

                                                                                SHA512

                                                                                3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

                                                                                Download Submit

                                                                              • C:\Windows\Panther\UnattendGC\diagerr.xml
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                4f157b5055b21ae34028756156c332f4

                                                                                SHA1

                                                                                d9c1427ea79fcfb6187b32f206ff796c539e6f67

                                                                                SHA256

                                                                                35d66d80352ea77ddab275e0656bb5870bed7b7d60db2e6dc6d7626f63eceb7d

                                                                                SHA512

                                                                                5afd347c51f1176b9d2b7e98d2748e14a1c52751c1734e5b2c753a45c9b1e0f032aa0f4277cdb02712e29cf47b4d01a95d3677e854d936391f82ea13c362d71b

                                                                                Download Submit

                                                                              • C:\Windows\Panther\UnattendGC\diagwrn.xml
                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                0fa7cd5b82f8648a9e0b54fd57ef6d04

                                                                                SHA1

                                                                                91b622f2291150c2a86d2c14e678874c428f5f93

                                                                                SHA256

                                                                                4372e349b0b8f3e6e9eb4a874ce7c88956ff69b8dc5cc15b02680621491ab0bc

                                                                                SHA512

                                                                                e01af48ce2faec0eb1ea62bb112dec0726ca2bd291defba7f61c2a4dca9f743ef2ec3e483518405004c1c0597893e0d6e540f5ea535df6bb89043eb84613fab3

                                                                                Download Submit

                                                                              • memory/3716-771-0x00000271429C0000-0x0000027142AC0000-memory.dmp

                                                                                Filesize

                                                                                1024KB

                                                                                Download

                                                                              • memory/3716-664-0x00000271312C0000-0x00000271312E0000-memory.dmp

                                                                                Filesize

                                                                                128KB

                                                                                Download

                                                                              • memory/3716-690-0x00000271419A0000-0x00000271419C0000-memory.dmp

                                                                                Filesize

                                                                                128KB

                                                                                Download

                                                                              • memory/3716-763-0x00000271428A0000-0x00000271429A0000-memory.dmp

                                                                                Filesize

                                                                                1024KB

                                                                                Download

                                                                              • memory/4256-1862-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/5724-3104-0x0000000073BD0000-0x0000000073BEC000-memory.dmp

                                                                                Filesize

                                                                                112KB

                                                                                Download

                                                                              • memory/5724-3260-0x0000000000D70000-0x000000000106E000-memory.dmp

                                                                                Filesize

                                                                                3.0MB

                                                                                Download

                                                                              • memory/5724-3101-0x0000000073EA0000-0x0000000073EC2000-memory.dmp

                                                                                Filesize

                                                                                136KB

                                                                                Download

                                                                              • memory/5724-3100-0x0000000073ED0000-0x0000000073F52000-memory.dmp

                                                                                Filesize

                                                                                520KB

                                                                                Download

                                                                              • memory/5724-3099-0x0000000000D70000-0x000000000106E000-memory.dmp

                                                                                Filesize

                                                                                3.0MB

                                                                                Download

                                                                              • memory/5724-3103-0x0000000073BF0000-0x0000000073E0C000-memory.dmp

                                                                                Filesize

                                                                                2.1MB

                                                                                Download

                                                                              • memory/5724-3105-0x0000000073B50000-0x0000000073BC7000-memory.dmp

                                                                                Filesize

                                                                                476KB

                                                                                Download

                                                                              • memory/5724-3083-0x0000000073EA0000-0x0000000073EC2000-memory.dmp

                                                                                Filesize

                                                                                136KB

                                                                                Download

                                                                              • memory/5724-3081-0x0000000073BF0000-0x0000000073E0C000-memory.dmp

                                                                                Filesize

                                                                                2.1MB

                                                                                Download

                                                                              • memory/5724-3082-0x0000000073E10000-0x0000000073E92000-memory.dmp

                                                                                Filesize

                                                                                520KB

                                                                                Download

                                                                              • memory/5724-3084-0x0000000000D70000-0x000000000106E000-memory.dmp

                                                                                Filesize

                                                                                3.0MB

                                                                                Download

                                                                              • memory/5724-3102-0x0000000073E10000-0x0000000073E92000-memory.dmp

                                                                                Filesize

                                                                                520KB

                                                                                Download

                                                                              • memory/5724-3264-0x0000000073BF0000-0x0000000073E0C000-memory.dmp

                                                                                Filesize

                                                                                2.1MB

                                                                                Download

                                                                              • memory/5724-3281-0x0000000073BF0000-0x0000000073E0C000-memory.dmp

                                                                                Filesize

                                                                                2.1MB

                                                                                Download

                                                                              • memory/5724-3277-0x0000000000D70000-0x000000000106E000-memory.dmp

                                                                                Filesize

                                                                                3.0MB

                                                                                Download

                                                                              • memory/5724-3080-0x0000000073ED0000-0x0000000073F52000-memory.dmp

                                                                                Filesize

                                                                                520KB

                                                                                Download

                                                                              • memory/5724-3301-0x0000000000D70000-0x000000000106E000-memory.dmp

                                                                                Filesize

                                                                                3.0MB

                                                                                Download

                                                                              • memory/5724-3305-0x0000000073BF0000-0x0000000073E0C000-memory.dmp

                                                                                Filesize

                                                                                2.1MB

                                                                                Download

                                                                              • memory/5724-3351-0x0000000000D70000-0x000000000106E000-memory.dmp

                                                                                Filesize

                                                                                3.0MB

                                                                                Download

                                                                              • memory/5724-3363-0x0000000000D70000-0x000000000106E000-memory.dmp

                                                                                Filesize

                                                                                3.0MB

                                                                                Download

                                                                              • memory/5724-3371-0x0000000000D70000-0x000000000106E000-memory.dmp

                                                                                Filesize

                                                                                3.0MB

                                                                                Download