infinitylock | 8a182c91b613832925c83133269614f40ec21cfc18507490975fd319bb9b14af

Analysis

max time kernel
819s
max time network
816s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-01-2025 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2025-01-20 195214.png
Size

271KB
MD5

be19a238b7bcf731003a2c8dfb9bf0dd
SHA1

06c7524df8fbee930944a84e80c577f38a0a2bff
SHA256

8a182c91b613832925c83133269614f40ec21cfc18507490975fd319bb9b14af
SHA512

52c3d76df20509fa97b164511f53f4a95737efc4ef9d535cfe0aef69661e5232c309adba98711b8dfbc7aaf8f9d88e68b5c60e1008fa488bb127a6827807eb0e
SSDEEP

6144:P3boCUVUbECmvmmmmTymQkhszzx0NCqGPFazEgo1MdFbEyYgs:P3b2CmvmmmmumFoqkTYdFpYb

Score

10^/10

infinitylock wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �

Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock
Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD269A.tmp	WannaCry.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD26A1.tmp	WannaCry.exe

Executes dropped EXE 8 IoCs

pid	Process
4804	InfinityCrypt.exe
976	InfinityCrypt.exe
1940	WannaCry.exe
4824	!WannaDecryptor!.exe
4680	!WannaDecryptor!.exe
3972	!WannaDecryptor!.exe
660	!WannaDecryptor!.exe
3512	!WannaDecryptor!.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r"	WannaCry.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
36	camo.githubusercontent.com
36	raw.githubusercontent.com
37	camo.githubusercontent.com
51	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp"	!WannaDecryptor!.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_ur.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\VisualElements\SmallLogoBeta.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DVA.api.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_distributed.gif.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\circle_2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hr-hr\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses_selected.svg.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\da-dk\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv58.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-il\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\de-de\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\msedgewebview2.exe.sig.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\rhp_world_icon_hover_2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\A12_Roundrect_White@1x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_tw_135x40.svg.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_zh_tw_135x40.svg.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\he.pak.DATA.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\tt.pak.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\zh-CN.pak.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\km.pak.DATA.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Close.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_comment_18.svg.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-il\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\de-de\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\devtools\pt-BR.pak.DATA.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner2x.gif.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\selection-actions2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\eu-es\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\zh-TW.pak.DATA.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sendforcomments_18.svg.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedge_elf.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_sw.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\EBWebView\x86\EmbeddedBrowserWebView.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\WidevineCdm\manifest.json.DATA.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reminders_18.svg.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\sendforsignature.svg.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_radio_selected_18.svg.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_ca.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Installer\msedge_7z.data.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\internal.identity_helper.exe.manifest.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\spectrum_spinner_process.svg.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ro-ro\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sv-se\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\plugin.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\createpdfupsell-app-tool-view.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\faf_icons.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\ko.pak.DATA.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\AddressBook.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\editpdf-selector.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\plugin.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\eula.ini.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\logo_retina.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluEmptyStateDCFiles_280x192.svg.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B	InfinityCrypt.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 4 IoCs

defense_evasion

pid	Process
972	taskkill.exe
3700	taskkill.exe
3020	taskkill.exe
1052	taskkill.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 147174.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 75762.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 93113.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
500	msedge.exe
500	msedge.exe
4572	msedge.exe
4572	msedge.exe
1516	identity_helper.exe
1516	identity_helper.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
3424	msedge.exe
3424	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1940	WannaCry.exe

Suspicious use of AdjustPrivilegeToken 51 IoCs

description	pid	Process
Token: SeDebugPrivilege	4804	InfinityCrypt.exe
Token: SeDebugPrivilege	976	InfinityCrypt.exe
Token: SeDebugPrivilege	3020	taskkill.exe
Token: SeDebugPrivilege	972	taskkill.exe
Token: SeDebugPrivilege	3700	taskkill.exe
Token: SeDebugPrivilege	1052	taskkill.exe
Token: SeIncreaseQuotaPrivilege	2836	WMIC.exe
Token: SeSecurityPrivilege	2836	WMIC.exe
Token: SeTakeOwnershipPrivilege	2836	WMIC.exe
Token: SeLoadDriverPrivilege	2836	WMIC.exe
Token: SeSystemProfilePrivilege	2836	WMIC.exe
Token: SeSystemtimePrivilege	2836	WMIC.exe
Token: SeProfSingleProcessPrivilege	2836	WMIC.exe
Token: SeIncBasePriorityPrivilege	2836	WMIC.exe
Token: SeCreatePagefilePrivilege	2836	WMIC.exe
Token: SeBackupPrivilege	2836	WMIC.exe
Token: SeRestorePrivilege	2836	WMIC.exe
Token: SeShutdownPrivilege	2836	WMIC.exe
Token: SeDebugPrivilege	2836	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2836	WMIC.exe
Token: SeRemoteShutdownPrivilege	2836	WMIC.exe
Token: SeUndockPrivilege	2836	WMIC.exe
Token: SeManageVolumePrivilege	2836	WMIC.exe
Token: 33	2836	WMIC.exe
Token: 34	2836	WMIC.exe
Token: 35	2836	WMIC.exe
Token: 36	2836	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2836	WMIC.exe
Token: SeSecurityPrivilege	2836	WMIC.exe
Token: SeTakeOwnershipPrivilege	2836	WMIC.exe
Token: SeLoadDriverPrivilege	2836	WMIC.exe
Token: SeSystemProfilePrivilege	2836	WMIC.exe
Token: SeSystemtimePrivilege	2836	WMIC.exe
Token: SeProfSingleProcessPrivilege	2836	WMIC.exe
Token: SeIncBasePriorityPrivilege	2836	WMIC.exe
Token: SeCreatePagefilePrivilege	2836	WMIC.exe
Token: SeBackupPrivilege	2836	WMIC.exe
Token: SeRestorePrivilege	2836	WMIC.exe
Token: SeShutdownPrivilege	2836	WMIC.exe
Token: SeDebugPrivilege	2836	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2836	WMIC.exe
Token: SeRemoteShutdownPrivilege	2836	WMIC.exe
Token: SeUndockPrivilege	2836	WMIC.exe
Token: SeManageVolumePrivilege	2836	WMIC.exe
Token: 33	2836	WMIC.exe
Token: 34	2836	WMIC.exe
Token: 35	2836	WMIC.exe
Token: 36	2836	WMIC.exe
Token: SeBackupPrivilege	784	vssvc.exe
Token: SeRestorePrivilege	784	vssvc.exe
Token: SeAuditPrivilege	784	vssvc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4824	!WannaDecryptor!.exe
4824	!WannaDecryptor!.exe
4680	!WannaDecryptor!.exe
4680	!WannaDecryptor!.exe
3972	!WannaDecryptor!.exe
3972	!WannaDecryptor!.exe
660	!WannaDecryptor!.exe
660	!WannaDecryptor!.exe
3512	!WannaDecryptor!.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 1784	4148	msedge.exe	81
PID 4148 wrote to memory of 1784	4148	msedge.exe	81
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 3976	4148	msedge.exe	82
PID 4148 wrote to memory of 500	4148	msedge.exe	83
PID 4148 wrote to memory of 500	4148	msedge.exe	83
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84
PID 4148 wrote to memory of 2260	4148	msedge.exe	84

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2025-01-20 195214.png"
1⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff95883cb8,0x7fff95883cc8,0x7fff95883cd8
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3424
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:4272
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Users\Admin\Downloads\WannaCry.exe
  "C:\Users\Admin\Downloads\WannaCry.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: RenamesItself
  PID:1940
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 159291737400862.bat
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3488
  - - C:\Windows\SysWOW64\cscript.exe
      cscript //nologo c.vbs
      4⤵
      System Location Discovery: System Language Discovery
      PID:4896
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe f
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4824
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im MSExchange*
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:972
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Microsoft.Exchange.*
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sqlserver.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1052
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sqlwriter.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3020
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe c
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4680
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b !WannaDecryptor!.exe v
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4508
  - - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
      !WannaDecryptor!.exe v
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3972
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2836
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://en.wikipedia.org/wiki/Bitcoin
      4⤵
      PID:2368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff95883cb8,0x7fff95883cc8,0x7fff95883cd8
        5⤵
        
        PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9532126937906411552,6832132633674230018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:784

C:\Users\Admin\Downloads\!WannaDecryptor!.exe
"C:\Users\Admin\Downloads\!WannaDecryptor!.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
16B

MD5
5833ac28d6bfb8dc6f9f0c8dc1f02198

SHA1
d2b1bc4b2b63868f8ddbf31cd3207f99bfec5b18

SHA256
adcfd28be9cd17e705241e17127d3d2fba69059ea6f855a5049ecc80788de0d8

SHA512
a132aca44438432e4373200f4e41d36c793e6d8c7a1216dd21f4f476c9834efe3df3218d4f1803c63531fd5017d21704053941c2de406fd2dbdf7b1585464915

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
720B

MD5
436bab3201759e68f6ea009485edd246

SHA1
bb929db96d885a7eae1edee9c52a307b073b0bde

SHA256
7fe5df0cb1258e7011664ee2d0004e792c48c5efc5eb659ff955fd7f5297f519

SHA512
f63b938b56afa89cfd6d0836ee2d43b347178a69cb5eaab1be8ac0fa2aba5f8f9d15f2c348275610e238cd84e7d06e2bd9cc38ef1d889e1f2e54eb87580d00d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
688B

MD5
7caaef8884313b3701a257b1526fff3a

SHA1
9a428313560b0879c57ee836a78eca06b2f93617

SHA256
a4438bf356ad08fa79a60892591c48fc2c38b902172677695d3b4d654eeee87a

SHA512
f2e83966428a419e47e7edbb26db2d340f608c4677af068d55c21f86097bbab5b903631d16b1021b1a74364be8043622d6e5f342a194d7bd87d22e8910d9f2d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
1KB

MD5
8ecf2eae7b79871c2454c41b1d284993

SHA1
7601dbb934292000c40f4e2b0800fd5d92daa631

SHA256
73862356285d92007b2750362e3cea57ef6301a4188eafcb550871ae950dc5ea

SHA512
7475971ac4d91d28c9ec2122e7e52c6e1805165b412c4a9e52925810ee6db15ac7c289774be3c1abfbd610583914f456d8b47c145fd7f8eb2bee2baa496d59a0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
448B

MD5
361b83cbe8590119f3b6eb758edaaab7

SHA1
61717bcfdf5a678659fc9f687eae70fa4f98e86d

SHA256
75704ccde586a2480939eb58eb08295ff30d966c24673d417c60be181d18b7dd

SHA512
7aa68e5df3bd1cd802e9f5e8fa2ba2ef0dc679086df55423d17c494ce463f9b3aa8caf00027f37d863280ab00beaba5bf777991361b0d91e02d5391dd0b14a65

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
624B

MD5
851a1d13ffa856f1b3f505f3f5f5e3a9

SHA1
69c4cf5f1a58c27ecafe793e5b1ade5ddb1550db

SHA256
f6b57ffa8ab0707e349cca18a12cbe6a0785e51221ec43646fa983f33460ba2b

SHA512
6986f9ac144489bc5c46da5c70ba82c70a16e434c28f6e6be8cfe76f333ed160bc23667b1bdb472ec0ea3b4f82a878ab0b7128858b7cd6b59930a4879f217692

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
400B

MD5
0b72b84523fb950ed166624326b9ec80

SHA1
cc3f37756b90a463ce5af3dff0e358d91dad3e93

SHA256
7bbcafff3bd499fd68f72d19eea768bbeca48b860d6e7da6226391232a9082b8

SHA512
87020d036719f2fe931fef6e1c7afaa98bf6b2b964e8ab91bd0c1f871a74a03045cbf0ebd6e351274f1e91ba050c68bcb3f952d774e7530c6bcb6262b2604be2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
560B

MD5
1674880c3c9bc8315157d8286df8d9e4

SHA1
add42da64cec16aaa9705a053329ebd778f76f81

SHA256
e0ef17705a2b890973e4b5a2d27ca921e8fd5dd3e5f45fe1beea988a50fff449

SHA512
446111410a34980b7ef00d404ed1d25b0e24e9b37fe1f04aa375e5e1374342be42b1f65a6eee5dd352a86d7c82d931ce0de9ca126c8a8e4ed73cc33ff275f076

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
400B

MD5
bbc3904f6c9d0f44f025a590ceb58f0a

SHA1
6ad2e3e5acd23928059000911061f97a733f4d31

SHA256
d8865d74268c734e2c8304a82b442c5eea0052d006f9ffdedfbf02357e718efd

SHA512
9eb4fd02db07091308bf9ff8824e4075dd1476fd6f47ad25e468e50539dd0a7f44e4d4f9c8b4115ab7412ae37754c7d36b35a79316d4370f0ee7ede494ea3dd1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
560B

MD5
1f17bce6b849c12544811f8fc148418e

SHA1
2ad1c53fb22f0e91bdb8541937c8a06ed9fa6bd4

SHA256
d4a14f4b67e5f6c1fb44e1c133eb424f4c2c3b5f81911b21a13a06fbb29cd2b4

SHA512
42cfd1f7ccb2c3506e4f6e4434fb3813136051de981a1ff61d504d0940484dea0d279f4e7c6f5da559ece4b1aa27544d7461d6f2c4ddea4fc2da4fbb2f73f75d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
400B

MD5
290086e704cb5c8c1be50a9d17e4ccc1

SHA1
4ad49eba77378722cdaf61c679fd7d6379a16eee

SHA256
9e007ec44791d539be61795ddf4d5f5c6fc486ddb5b86c26d5accc3293843dc4

SHA512
0ec521f2dbf1b347661d4996d81d7a7c8a73c7f47bf4743b99966e4fc1e28edc4c8dcbcd791cee68eb25147a6210e8c2346d61b29bf718e02e4310a951d7e534

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
560B

MD5
bd448ab1b279b05faf2e62716751a722

SHA1
047c678559a947b52a2747974ad8e2108f631fdb

SHA256
d11ed0385eaa1c1a0c0a47d849cd9d0f433682d1ee8b6d963fd22fca050ecc2d

SHA512
9a7f7b0ab52a25b13c7029e89f57b8d873b0dd51e8e9767d49ac5e0d44f8aa8f1527022b5836957dcc323da8971b4a4f5005552dd227f1d578faea73df0e7e83

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
7KB

MD5
97d92084bf43024f84f1f5f0625c88cc

SHA1
4ca68059b0e980b44aad3e8284bc5d6ef38878e0

SHA256
9430ba47faa80b6861419fba902efe1d6701f6220c33bec2b944ccecc2b2f155

SHA512
b39e4dff69e9800811c7705249fbcbfaa454bff5da7eccbc7c636288c47fe33c3635d5f825925bfb4c3519abcd75f4f9b7a99c16ccd5ca3db4f48716ea4d5dad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
7KB

MD5
d68e475cf29d587d60868513c4aaecdc

SHA1
d12730b5ae1f66f8822f4008e3333bf39b6195db

SHA256
59fd701db8f533577fa10d66ba5059f5adb5db3ef33ba582460bab6198f45778

SHA512
f1c5d103f3fc96727288fd6d6f9fe35cbfe6b5fea6560da3ed54fcb52429f2103c19308b8576558046a95dbca40606d1c37c8741c22093acb470a8bf09800aca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
15KB

MD5
50fecea9ba70b3c9a44de99370f12903

SHA1
a483f10df862c21099c472d7d3cf06ded0eb6b9d

SHA256
d638c005c3b0f962f7fecd1991c9269d765f9dde7e2b46adde88a2a771e9d364

SHA512
0380cdf5cb48779d64ed20e65d1583452d08a96307c7d31d0e01e0cbfac9e596b700d5091f0dd211a68170eacc8781f496e23011c7e89b33fea9be74c72375e8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
8KB

MD5
784cdb3a2ce42a39ef5aec2d310e7142

SHA1
b8fd51b66f5764a64593a4c146ba2f5af3c31e13

SHA256
6284d4d43f080a12876b099c33268aadb86c6697b7f6c6950bcb41acadb7440d

SHA512
2fe5d88611d18a4f5cc8aca898da05545c77058cbc93e7f8d5a18964067727df415c440444c34eb5e3361517ef58b0a9e24ff6f4f8582c76fb2db11afc915773

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
17KB

MD5
5079b04cc1049da9f3e7c470336bc6cb

SHA1
81d2144b7b9022c99cabcf12c4b41e6aa4184325

SHA256
9876f1b54f50ad286fd3799c4838226e7123cb59d7f83fce19d034990bd154f0

SHA512
b32a50b336e68059f1d5031bba33cd53f439a21f9832e690fe30b708de2ac534b8bb6f3f219499dcddd29dfdde2d2eefa520a887484be56b7bfb91e813cd6ade

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
192B

MD5
a80896f2b0bbffc32ccae70ed506b674

SHA1
31646967cb5482921b39670d5a1497255df2a210

SHA256
7ddbfc8fd5b91ee3bbd908daa9fcf59442d242e31f82efe46266e5df9ed7d267

SHA512
9f78173e82c635406d24519b149cb8e5bdc45c73c897b1fa3979d9d2207dff61ea0b0fdb52949cce6bbcda39a3c9cd034b848bca3e075614641ca1d1ad8397d5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
704B

MD5
ea58b2031ad757c10803434d09f8022f

SHA1
717635f57f560d4b5316e033d6e194fb8cba1ead

SHA256
bc33d0c846de6da992a69b3dc7bcd9e35ea24ee7ba7b0dae737e800de70ac0cc

SHA512
ce809c3a2865809efb60adb6483caf7a94ad7c35e556082557a91e1e777ebd3134bac338bc53ce76ff140e098be728e5ceaf268e3f74612434aeb68ade0a7907

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
8KB

MD5
699466f03f924cdea16386549ae36e62

SHA1
b7bb014f3168dd7310ae09aba8ef64dc4aca3763

SHA256
2ff42cc09e78e4271870691fcf4c39f888e3099b5130676455a992332571d2ed

SHA512
fddfc9f580f62278af0312f66547b9e140498d1675b4caa29272f24623cea491cc9c8ab458bf1d1d4a30cc9762098cfc5c5dd31271fdb416576e47c3de90d1d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
19KB

MD5
71223d09aa40522cd8b58b5b709cb7f9

SHA1
6918e8cc877f735d56d81ba5fee2e7bff5849102

SHA256
25cec555233059a0111a1cdc7451d4f6c1ce92a17ecd5693f25fdd5e7b1e56f0

SHA512
e583a38a3af8d198da7c3d78103c356025170247e7dd2d3ce7ed57c2c1cc7c7107339e1bcbed59f87afbb96abe55d68314370fe427500bf932152df8400f2b01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
832B

MD5
981843a3bfc99b80b255aa275f488310

SHA1
8ed97e920646b5ebe65e790761dff4d2c0e56184

SHA256
912a4d06db915a7489d26d1aa836eeac055b422ee929e3969b75fbca78784ac6

SHA512
ce42d91e529a9c098358fa94de1a415a833d28ace32429839a6d8eab90c1f229624246d81d4329c68fc66153bc0a3e494a2b52f0d484b04a2da1e08fa7f2050a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
1KB

MD5
52c2286deacaaa698feb01e8982af133

SHA1
b7a36b0f3f3aadccdcd0677c4be7ef42c849318b

SHA256
b5daf5f6a30701b9bf09fd504af1cc7a4aa0c51aaf6d22db4e20a0430d033ab9

SHA512
34bd47abf9191664dc9c6632597f3c6eb4ea9573fe090dc11f8ecd0eaa30d43d0a91e81a2f624cca6b9a3759ed11463529cab7d3e6479abbfcb004bb62535eac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
1KB

MD5
169ad0f05c5668ee96c705c6573b48ea

SHA1
d06a40d78969dd231851b8bc6753e1df3ceded8a

SHA256
e1e0abaa24fd3e8ccfc9963b74c6b76b90be32aedc35412b718b9f64be75fdf2

SHA512
6ad090edc7e98e8d9ae9d993be8830208e0cc8d9e67ef004eec5d4214b1a2b1245768abcf4ad5b01bfb71a7a5ac5291c141efe11b932d8a95dc65ad84af786a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
816B

MD5
5607e26f41520ad5d52709e4c96450c5

SHA1
90524d9c93d80e54d0c6c8d828d463cf73c89ef6

SHA256
04932a99493501ce1685119da61c127aa1f9ef5de2b9ccaeb3b6af95ed762818

SHA512
63c445ef9db18f353d59b317373053c3063a373a748b441d40c8d5dbb3403022705a0344487fa8840ee79f6de2a4648b6f8ba64d161a46d37861dc4455e673d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
2KB

MD5
5bbd7020011cf3d79a0be25f800f1aa6

SHA1
e1383e9059014d9fb168b81e2c59ce39e99d3562

SHA256
498f5e15676311bf24ef153e6a040b23a1590aaad748ed7d9bfe05a82de273c0

SHA512
015502c753ae2391a9f8af411c813f4029c4320a72c8fd1ec18463352f95c3713b77f7aeadb61e6c6ee7dc605a3cfa8fa6ff3bca83f8e3a725b4ab6736eb8379

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
2KB

MD5
5ca04ace87edd28626d5323d07887b56

SHA1
c88702fafc8b13afdd38bff4fddd9143570c4025

SHA256
8ab8488aadda678cf063ff14dd7c3bc2b3384985531c92e44bb83a7fe6babe4f

SHA512
e86b723175b211f43621c996a8b33383729a8a2770c015e54574067d5afb6fb2c141353b80a720936f53b8a5e6dddc5722b3029bdb11f97f5c482144caf42a07

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
4KB

MD5
b8e565312e05ee006ae8f83fcc92bf7a

SHA1
ce6f857b1b168053d2d4223fc2bc27ab4f0585bd

SHA256
3b006b77ee59e88d0fd7a79649c19307ac1e8c5fb934e59917d62fa83e682a64

SHA512
47c40a1e537f4999cf2b10f4e4c012fe145c2d3442a9bcc2ba617889c0423169a4da79f07006455bdc4efb3d77a722aa0b73d32e17ba2846f7832a498e8cfd03

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
304B

MD5
b560511e11aa68ca295c2c494ddccbb9

SHA1
19ab5d18889e2a3f28c780f9a094f2bdc670eb93

SHA256
14a79421950afce196fc0ce3639d54429a12e5e2ea0b035a765f2c9af0e1478d

SHA512
9e4f144986b81bc85845a7992d94337289d711993f68a861e38c957853345aec258803421006e0ff926ed0fa4786ff0c82b7f5ef2d693aeac336ffcbfd9bff59

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
400B

MD5
8eb8bb3e2124b5519d4df1a68f2a00f8

SHA1
3819b8970adbc2f1cb11db71b2929ebf5fd33862

SHA256
1fe8281475ae12d9f214bf71779220c7fc229f7f40a4cafc7fdd7d2769c9502c

SHA512
01a8ef710a4d315b308bb7b6f9923d3873186fe157294f57187c52e6855812daef69c32b671123f854a2134e481be8cce4596a1230992d92e55e4af345c6c933

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
1008B

MD5
09b3e38c422b1ebeac7ddea978ed222e

SHA1
8ba7e685e464cc6b3d98b3400daaac756ddbda71

SHA256
5fd46277e5a638cf4d6934495b312d46b0c6b2ebf8ff452c8aece8e571d1124b

SHA512
d3ce5acf5bcee004d6df988fa5267c045c8146a8a429d64b9901107ec6dc4b9a4fe3b7ff5157beb1ad7258b101e138fde6f820f55b4b65b17f756bf8cc9293c5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
1KB

MD5
b59aee86103db9e5feb8e4b2130b7ce8

SHA1
791b400430c590b269bea2820886e373f1c30b2c

SHA256
006bf530d9bbb13b72740e5866bcaaee98e2dd3b2454f27c04f64afdea44d538

SHA512
c7e1d4f127e28fcad6215ef736fdf13f69b159d49f38e5b03ef123a19d85372ff80271db4dd0891a57348f3a4f9b39890444e7b8408233f5b9107379f16f7909

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
2KB

MD5
2f6c747eb0f0cd4f86f56aa01a14d39d

SHA1
257298ece1da628b70c0139fe7355546529762b9

SHA256
782babfa40cea8c7fd56bd65cd84ef27559dcffb3af8a6909f791ef0a24d554e

SHA512
ccd483f5a087aca730714d83b157a098073416dde5fcaf5c97196ca0c15f4dfca379e3af1ec9e9794d328e9887303895ceb04534bf61e7b78202e2e803108bb9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
848B

MD5
1038b31e56dc2fdfcde1128b386440b1

SHA1
aaeebd1052c56a35fdb74d53eee818dd48338b89

SHA256
254bbecffe28ecd7713985859f0d92c61443306fc03ac333f1f9d7d56ca3b5f8

SHA512
02202bb610af0d763ce7fd7c952b2e34b4102abdde2231bd08ed7af2d74881951ce3234eb6d096cebb550f4c075a400792eeadd376d3cf59b1f4d7631afd80c1

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
32KB

MD5
c9c0dd5644dfb80ca386e0b61bae2759

SHA1
6209f2fe67843e448addef307b7e2a3f4625e0ed

SHA256
fcda359edecab2d4a651b5eae08b2a7a923486c08fd889a56223af91ac4db020

SHA512
76983060ea68ac7eeb7e0fda6f831123ae499e9de44ec0ce324e54818fb8e427e2d7c00e6aa1ed959fa81e1f9c791d624fbe0a082c8d25a8811e25968ae7809c

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
480KB

MD5
6042b3d6a3bca05ca4db01aad2ce24c9

SHA1
2c22c07856cdf6a815745de9f8993be2d0e82bc6

SHA256
fc01446b06d6d0b4d3fc2bf79d0b6066c37b201eba354e4433231d64a6911d94

SHA512
51c84bf86f2c05715175953b7ec090255b8297756ddef4e3bc4ea2261d53319778ecf5c988fab49180e509df3cddfeb3f3c04626ee3430b979316235d3be5e8a

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
184KB

MD5
116d88b848d6f478f9a77f3f80ceeb7f

SHA1
79885e82f15e8ded97bd5c9a4767c40b56aa7c13

SHA256
e4c693f5e413662c3050da84c67091dd8ee12a393a3c7ae9f2033ba3a5a283b2

SHA512
e566cd6bbb5ebaef447a6dc8e5177bd670ed2a0821009cd8b8072391d54b12ca77d4b071fcdf7fb72a5e4f1aaf570ca0b12f0a7cc7f4257ef2f54f5f9e1fe2dd

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
802KB

MD5
aadd89bf453e40c2ec71430d1a2893f0

SHA1
4f1f2f5093abb18f351eb8de99780417435aa20d

SHA256
a3576173627968e229700f2ed4915bb529f8aa38ee937c77c67eab19fdcc97e0

SHA512
b14fe634883952b3192e549a5d8da6305f301046d0b0b01549ce2c1ffb9c7cf2cc87d73e392825821753d491793f07890cfad2ae26e64f99cc04f01e14f460de

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
288KB

MD5
35bb4093c3c9f07d55e1207bb1f36d11

SHA1
776f66d6ee9231cea3626767a26238c2765db51b

SHA256
5f645758cb2171187c382059707d3026f0a1fad128dc90f72b58ba737b3f51dc

SHA512
4b904341afc4e0bdfc50c0df7703f66d5a28246ae0d1d071f0ff4df76ffcac2c129b22b9b88a70fce9c72ccafa553ae23f3735eeaf092ffe500e078b9aebc02d

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
740KB

MD5
751dae7827050e68838d6004d56d4ace

SHA1
fb1db6dda8d740fad08c94adf33737370ccd102c

SHA256
55026993f82a55ca16bdfaf63a71decac97ad76778596c556b8550b0dedee551

SHA512
dd38b00714e082f3dfdee5b9fe46934805b4be14e4162a057784ce87e7238531b28b35751178ae93c5ac4ca0ad676422de18eb289a9d2673fb9a3fb50a24e71b

Download Submit
C:\Program Files (x86)\Internet Explorer\ExtExport.exe.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
47KB

MD5
bc6bf21c55ed6a2fb99c1186133245a8

SHA1
db1d4f5205922997ac1079e15ba4e958d0957b18

SHA256
3ce9f192674363a41c9771212ac919eb5e1b8210284fc48dfb5198dd0d43d7c4

SHA512
930b2aafff1efae96b7090e26fe7fcc6be42960bdf4708fc1f4a824dd38f771407b37ece8dcd2eaf7a5ae8f4ff468847f1501e0db5b6c080b3da965045cdabf4

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Other.DATA.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
48B

MD5
9e78a295bac3632cbd012e3dab6370aa

SHA1
045c872422d3b9f28375d85294032183b1e025cc

SHA256
ba352eec3249045973b685ded28a9f304eac419393673c45819594855478a430

SHA512
00ed837e39f45e0c8ebd8b0a34b1c3ea1dcb2b535ac0bb82562fee740292bb961b02b0c302b00a84948b07fd4729091f72f7338210d6f251c61f97185047016f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\identity_helper.Sparse.Internal.msix.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
55KB

MD5
92e00423a5d36d3ae82439579a5f7a00

SHA1
e63b517f542d0eee51ffee689e84a6d170684a9a

SHA256
ab505e63d409b8c3e1187c38fc1ade9249d074728c0532e37a3ac06fe66df31e

SHA512
2f5ae97a8216a6cf45911cbb79b1d73558809c919420af5903f53c2128ef9edab25727a4a2463af9edc4b1a754adcd07e03bf980f6fd8f0226caed705ed496c5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\notification_helper.exe.manifest.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
1KB

MD5
be25f2440d8c8b637095a54a9b599740

SHA1
aabcca54ffd26c3d3a50855275483462f3ac5283

SHA256
c9f34239b0f0a4ebe67de8b2b1b0162c1893eb9a42abc8f838ee2e4ee1925b65

SHA512
b81aa27a366f2cd8e83f84dea13a7e72b0f6d011956630e1e2e42c887585986711da7b458d215705e27149ea6f728257f44908f6800cad5ba1a01d402e020a22

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
3.2MB

MD5
4804f589ddcdfa3e78375d6d74e004cc

SHA1
6742e1b545798da5e497ef7b93e6b4be3ffd9b57

SHA256
89df5823c9dc7779925e7e676ed1bc19b02935501f5428b713faf204f9a0385a

SHA512
72f5540926956b8db435a6eecfa2ce7e6c7db0cb43faf052ade32a5738ccbf59e84fa31d11a3f72f6ef3496fc63b00345f4b95066100eae2e5978a4471f61fcb

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
584KB

MD5
415ceb7cd3cbcbcc2d8690a1db0d6814

SHA1
81cc1003641320b3f56a563246b698b958980299

SHA256
c96c7461573903b80e1f44e6536038d54d749d56db8282e088575fd6400597be

SHA512
251ea1fdd3fa603ccf7b784e6ea75dfee0849abcc1eada1f1328d05608932ded9c8eadaa4fe265dc10bb5315c94cd172c1efd13347fded280915ef92722052f0

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
104KB

MD5
5a04520b0ced6994655f554aa31e41ba

SHA1
b5f93c1976f30ff313d646cd2d90249c86cd08be

SHA256
2624f09bbcf4656c357ddb8141b287bf72ccc99549f02cc74205af3c544ca6a1

SHA512
183900231a2bd7b16251eb83df8247b3cc4e27b25389aa4620f600ce622f3cc14ba8e11a327a8f47a84f13553696bc72cc6be8d8d79183bb0a3a3b5ab95492bc

Download Submit
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
2KB

MD5
b4bb91b96e4e790cecf152f8c1db09bb

SHA1
13e8e154cf9fed6bfc89c2ac58397590c64b5a3c

SHA256
aa0bada8a755061b7742fc119a1154e87e914b08c0157345cb56b667d99d7ff2

SHA512
0605592b377899ff9aafe973a3a4505c6c1da6beb3f773915f48992aaea1c65ef00d54318fc4cf8914776569f6e131fb8a4c0b4472ed60a4bc125177b067e271

Download Submit
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
3KB

MD5
e13b759ff516224a78cbe0569cca6cce

SHA1
8ee8125e89fab35d28a61fe4a74fcd77f7927e22

SHA256
53e6a11ca797ddccee492df8b4d42a47c5a956a87d6cd65740ffc3b6da67d792

SHA512
9b303da5301c98928e156abe26c07ff5f70727ebed8e7ce0db46541206818eea863346d81fda59ea2c776c0646a458c6d9bf83eeaf03ec03fcea6f4d584f3d38

Download Submit
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
3KB

MD5
12300bdf96fadaf3b6c5027b00289ce4

SHA1
56073486b98cb5a068271869c18e82308d57bfde

SHA256
507b0acda8a2175ff59a6df56528aa8603c0c62d7294b30ad68b2293d145941a

SHA512
ebe82e139c2d0e4e621d396eda860faf4c95ddb35d81c94ede382cc21d2a1889f17d9de9cc64ca5d25d68d789d351b36561d7ea6643c82a1a7a13af01e010426

Download Submit
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
2KB

MD5
98ff3e577c56f395b5e721417d697a8f

SHA1
7f48b7818cfb20e661aaf43cfb6a608736a46149

SHA256
78c02a2312ceef1587295e07034fa29bda179064b3ddbc6c299dfceb08d1704a

SHA512
65114e7ccaff185a39a44d51557c44d79c95320f490070a2602426d7885d48ededc3152e9fdc4549a842b202961e477c2836e388fd83f11d341f7d0b26868f94

Download Submit
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
2KB

MD5
86efbfa54f7782931a9d18cf83ac3524

SHA1
4056251e22417473615f629a49e0999d9ca37a7a

SHA256
29688a2cd2f214fdfe2d0ad3e2362e3d758661f83c7e3d87e4cfb42a1eeee504

SHA512
dc83514f121ff3a94303d63ca96d51c601a07a3f907b3736a9de91d959bc25bb6acb4eea3e7a7b16478c98b68eb9e19bc20c18b66adef6dd234f50c807a1bac8

Download Submit
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
3KB

MD5
4660dfeb395cd912ff7595ec156210cc

SHA1
1b99394c85a3378acb3ddd0f3de08c957567c0c4

SHA256
db0dcf13ebf7eeb45ecfd42bfeed2f1a6615d7a1bd7707589528c3dac1e932a6

SHA512
cfb041d3bef97564e2dc6b10245da8bb0eb5d55a9bc94887c2d49e66a71050f41594015af0b7e153efbfc2967cd0c54c42630e5a8793590c23b77c18af4a244e

Download Submit
C:\Program Files (x86)\Windows Mail\wab.exe.D63A2CE433093C1A0E39A1280B423ABA64923C63BAAB044FBDADE64CA8FA7F5B

Filesize
112KB

MD5
4b1c0943a37d68223aafed519174f306

SHA1
6f443dd5408304c00a501fd106143338d30530e0

SHA256
d3edc5b4c1ca767fec6ce162f5331953dd912862486e09488d6783e1d979d76a

SHA512
778da768f6ff6498b132aa5c2341a18ed0390f3ebd4bc60b95641e199cf4e033e2e224f16ba68a8494776c75df577b36631f46dafd922e712a3cb20b084cc108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
2bbb6e1cbade9a534747c3b0ddf11e21

SHA1
a0a1190787109ae5b6f97907584ee64183ac7dd5

SHA256
5694ef0044eb39fe4f79055ec5cab35c6a36a45b0f044d7e60f892e9e36430c9

SHA512
3cb1c25a43156199d632f87569d30a4b6db9827906a2312e07aa6f79bb8475a115481aa0ff6d8e68199d035c437163c7e876d76db8c317d8bdf07f6a770668f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
8a6c75eff757ff85baae87b6271d3037

SHA1
ecca4d5957ccadb55fd68b78cb9ea3652e787d36

SHA256
3db2b309952857eb76ea90ddddec16716753d71b9ffa9de1f37caa8a943af78f

SHA512
3523faf2acda1a407675832c1a86f914cf4aee681eaae5259a30d23f8653b75b302a57fddf4898dc1f2c419b0d35d9c3f02bba6b58d30a0a6aff640fe5f977e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ff4ec7c737d17eba63f34df4cc9aed63

SHA1
cee6f0de1abde16f143c867016bef3180bd74d39

SHA256
6b3554d2a2c1995b201d5fb4b608dbe8da36f884b0922b139b89165df0f897cd

SHA512
271d46f59c457ebafa360654b7bc734d70989558f31d773046bab1f864014c197c04bc89d1ea502d48880cad248dbad472dbce9ce7b1bce830fd39aeb9b7c87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6279655a33ebd55cda4460b5ed3abaff

SHA1
20b85fd319a43105180f7523f5293075dd87c755

SHA256
77d782c44a7c4a51f76ea35bcba53c350a7117c97adf469b2686d566007f03f2

SHA512
dfcb03819ba551e722ff3e59483e675e75d2cfe9d8db615e322a59797c04e46fb8b76b29a4fb938f36eb80090b0dc6e39f124978c319533cfbe80daaf2d4926d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8a75119d54f8e96f3a90bd4758ffead8

SHA1
d6593c42fdcf0629bdc7c5ce3a8cd06287946c45

SHA256
ab9c8d547d245036503e7168f7f4cc646cd19dd453aee95590d39f9fbd5ae61b

SHA512
b8dd6a7275743b9db3ee995e78eccd81b731a2a5144c71378e54b481ffee98637a8eafaae255810a52269f6b8b301653a1805a7e6f39737145aac94866561658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fd264dc7c0b3b48d08d9f1c1793fea15

SHA1
d90e57a2d752c9ce3bc1ec4cb7be5289e10bf1f5

SHA256
75b946c081e936453fea5567b768a0cfa7bda70976a34f02559e455131ccd5fd

SHA512
e78d92d36e31e8ad271521b827c4871f4dfb36fb1f15b51284873b973b08452a5d8131960720d6e65c98ecd79e7e9bca19ec96607fceb3b778297f6e47dc61fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
941B

MD5
4428f17d590e1ef291e8141c44124e91

SHA1
76a2e03cd5f9394f5549bd9f06e835619e5ac472

SHA256
312fc8d2c614901a12f19ac21ee92141dae576d9e0fb6861a0e0f6888f46aed3

SHA512
0942fec668d19d056bd0655adc1d3f81cb53d4060e00f22f6ba6cfa9bf93f08bb765131d344cf94411eeb329a54fa5cde6b2eab63a4e1f040239b15653125a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
492e72e626e38a746477f6748f5418ae

SHA1
2be670211291c47a9294f2c92e0b3cda9fe98175

SHA256
0b09a979a418aa79498a9f7455a93c3793bafabb97dfbef1758f368eed035034

SHA512
639cb3b834bfeb7ccf9a68ad25671e727003e1ef49ab5622f9c373cc6b44a06fe3a4b6130aed0712b7c35054b4638082f19da9d4413d89aeb7812cf294fa0fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e84bbcae1b047be9aefa8b9aa5a777df

SHA1
8261eae33554d18d71c39c4a143b99b77dcae0d2

SHA256
efe17e7c8cdbbbd0a948bac7d44579fe92db4faa194e7985ee8aa89da32eb155

SHA512
e46dcec160b929a9b737ff05a9a3674ee47f02cd504a74054a9f8310e41ed336951dfd5c0246778eab0d2784a6e103dd0c2cc0800a8ed450265ddd1c938836be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e6e5717417e5a042f430261a7ca91d32

SHA1
3d5fc917aa5e326d62e90a74322b9f94d42d3864

SHA256
031ab3025b5d01fcf11d44a0fdb9ad26c864b8c54d2fbe3741cc4e4943763a70

SHA512
400cfab22f3f19aba3240fcded796e6a898e81a0d9ec3dc56b513a382f8fe853c624207d8563bd369a654a462702cd74ae07bfa93d5fc5d45925f1d926e76973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
177d982fbb7ac3b218a9020b54faae01

SHA1
185d4e6d4da67bef38cb3d998539afb917c84f59

SHA256
7d0cb6ccf42f85255767b4aa38f2632a1a7d3aa5718c1ae97c8c644a687971c7

SHA512
22afff9a88c829e3763e73eb8d6496c19175a293fbb6fa218148da75b9be9a754b6a3a294c645e4eae0b08f3b2f581d1acb3b94bcd94dcb5c2f3a4a7d12b9d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
941edc47bfda34961c6231c709b1cfe5

SHA1
00ce51ef2c39963c5f7652a8832664f39e1f52e9

SHA256
bdd69f29af1ab3bbc6cd23594b0577f8348fd0c837843ff6ddb339a1ecc18096

SHA512
3f5b3c98de359f27b2bde59d3c4e601dd47911cadc91eb462ae7bb02288f05ff224726db192dcfbf6fc479cb0963c107392c5c5fb60521b8202aad4affa64b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea71a790fcbefde3c2049990f255ba17

SHA1
ca7864babff67cff7ca6ceee302845555131ba11

SHA256
a4467289bcb94308d18a28d8cb0650814651bf5a008dc23c331d5bd4f7f58184

SHA512
86d4d9b5296a39775c5bdb410cf6bd518f1a51550fd25c3a0a0754c2bfdbd5eac62370401fadca9c6f33d8a9688980ab5fffca56e3ca528f949ae4bfd945803e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65d2c541b4e62e2aa3c73b96f7c3b761

SHA1
e23f384b9a4f85e59a4081d1d3182b82cca1f44e

SHA256
33dfeff3d6ae991b7aeb4abc8caa270373de046cebb4be012cf9825bf77d1ea1

SHA512
2a06a97c37a24ebffd30f2eb557c124aa108f73bc19412f5ae9b72dcdb35a4e2922c1f8ab41d93e7d99265dc9fd69652bb35e48b8c2a0e9da4a48cef1923d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a1fb9edcf23512790f94eb65fae2b0e4

SHA1
786057469e138a28177bb186a63537eeede39244

SHA256
fd721ff1abca7f0cbc19ca86683bd3a911f347a652f2e545f985eea106879f4f

SHA512
a919ed131900823e6ce1890e14cb2b93191ed72437d83809f62eda1baf135f7fdf09f3bbbfcd3041035a55a8ff72d0fa01414c89401dfbadb20660938a24853d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5071ec24201a6a06844b299717dc5726

SHA1
f09f0629c38b2d2e6a5eec7773415cccefe63364

SHA256
612de4ab5b81ec1d2e6991d707ef517430c6a81209ba00dc5ab7a10c7b7ebcc4

SHA512
dfd294a6c74191455605cb409e00a777da3879c0a1f1a86cb9d7198b5734d675f3aec90a3bc85bae2a73061756edc8864fc333ad91c518460a4a872d5da97251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c57e6c4ae762dd1e7569a68d5dcade0b

SHA1
b51d204f8e5e8976f9f02e8b3285f005ed17ed93

SHA256
6ddab41c19f68a4e4f0905f13007bc988539d845811fe78439df690b0f63dc76

SHA512
7d5c0d42e703ac8c67cf3b1a23ca7608133326060984474410314644cd7067642e1bf5d8a8dd1d0e105cc1bcaf529020b37f002a0c4469cfa13cdbc48c31a84b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6195b15c53f174ff7c96fdb0f6ead8f7

SHA1
7319119a75368c0ee4c73cd39d6c612f094706bb

SHA256
0302633a7b4bbca1c20f4b4843151f64d242af14bba3e2f1ea1e6695dc732e40

SHA512
99190d249ba635b1744aca5ad5e3c6c4839e88141cc0084b1d364411b177899a57396519fac9302807e2bab09b80247ef920bb0a0237a67cb3dfbe2450fab034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfc7b48cf8546bdfd5c81a3c07aa9041

SHA1
8834fdcbf83705eac87b0b4015be1c2d6fbda993

SHA256
7afab78ab11fd2b5dab36ac1dec2748f296e953b025af7edc65a9a20efe328f6

SHA512
a01deb00ded61a90013eae2fe19d10b1c4e88a4c2e26f03ed83848bcb3ec33c2fa1cac9ae5af632beae1cff8e5d05277a54bc7d26fb1e843edf25d054e896cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9148c8a78ab9cbb0e0477b88d155f550

SHA1
9fc19d151021d487b3209f8c097c636b675aef64

SHA256
114d974d8fa946b3f67473ef35d23d1e9459792d35c78edf9555c05402b22536

SHA512
41f05b63392bdbf121389f94667ba707cfed26a892e097e82bb7f88403ecaaad7f61eaf6335695830f2196ec9ece0e6306f6f49a7efa0d87032166d1d9ab49c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59c81d4d249c0e0a213e33b0029aea67

SHA1
c07a8127d03ac81c060562eded7f258ad076e688

SHA256
6a9119fc72fd2bd49dc985b82bbb36ff8bbe471308187e8d3cdf0e892b02cbae

SHA512
e5df37314892b0d536d4df69d977f3af9e19a95054a9f83b09976091178e03d55a5c77cd4ac91e3771017771454daeb4e4331fbcf531de129ef60d6495c5f848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7685cfcc86fdacbe3fc131d0a223b00f

SHA1
9732e94b55ab72b7390687d278bc54abf69bf31f

SHA256
664c24fc67a9c89a52456fbcfa77ceb67038227c647efb1bef08e96eca867194

SHA512
ac0b436e5d838b1b03af7ccef2d5013b19b6005c784613513a43efc1c3ad9beb12df7f2ae8051347f8f569c18f5eeb084b3275922bd7891ebcc1c868fcf0d50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8b72b00ed6b84c71596bd637c8b3d8aa

SHA1
f6f61bd4c9500af8117c7603afca6ff8159be325

SHA256
8b5d1082924ee4f4edce7d50e046cf71faa19368fb4d5662ccc21974225cfd4d

SHA512
432b47d927d49d13d09216ac0081513a24fff1d1de8800bebd98ea2b7ef747204666ade2d128acd7c9272b3fd6b7451ff62b5b5b9873444eee89a189ac74501c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b35be11f15a248ec5757ef501428382d

SHA1
5bbf93b47d11dc102ba9e47c9474a7b565883e54

SHA256
724a0283d198496a2caf14d08138fb5684e125b097c3d967413cf3db062b3a18

SHA512
f2736e2a19ddb1a8f368e7f8e99e027e5498587efd3b7aa9c8f74fbe951849ddf3410af79095cf85116e18ad1e8ce49aead7f776b21461a1cae0488eda82992a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc48f97b5663f9bfe9bad35f18482f33

SHA1
76141b8616ce10d80b9a8e31c5f292dd87374583

SHA256
f9c880ce057ec5bd0589f759c797f7323ee256f6b53be8ed38667928d8fcad8d

SHA512
7bda3838c4af9a192cd11e88e1595ad19fd49c18f3b34e1393b48f89d01b007e41dac20abcf284174138b76d2590e6bb1850638ed8b195b9864d6ebd8625f3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2912d6801aa8773d540839b462a2f241

SHA1
146142883374ea94cd9c92ff6e76fa3d1231e2f5

SHA256
92dcac220f9ecb2225d73efe23e6325ab95efbeda75a43bc3e94b2947098979a

SHA512
fd33d08821733fc0857436794d7bbdc0b47e244f1fb4e310b539a9b59ed6c46259471c9aa74e053d44e95f2035ef4644b8ca96283cc170be3e5167eefd38fd56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5bc88785210761f4d6107e478e95736e

SHA1
e5263f93bd4d7b0d6976213772a9da5d1273f119

SHA256
c77d94e32f587c4e458773fdac31c656080031f4e817b14783959540c5dc996d

SHA512
4764361129bc1e1d0a12dfe80dd4d2275c4c2f59cc8f514111b7ab90c4fe45e274cf06505cf2d8780401126e28ead95b64c25679929a400e6800f03e1fbfbba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c129f561b31d6defd1e4df495873abe1

SHA1
82ef2d1c47156804706b96782a7aea7cddfce694

SHA256
c7e2d597811a438de484ac23ffb176e3ea84bc25b5b5bd8cf674cd3a67631182

SHA512
abd1ff8263b5e3ff3d9e561a33a0a430be83c1ebea12c46524d9e88628786136e9190813e25648258837715da0ae38a012632d8583ebcaa57285455df601bd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5adba2574198396fc37e7728d86b430a

SHA1
46db7c14b77febb406899c76388f02f35833ffaf

SHA256
be9f37d06c671766c05665b848d0b39ed6233fde18248d2b2c0b7aa1f8643cfe

SHA512
4161e23d2cc8b50a769a5e07bc924a2c0b6a38382ae257e4166c63423ba7fa9ab82c85457717aa26c9bc7cd5c4cffd9bf2ddb7ec672f0a6b5ea3c7e4a76ba83b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0c394f19f41386929ed2165e2f0f4e95

SHA1
1a8401cc62f45d019a5b8cb8ca5a2c8ea274a691

SHA256
a9fdcfcddcb39a9da47e08f505575bd8ae120af245a2283f303c9a85413c72b1

SHA512
4c7f3148b4c24d6dccbb20fa52412176465f7434997d786c080a502f8c52cbc89a6b6ea8729586b17b50aa4655b28e7f299132d8e8070b193bde0c827e28d920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42b51000c102ef61d778dfbcca928e73

SHA1
c5e472f5ea30f867c90d6d4869230628f7e6a094

SHA256
7b14a2ca81e3ea9c118a2cde644403454296880a599fd6392618c0840a2e06ba

SHA512
4c7181378a99180134ac0c0d7666e1887ef8d6fcf96454a570cf313e0244d3ef5a1df58dc11f76a1effea842865c76d185a098593b35823cfff1fb4adfffc651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88ce37e96dda84f57387e76382b7e68a

SHA1
43d4ef6bf2d765acb79e99c9c8d03b8a143cf199

SHA256
740cb58a4d9d17f1caf362a7a5161855b0a7d9e9b27d225643cb2a1a880b4d32

SHA512
1fa3beed6795b11f56f23a48b75ce46027f1b9371adcc46c62e7cd06ed0c0e71c25377a25f6456e2bf7ff8df5436c32065fb2f39bc553722a86740bb40fdbaf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
add7f8c9ec88199c20ef7e22c196a3a3

SHA1
8a5c143d80e69cf9c51cb576d1d9ba8973a7b8a9

SHA256
5cf840417797957c29247ccef1f92315d1d85cdab36c56413b714e5e78286846

SHA512
4b3195def23b45a229421c63a18f0e70b4f3ff4467724f9af9f7582adb3b93475c840490628fb8851bb429b4c111329b2deac80b8dc0983cb8d77ef63aeb2846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fba6.TMP

Filesize
1KB

MD5
db9ac96f2d3d68b1630b029fb4e824bd

SHA1
337d455e813d400c2059362baf364047bcc3b1c4

SHA256
08239c516d6c886ed5632044f8d18653a3a1c8a94c15acf9b7a558097d964cd1

SHA512
770468c267ed00ea37b95d7d622dd898c8d92a30408b086315de155de946ff35cf1fbc3bcf1a7da1590bf2d401acc31e68d0e1aa90ab9ab987eec58e65bfc6da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
49e484c38f767f175ada4aee10e126fd

SHA1
cfcd05516fecf3b56d1adcbc1058166cd84308a8

SHA256
7ac23f9e867004df32c2b19528995ce5ab26ab67391e3aee05315c2169825a25

SHA512
cf4b60e6dfa0546d8f6f73dd153197b7f7fa86c409f1c1ccd0e32f495483da1700f4ad6814d992d6b5450d66daa0817b227c875627e46c3e16590d9691207d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3d2f5d7c45c2ea0200599ac00281028b

SHA1
6d284658b737d5e38b6b164bf7605ca04a368c57

SHA256
94c4244c8fabf5e5f1ccd7915f242851043bd6e85cfc90d745964d41b9da063d

SHA512
e2a66f95748364ecf42dfc7f931de1b77fafa88194a53782c943127ed47b5469035411476d265c0ac7b13324960ac5f7df8ff7e345b9adf2efdc2507efc9f525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1325c571edef52db70689a8d0fe897c4

SHA1
81e62b862d4453dbff047dacfdeeb0aa40c71daf

SHA256
18ce689d3873d12d0b76330bc486546d494b49a7f8819a46a98dd555eeca3520

SHA512
5c2b33edaacbd2730da22c4047af19bdf473fdd82c2a54cd512908308b8704eaecd03a2b435218c629f1c64104eeb34c792d7e5e94753befb325d5c406d15c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d163e622ad4c2798889b0282258d6104

SHA1
49217e7b23aba32ddb565c327d0debf7fe632836

SHA256
3044ca9fdc2d6bf54e439f4bccd251a40ba0d80ecac168b7ac616b8a83b00310

SHA512
42f45209490a413b80460b369e72d21e2856e9123559748f0e83c3e6b11af9e12d0d2829c2321eb4660aa4e344c6fd09cf8543831a93741e9f52284ac5f7c0b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
647c6400d9d13590c7f3f3f0df176413

SHA1
dfba2a5deb7df7a62e5de34116307b07da5463b9

SHA256
0e170844229acec46977d5c7cb287a53aa7d9f93ed29409e54cd7667d919287c

SHA512
befd8202ae8ab28b657f4e1a658366908373acac7cfb3a9e17a4f35068bede3b0b57c74a39a3b1e2491e176ad10b1dde40df35b1857b9b495054be3fcd221677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5daa61d6182ac63d76fb3f5b69c8ec3e

SHA1
db4007be97cd955f6de8b130e94a697a38a5a52e

SHA256
08f1b9b9af0099a83c728039fc10e0ce940ac1f34c4c0f2ed028a4f9547c9cf9

SHA512
653913375916e454514e01a518dc0f9929207a3775e34cd606dacebd5a279d7735d23ad15f65e3206370979f535c578e19a2455872e7b36acdac1505ba5ade3a

Download Submit
C:\Users\Admin\AppData\Roaming\!WannaDecryptor!.exe.lnk

Filesize
590B

MD5
fd2472cdacfd49a2c2e18dea21e0a923

SHA1
5b42c90a92b2bc0cf987242d31502340c7aad5c1

SHA256
116e42c47b3dae79ae331734753f6a16c65ce8b68f70a8e08a81936a9ed62a5a

SHA512
805ae540e339e831c454b7d0c730f359294eebbfb144e19ac54e35565eef934911b3f61828f6c4e477f15bff58fc5823f33869af7eaba4b0592be46865108649

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a98764775bdf654ba63e0ec3bf158d47

SHA1
612a0f6901f1f9604fa68601c19f1c972a88689b

SHA256
0f53cc09bc10086f8090667a24fa9d44341603e99a3996f8a1e5eb7c7a27e07a

SHA512
59f3db05c2e6f3f4250911d07aca6bcf5349596599b73dc6fc1b953633ff5003ab9ab94a3030a1558e8aa4252e688784eccd5d04440e15a4fdfd631fd3eac675

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8320bf5477af8dd918f8ba9c4aa92756

SHA1
46d4ac994e17ff6daf7a4de444543a2afaa21db6

SHA256
6a83b1bf62c2f3fe51825c004b2f82aef74149030fd8abf55737920537fe18fe

SHA512
d613bf81bef35cae081e15eadbbaffffc761be58afdc8addd06ca135b7a9f59fd7792e92b1e11079c4d30e02466dc0521a7d575867a3d69cf2d96e9d594718fb

Download Submit
C:\Users\Admin\Downloads\!Please Read Me!.txt

Filesize
797B

MD5
afa18cf4aa2660392111763fb93a8c3d

SHA1
c219a3654a5f41ce535a09f2a188a464c3f5baf5

SHA256
227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

SHA512
4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 75762.crdownload

Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 93113.crdownload

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
C:\Users\Admin\Downloads\u.wry

Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
memory/1940-5059-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/4804-1034-0x0000000000D30000-0x0000000000D6C000-memory.dmp

Filesize
240KB

Download
memory/4804-1035-0x0000000005710000-0x00000000057AC000-memory.dmp

Filesize
624KB

Download
memory/4804-1036-0x0000000005DD0000-0x0000000006376000-memory.dmp

Filesize
5.6MB

Download
memory/4804-1037-0x0000000005820000-0x00000000058B2000-memory.dmp

Filesize
584KB

Download
memory/4804-1038-0x00000000056C0000-0x00000000056CA000-memory.dmp

Filesize
40KB

Download
memory/4804-4917-0x0000000006D30000-0x0000000006D96000-memory.dmp

Filesize
408KB

Download
memory/4804-1039-0x00000000058C0000-0x0000000005916000-memory.dmp

Filesize
344KB

Download