wannacry | d55d493a2557246903f0faad635df8f6d286589a037c6e6cb467a3f67d584d26

Analysis

max time kernel
897s
max time network
901s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2025 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Main (1).lua
Size

354B
MD5

865f8163347ffdcc10d9bd9d80b586eb
SHA1

a7bcd3a55d45a6cdd4d0cca5b185a41baca3cdc2
SHA256

d55d493a2557246903f0faad635df8f6d286589a037c6e6cb467a3f67d584d26
SHA512

535de35dbb763c10d328bc3fc673ed7bfa672e29edbf5380adc3e34585dab5295a795f6594cfcee88201a0e9f55f1eca4c611842b8a7eaad4a57ad4f7dc1153e

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDDD0.tmp	WannaCrypt0r.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDDD7.tmp	WannaCrypt0r.exe

Executes dropped EXE 60 IoCs

pid	Process
624	taskdl.exe
4868	@[email protected]
3736	@[email protected]
2720	taskhsvc.exe
5440	taskdl.exe
5788	taskse.exe
3912	taskdl.exe
5976	taskse.exe
5424	@[email protected]
3344	taskdl.exe
5144	taskse.exe
1528	@[email protected]
2572	taskse.exe
5700	@[email protected]
4204	taskdl.exe
3604	taskse.exe
2844	@[email protected]
4600	taskdl.exe
1356	taskse.exe
3652	@[email protected]
2532	taskdl.exe
3980	taskse.exe
5520	@[email protected]
1420	taskdl.exe
4292	taskse.exe
716	@[email protected]
2436	taskdl.exe
3316	taskse.exe
5056	@[email protected]
5292	taskdl.exe
4636	taskse.exe
3344	@[email protected]
5024	taskdl.exe
5604	taskse.exe
6084	@[email protected]
5800	taskdl.exe
4888	taskse.exe
5752	@[email protected]
3992	taskdl.exe
3552	taskse.exe
6008	@[email protected]
4816	taskdl.exe
5328	taskse.exe
740	@[email protected]
1692	taskdl.exe
2652	taskse.exe
1700	@[email protected]
2912	taskdl.exe
5736	taskse.exe
5784	@[email protected]
4412	taskdl.exe
5856	taskse.exe
3136	@[email protected]
5020	taskdl.exe
4136	taskse.exe
3232	@[email protected]
5756	taskdl.exe
5476	taskse.exe
4328	@[email protected]
5456	taskdl.exe

Loads dropped DLL 8 IoCs

pid	Process
2720	taskhsvc.exe
2720	taskhsvc.exe
2720	taskhsvc.exe
2720	taskhsvc.exe
2720	taskhsvc.exe
2720	taskhsvc.exe
2720	taskhsvc.exe
2720	taskhsvc.exe

Modifies file permissions 1 TTPs 3 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
6004	icacls.exe
1668	icacls.exe
5980	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ovmsvvcyf828 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_WannaCry.zip\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
415	raw.githubusercontent.com
416	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCrypt0r.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCrypt0r.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCrypt0r.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	New Unity Project (4).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	New Unity Project (4).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	New Unity Project (4).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	New Unity Project (4).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{5551A0AA-CFEE-4701-AED9-EC939EB9F1B0}	New Unity Project (4).exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	OpenWith.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3232	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 674559.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
2400	msedge.exe
2400	msedge.exe
828	identity_helper.exe
828	identity_helper.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4032	msedge.exe
4032	msedge.exe
4312	New Unity Project (4).exe
4312	New Unity Project (4).exe
4804	msedge.exe
4804	msedge.exe
4668	msedge.exe
4668	msedge.exe
2720	taskhsvc.exe
2720	taskhsvc.exe
2720	taskhsvc.exe
2720	taskhsvc.exe
2720	taskhsvc.exe
2720	taskhsvc.exe
5044	msedge.exe
5044	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3992	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 56 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2784	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2784	AUDIODG.EXE
Token: SeIncreaseQuotaPrivilege	3612	WMIC.exe
Token: SeSecurityPrivilege	3612	WMIC.exe
Token: SeTakeOwnershipPrivilege	3612	WMIC.exe
Token: SeLoadDriverPrivilege	3612	WMIC.exe
Token: SeSystemProfilePrivilege	3612	WMIC.exe
Token: SeSystemtimePrivilege	3612	WMIC.exe
Token: SeProfSingleProcessPrivilege	3612	WMIC.exe
Token: SeIncBasePriorityPrivilege	3612	WMIC.exe
Token: SeCreatePagefilePrivilege	3612	WMIC.exe
Token: SeBackupPrivilege	3612	WMIC.exe
Token: SeRestorePrivilege	3612	WMIC.exe
Token: SeShutdownPrivilege	3612	WMIC.exe
Token: SeDebugPrivilege	3612	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3612	WMIC.exe
Token: SeRemoteShutdownPrivilege	3612	WMIC.exe
Token: SeUndockPrivilege	3612	WMIC.exe
Token: SeManageVolumePrivilege	3612	WMIC.exe
Token: 33	3612	WMIC.exe
Token: 34	3612	WMIC.exe
Token: 35	3612	WMIC.exe
Token: 36	3612	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3612	WMIC.exe
Token: SeSecurityPrivilege	3612	WMIC.exe
Token: SeTakeOwnershipPrivilege	3612	WMIC.exe
Token: SeLoadDriverPrivilege	3612	WMIC.exe
Token: SeSystemProfilePrivilege	3612	WMIC.exe
Token: SeSystemtimePrivilege	3612	WMIC.exe
Token: SeProfSingleProcessPrivilege	3612	WMIC.exe
Token: SeIncBasePriorityPrivilege	3612	WMIC.exe
Token: SeCreatePagefilePrivilege	3612	WMIC.exe
Token: SeBackupPrivilege	3612	WMIC.exe
Token: SeRestorePrivilege	3612	WMIC.exe
Token: SeShutdownPrivilege	3612	WMIC.exe
Token: SeDebugPrivilege	3612	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3612	WMIC.exe
Token: SeRemoteShutdownPrivilege	3612	WMIC.exe
Token: SeUndockPrivilege	3612	WMIC.exe
Token: SeManageVolumePrivilege	3612	WMIC.exe
Token: 33	3612	WMIC.exe
Token: 34	3612	WMIC.exe
Token: 35	3612	WMIC.exe
Token: 36	3612	WMIC.exe
Token: SeBackupPrivilege	1288	vssvc.exe
Token: SeRestorePrivilege	1288	vssvc.exe
Token: SeAuditPrivilege	1288	vssvc.exe
Token: SeTcbPrivilege	5976	taskse.exe
Token: SeTcbPrivilege	5976	taskse.exe
Token: SeTcbPrivilege	5144	taskse.exe
Token: SeTcbPrivilege	5144	taskse.exe
Token: SeTcbPrivilege	2572	taskse.exe
Token: SeTcbPrivilege	2572	taskse.exe
Token: SeTcbPrivilege	3604	taskse.exe
Token: SeTcbPrivilege	3604	taskse.exe
Token: SeTcbPrivilege	1356	taskse.exe
Token: SeTcbPrivilege	1356	taskse.exe
Token: SeTcbPrivilege	3980	taskse.exe
Token: SeTcbPrivilege	3980	taskse.exe
Token: SeTcbPrivilege	4292	taskse.exe
Token: SeTcbPrivilege	4292	taskse.exe
Token: SeTcbPrivilege	3316	taskse.exe
Token: SeTcbPrivilege	3316	taskse.exe
Token: SeTcbPrivilege	4636	taskse.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
2508	OpenWith.exe
4312	New Unity Project (4).exe
2400	msedge.exe
4868	@[email protected]
4868	@[email protected]
3736	@[email protected]
3736	@[email protected]
5424	@[email protected]
5424	@[email protected]
1528	@[email protected]
5700	@[email protected]
2844	@[email protected]
4264	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3652	@[email protected]
5520	@[email protected]
716	@[email protected]
5056	@[email protected]
3344	@[email protected]
6084	@[email protected]
5752	@[email protected]
6008	@[email protected]
740	@[email protected]
1700	@[email protected]
5784	@[email protected]
3136	@[email protected]
3232	@[email protected]
4328	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2028	2400	msedge.exe	87
PID 2400 wrote to memory of 2028	2400	msedge.exe	87
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 2172	2400	msedge.exe	88
PID 2400 wrote to memory of 3184	2400	msedge.exe	89
PID 2400 wrote to memory of 3184	2400	msedge.exe	89
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90
PID 2400 wrote to memory of 3960	2400	msedge.exe	90

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 4 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5564	attrib.exe
4972	attrib.exe
4548	attrib.exe
2860	attrib.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Main (1).lua"
1⤵
- Modifies registry class
PID:4624

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb19cc46f8,0x7ffb19cc4708,0x7ffb19cc4718
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7344 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1432 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,7869372422811049990,15138796491404253231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2784

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4032

C:\Users\Admin\Downloads\For Itchio\For Itchio\New Unity Project (4).exe
"C:\Users\Admin\Downloads\For Itchio\For Itchio\New Unity Project (4).exe"
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4312
- C:\Users\Admin\Downloads\For Itchio\For Itchio\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\For Itchio\For Itchio\UnityCrashHandler64.exe" --attach 4312 2228387123200
  2⤵
  PID:4176
- - C:\Users\Admin\Downloads\For Itchio\For Itchio\UnityCrashHandler64.exe
    "C:\Users\Admin\Downloads\For Itchio\For Itchio\UnityCrashHandler64.exe" "4312" "2228387123200"
    3⤵
    PID:5228

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\WannaCrypt0r.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\WannaCrypt0r.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:1968
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - Views/modifies file attributes
  PID:5564
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  PID:6004
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:624
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 26331737993612.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1052
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5184
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:4972
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4868
- - C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2720
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5152
- - C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3736
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:5476
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:3612
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3912
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5976
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5424
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "ovmsvvcyf828" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\tasksche.exe\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1232
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "ovmsvvcyf828" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:3232
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3344
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5144
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1528
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2572
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5700
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4204
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3604
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2844
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1356
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3652
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2532
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3980
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5520
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1420
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4292
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:716
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2436
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3316
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5056
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5292
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4636
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3344
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5024
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5604
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6084
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5800
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4888
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5752
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3992
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3552
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6008
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4816
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5328
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:740
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1692
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2652
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1700
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2912
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5736
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5784
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4412
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5856
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3136
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5020
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4136
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3232
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5756
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5476
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4328
- C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5456

C:\Users\Admin\Downloads\WannaCry\WannaCrypt0r.exe
"C:\Users\Admin\Downloads\WannaCry\WannaCrypt0r.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5352
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - Views/modifies file attributes
  PID:4548
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:1668

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1288

C:\Users\Admin\Downloads\WannaCry\WannaCrypt0r.exe
"C:\Users\Admin\Downloads\WannaCry\WannaCrypt0r.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2844
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:2860
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:5980

C:\Users\Admin\Downloads\WannaCry\taskdl.exe
"C:\Users\Admin\Downloads\WannaCry\taskdl.exe"
1⤵
- Executes dropped EXE
PID:5440

C:\Users\Admin\Downloads\WannaCry\taskse.exe
"C:\Users\Admin\Downloads\WannaCry\taskse.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5788

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4264

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3992
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Bonzify-master\Bonzify-master\README.md
  2⤵
  PID:1284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
1KB

MD5
183b9be2f3c4657bcf4269e5e134132a

SHA1
1657a09e6437ebb29cac1dc033e3468be780b0f0

SHA256
7b779ccc3b9e72f37fd5cc988cd2b3720d3fe2457ad7e4ea92d09e90cb903069

SHA512
f94e2df19be6199e8fe27621261d59ab1235c3bc70f368444c9c052ead319e2513d5994f1c0aae002f7254c4ab205acd734647807a218b6b0cd2317ab8115b94

Download Submit
C:\Users\Admin\AppData\LocalLow\DefaultCompany\New Unity Project (4)\Unity\94d89a12-1e54-4018-8ba0-96f1131ae8dd\Analytics\ArchivedEvents\173799343100002.6dec5718\g

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
C:\Users\Admin\AppData\LocalLow\DefaultCompany\New Unity Project (4)\Unity\94d89a12-1e54-4018-8ba0-96f1131ae8dd\Analytics\ArchivedEvents\173799343100002.6dec5718\s

Filesize
344B

MD5
559e99eda52adc6d9f739d8be3bb14e3

SHA1
fbe4e3f5149f7f1ffa45074bab5b32abb5de8a71

SHA256
0599eb22db6b2745a96dbd0e6dce016603bd67da0e8cdf7b3b86f08ab374f90e

SHA512
8e57a77e91b1f29bdde3319006ffea3201cadd2468084ee3f12af890970479a014aef49b069b4efeb5dfacf88a88813224a51914e1095a7189fac814defb0342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\81619cf4-07f3-43d1-b4b1-1a5fb4aecf67.tmp

Filesize
1KB

MD5
f04eda0a98bf4913b8f083888f16ce7f

SHA1
104fdfa64610d1a37fd1b5a2d94837bb3dfcab4f

SHA256
aa099135baf880ca59320f402dac9e77e13584ede19b77f164232a0d4e54a116

SHA512
2bf835e7ea0168394a862436be1dca7829feb721afc4de1a14a67a382ebc6e06dd8b693606ab3c446942ee8843a13717d4cad6553d3ea22fb2b97d4d3691d2ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
9f96d459817e54de2e5c9733a9bbb010

SHA1
afbadc759b65670865c10b31b34ca3c3e000cd31

SHA256
51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609

SHA512
aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
53KB

MD5
f0ed4d4f5328e175c5f5662736c2b691

SHA1
55a4bbd715119d1a76ac61992a228a14f3fc4681

SHA256
1a39ec320977cbca174aef55b071790f66d9b10b73598abeabc350b01b7bbbc1

SHA512
39466a7eb8045f7e05fe9fde2d15fdf38180a1766cb809d677958977b87f4f017a81976b1d477945bbdf8d1b5f61ba534576f95d2200d401223e26972c6cc679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
46KB

MD5
dcfae2907d72940c725a985482d0f0b1

SHA1
053c92c84730b591743284a0e69fb1ef639eb701

SHA256
32e775c7b0976213c53a8d1d2f0357957482efa8a9483e068cccfff8503f64d1

SHA512
8b57c84d513a77d837105cd1d56c0531533de74aabd727f581cb5351cf6ac7f16ec0e3dd0097794265f90e1ad0d895b9e1b3991607df48ced2efcd94ed78224e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
71KB

MD5
b78b5c4671c26f1509dc6c7ff058398e

SHA1
cdd970d25e7e6a1810e728f4fb6ee35d1b5ae00b

SHA256
94ebe9c247ba14fd314a779358315f3e9dd2356c0e8070f42b208db2d5e21d6a

SHA512
4b07d6f4b9982a24ebcd2d1af65fd34899a8f3144481ad1dc7db7966e4ab9287032e87225359d0e75460dae4bfc2ca7a7434914d665b1cee66c4a559062ef14b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
106KB

MD5
738dd884b47bc3ea5f19a6a4c1f92cd0

SHA1
74d121619f1b275b9e22290a9cf1b505696c7305

SHA256
29075d14d0ba16cf9bb3965c8bc3e26485249a5dc83a09ec7ee537abf1d61168

SHA512
3cd214e59baa205df23c75e38bb41491179c61fd2693e216fe8acf9e5f371b6e6922e6d123c204481d4dd42a6d9e53485fc23aa5d3c051b3bbcfcd573b1ea2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
71KB

MD5
143efec25d3e38dadc94a8d828fd38e0

SHA1
1050130c8bcb225ccdd46ffb41a19c9cfc8f77e2

SHA256
d50026ecbb38cb75d05ddcbf0b7b4e176cdeb29f5ea37bf29a75f8a47e567dc1

SHA512
3e575cda1a7a513fd69ee2e0bcdafdcc2ecaef27061f6c9eaa2698833deb6c1a01c44180f5190a8fb911ede5d83f5c168170424862cea3191d5bbec2669d083a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
20KB

MD5
dac18388ad86ed5ec1bd4d3bdedd4bb9

SHA1
1e30106429e1e84a697db46be2dff99a6df0f6bf

SHA256
0bbf84d7088148e0a398ffa522218b3e0c12a56f95c613cd5b205fa22414ad4f

SHA512
9b108ca9cdcf79577525ccdc752ce6c753323ca918a23b8f4e99041be4e5411f702d185884494b57fa2f2f58083dbe067c37312a6d4663d6d923990b0c4e499f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
59KB

MD5
016c4662de6088a5cd701abe94707c4b

SHA1
ee023a261f36b368e67f9cdb3e5bda9544158f2b

SHA256
df5d712cd535e288fb0e974c2e8dadb1c0b5922305383d2413bf40381f71a5cf

SHA512
9caab122edd5dbf2c4e55b4ff8af54be1960fdfa84cfe8b80b594e59faad57fd9d4523451289822af165e11538b66ece7c4d2315f231b563412e1919b7b0af44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

Filesize
20KB

MD5
4c0e50267e16196f98c0817785a8c125

SHA1
23064de7af9d53d06a82fcfb4cb107731127c437

SHA256
5e5dd8d3d067b5a50d9284de24e90b9538b96938d56b024074ef602ae7d83584

SHA512
86ca6e9de22af6d21ac57a3775cdb4a287ee39c1cf656d9dffca64ed09f13dd54c30f324e2ee322014272d504e5a4c09297ba8b75a742f4ee67e314c80021e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
20KB

MD5
29f554359bbbd907f84d10ccc6b147b8

SHA1
4599317817dbb289b648e1280f1fa2a4682a26d1

SHA256
4618589e5948a8d8ee3127edcf3c9d991281ebd0c4ee800948f189858d1c2507

SHA512
0769c0999cdfe078b582f6516051fde73901afa2761ad860b8e654f7463bf774e2d32e634fabcfba0ff7228bc7e2362b122a0913bda5faad61bbf42b248c887a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d

Filesize
39KB

MD5
faa3a154338e980726fffcb28c948727

SHA1
50d31abf59b099012eed636660d7ad5af04d8a13

SHA256
7d6352d3942114b1f2abfb9daa2d9fe28c6eab5f058b3ae7237ec539aa00004f

SHA512
19307753ac862590c298230e4584d05b57eeeb921b427b434fbf183d5bf43960d749e1a762dc1bd7656090f846d4878a359cd8785920f2c68930d8ab48d031d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009e

Filesize
29KB

MD5
b9ea8edcc3a66a0f7a5f611e3eccb392

SHA1
46b0253cec86db645844939d262a53dd3fd041bb

SHA256
0494e66e1719f846d5b2f7a714601474f662b99377eb8622b3df2abf35734781

SHA512
f08cd0927eec4b9d8e895cc35ca8aa27527e2cffc5a131bf890322b24eb293022f6721726750feb6d0de040d9fe6128c5ea1469213d6a9e78cc7c495bb289023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f

Filesize
32KB

MD5
17230db51e45c7b7a84af82e6e2d3ef8

SHA1
d2f82ce7d349fae476a8b0ee6d68875c0a2035be

SHA256
2883b87e0fc345092875a58775d9f7c561e5f62ccd1a024e274620a0b90effe1

SHA512
9daccbed4f9ee864839d540b072c9ce422d452f46c30423ed0cba1f467776a659bfd1e1ff58392e55fe1603311cf0293bdf921be13a334a7d5bd0657fa731ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae

Filesize
739KB

MD5
a72b56740851c9a391b71822d836f8d3

SHA1
ba70fd164e853a77511444450ac08f324741a0d7

SHA256
6a66640f9facec45a3d997372f4f2fec6d41cffaa091ea63b576a5c372cd71c6

SHA512
490a862aad965b12d0a975d45c573b1e60631608869a592b745de5f9887ff3ecb3e599fb85d38427c42ad8a67289cab9ec21ec17ed28f9fa52231a6861c25a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c4

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

Filesize
21KB

MD5
47ce2d83c35fd76a6d6f7b8b3413a85c

SHA1
9924f62dee99cda84d48d7bbc60b0d8e57357bdb

SHA256
e4426cca4dc4dd6cb5fbbb0d9182aa0f7fae061709e58f014df910d19a74c828

SHA512
819a17ba1f4d4bcf0152acd0932d6852d72cd51cafbe2009eee7e609e5ce0761b19087d5959f90fdf69e26a1a1851bf7fb0aeb688181c94a24cd096e3522e11c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d5

Filesize
28KB

MD5
8bc7f152e40db23a18a4614bc375ab30

SHA1
072aa1d6937b94bb7d5da3535219b08b20b0a5c8

SHA256
4606f46aea5ea7c35e38acfd86db7fa5f73e9e256a07d0d892984bc4fd62bf50

SHA512
3c738fd9a2a7f26b1a80bb2a01df37752cb4127ea07c43046d377ee3e1de71507d5b62d76fa4a2e0cb1c5644e7c6bdf19d30d752071d93206f80ed555c3f6906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\068bab494f2eefea_0

Filesize
3KB

MD5
cf167dbdcb7c638a7e3bca9fe5167252

SHA1
ddd76123ec106be4e11badb6f4869ebfc7e13225

SHA256
5bde37ed65712bb08d562eaa2e551c709c1e942db263bc18f8eee01fcda77bb3

SHA512
7cdb444b59ca6766f380b6f3d40704c45aad69a998041fe6937a1462258a189ed4d54f26a8cbe371a14d424131d7e22dd40d74ee14194abd45de8b39ff53323b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\08e5a9b722f426ac_0

Filesize
55KB

MD5
d7f5be968e5e9302eb374ee5fa20b41a

SHA1
9bfe176d7e153a870c5e569bd1f331ec19110f5b

SHA256
0c967a0f25f9715349329c8e84f9bb202a33d60e0537b3912f922bf1801e10c4

SHA512
e800351c233f578127a2c9215a0720aada908f433ea6175e3f7f49a94dba9176d95104a353cfb1ceef630281642541a2a35fabaf420007c5d2207f6d6f1e8f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
66257b476bfa4b149cf09b932e240466

SHA1
fc315fcae6b73fdeb08430709b0fc24e2107bfb4

SHA256
624363cf9aaaede956cde0d8d72a57937c9a6e348a0886a7440ee82222d49a45

SHA512
86072f560a97828e8ea181497f3ea4e91374240dd7de74947e079ef5c3c285e24cda60e02eca587afe7f4786847878753f2a2284d30255c8d804028bb24d9c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0fd981e21e6cb3ec_0

Filesize
198KB

MD5
b2463d259d00d67006b11ad50a9fbdcb

SHA1
44669c3128f565a47eb2d399db54653fb28aee4a

SHA256
7d0ca689bd8c7d6efc14aa040271e032051e617098913c06e2893b7da36960cb

SHA512
c14cf1a70aad323676d359c8f2505839f1ee1fbd697ec9c046d516f9bb17b0b29b7245e0d8b8e8715d586142ecac5ea76a0de89b87b80721a03ab597d315acc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
0f35605da00597ea3de3d805aeb647c0

SHA1
47cfad7517be3354c6013ab8fbd7f89a1b993327

SHA256
062fed2f0a78d8d016011820a97ae3455e1e97adf0c732ad72a9068a48e536de

SHA512
03dfcaaed61ad5dad0d8e6ebb64ae60de59140adf8687f5c8680b3b7191c4d48b003b9b2fff6f418a10d8450e955a700b33ccd9f211f22fa2f69825094276fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0

Filesize
5KB

MD5
5ae377cd86c89449cca1579525d9eb54

SHA1
028c062887110b239df4f88538d1e614159c9c94

SHA256
7e5ff5a5e52fb9adbcd923bbfc5194b2ca8680c0d01bfe6ffe2c0f770464d020

SHA512
56c2890199ca9182e4b8f1e8bc5e8915601c0a71fbe4beb57495e33c20bca585251bd9c881c6c4223e3caf4c91f326c2d23fd78b288a5cba6ebbfd4f57d33bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23d32eeab63ba129_0

Filesize
32KB

MD5
e5b09e8ad36aa2bee3160190942edfa9

SHA1
b2dbc1e2d349e6a1240d98239f73022a805042e0

SHA256
8b885d675c5b5b3c57688418790d2bece0c04d1a611894b9a904b928e601807b

SHA512
eca35cac17bf04c0b987d27be08b63e1e3a9e96bd830d03a7e28af14a85497e6676e8616d266811e8c22a2051663e22ec4eef76ab749838243bc1d697db90067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
2bdfa768e9b462cb0f196d0689bf2211

SHA1
f19d4b2db5ba14456c3417decd6d0b2d9823fbd6

SHA256
36dfc3bcd27660515e41c0e49637ffee3ce82847d3a7a93c0262765a53ce3f1f

SHA512
249958c1044dd783b5edeb2fde4e89d6e0f460f4c47e8820d65a4fd6191de40a9c2b67fa705fcba3330d001b06f41dc4d6a16cba762e5cf9f286afa45ef17505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0

Filesize
3KB

MD5
27c9afc8ada010e4375de7b8853daa87

SHA1
dd629b88ec4370a234272952ad0f2ea09cdc42bb

SHA256
c8032144d42617d098a6c10b82a6641ab33ceb23f2ff3bce12ec25ffb8bc3661

SHA512
041f22c629f59fafe65888e3e1e5921c12e8113ad7d4464d7016dda6f11ca246795221a96c50f74132dff8b748ccee28e585d67d9a0aec759d540180125f03bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2706d8cdbf00fd1a_0

Filesize
262B

MD5
95b0eb795831477c9c8661b8d651bf74

SHA1
68053c17070ea5d34499283a876d1d694a93fbb9

SHA256
572a956ecf38a60ac337e1b6bfb63b8ef1c98eae96fb7c33346e822a5b5e7bda

SHA512
c53a28a841be44d6d9754f9aa75b0e7dd1345041a0d532f8fe088093254d123b54e65b098c7a69f16ed9e592c02a203fbba1cba2200dee1c2b70880f66b87f38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
abd6718cfb0412bebf730c9f8b1fa0f4

SHA1
436272fdd68a09397f414e6a267b5082b2e7121e

SHA256
bb6a6d551178d9a574fe75103ceb1a2fcf57cbbdbbbdcbe33bb77bce0420ad3e

SHA512
8156e72b71fe11b8e5f74e165d802e1f2f129040aae3636b17aca12e3a7c501fc92b95704a56247292276cbb3437d90bb0d37933292befbb1fff74dc228b477a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37249cca66fdcc12_0

Filesize
1KB

MD5
3d50e8c5cb45871d9f599bfc4c715a40

SHA1
88785456123a17cf3fa35cfa26267f44b68f0a14

SHA256
d5951c5c69330a53952c4e627fcaebeea5a6af64f215732b06592125f28b5e27

SHA512
6923aa3c883b0ebc04d6e6b1a80e53b2f57432dcab773d20dd6ff478de43f2d524a87660db987dac9108d63fc87eb25bc46f17280f9f3a02801d58ae804fd50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
27KB

MD5
a73a4206aeed7d959da4da0f1fb28294

SHA1
c5f8f7fffb52a3cf5a46e6a3ca5adf970f26049b

SHA256
5da221c01aa2b7b581cbca3d4af205206ee426fac3c856d7f124ec35b69d2556

SHA512
aa00c021764d9f41f84e05010b105f04f2d4fdf3905fa931fd339aa5074b49fb13e7b6d1ddd3ccf40ccaeeadce8a97702f595bb5885adabc6dcb8487b7caae59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
6KB

MD5
57a8d099ff15322f3d06cf8c5b4568fb

SHA1
527f6b014dee152f36197022241ea91838580878

SHA256
a6c049396d2b0e44597fe5c53164656ae28611404d16a589d8eb7bc8163c38dc

SHA512
c7fbc723e5a74d9d309b5462bf4cc978656e2e9a7a359e88b73526ff5e11be33598e63a2f2338e137b38bec030d51846d18bdafeca3ec89d26f21fc9c1a13697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
846938d44c8abc8292bb50eee9f7542e

SHA1
96c42ead3a9b5e504a748b13314b8df8fc46c3c5

SHA256
4d2bd456d448c47fafde3fb8be2c0ceceb4d6ea5f6929e10a061beafe7705c0f

SHA512
d9c6b3f83068f50997f26f0921e72e3ba2155c9f9b32070ef683b558c54c68d912c633d4fff6cdddc2938f90de24935a9543001a1055bab5ef22366a42edda9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
b2c9ccffd3eb27bb151baf006754c378

SHA1
cc6c5b90e147a008f76580d36921788283e49f9d

SHA256
9ad85bb3ae2ff91dc50fab952d3516915ae2d1304e2b2e1a245c5e6ce23f35af

SHA512
7dece1187eb9ead839ef5315ea34713204779ce4cd9c9bae479265cca131602c70546501630a5d06a42ae23933ff504af64cebf833de0927090ffcf6f7871aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
2318549fa53c3a95bd9a396ba1610244

SHA1
19097cedcea8a7fbd8b4c97aa112b416b6ef59d8

SHA256
d380bc28949dabd941c6d69845fde80e4cf337a759157c2abc8e5a65550fadec

SHA512
0768ca404925d3141bfba9b1f32b79e550c0f0251aee4c3a392076fe38c58d3961943e501d54a824981860acbed0a4518709bc5766fda2ee98b2eb29958fe198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
ba017b79018753002ede6ea23afb563b

SHA1
60f56445241a5c214d2c082e02427d22fc53601c

SHA256
aafd89fb16fe7120d1505d16dcd4767cdeb2aee306d7e9b44bc3968a3e46aa24

SHA512
04f0bdcdacb53441372ae2ad0fcde78b2854beffc967704c78a5022b405b070770640cdb79b62dc7a1928dd963d623de1154eb23b872a59b07fefefa79377f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
29e69fc7deb3bbb641880050681be713

SHA1
7c5856efc2ee74c20d4d827eed183614fd966646

SHA256
7aae95954402b1c99410862ec955f64e67b46c62cead81888142d9afd6d26105

SHA512
1b2597ed86f73468c972a35d2e2645d26de8d146774aaf1c74d599075623f356191bd6a487fa0f2ed9f2dffa1d77c06ff62b34c26654d742638d6313f50e5bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\624c9bd517fc9c91_0

Filesize
1KB

MD5
4703932479c140458794cc35e8e95e10

SHA1
92faa8fb3ed67fc4da4c1e85829e42d9d3a0da10

SHA256
b48a74f6bf9d42bfe1f9f3ad2600df0280617728ff55f936631fd99447cbdf9e

SHA512
a35299cbc66fc9c2d41086b1a045a39364da2c6a6df5e102fe14f4f45d6933275aa76ecd42be2fbf8c4708e6451fff73da650121ed2cf511b9b57534d7a5af25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
6KB

MD5
78ef1995074c5756e3ba4b1d47249601

SHA1
6c8e1fb93274ad3574ebd1d26ec68eb6a64e4cbb

SHA256
c560676d051ec5106857775212e25f2dd8257ea97b02160b958ffe04e8fffa36

SHA512
747a66baf2230b2fb73c7ae9f8f3ce5e59fa850c9b189015fa84689ceca1c487625d14294b1ba8fa458ef035651710355508a5002c543ff3e0883ef0e5df9d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
1ee440b851f6700d267299bc43a4f2f9

SHA1
56cd98224702651274a480ece764dbdfe7ea5966

SHA256
99d493e41324ac9ca719052f56c7535e9ba7fe6155d202f6bb6e62dc66179e65

SHA512
6b60e652778573aa105bdcac82cf037760179db79adaf4a97e8d5c29ca7d6603986afc78ce539f0904ebc0ac0c6cc8e0a804cfae533e6823d2cacca130c1e39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

Filesize
1KB

MD5
dc81f74bd54aea4c75096480f78ef81e

SHA1
5cea25a1ce9e1f1b14115bcfb717ae8685d90fad

SHA256
bf9d1fcaaf10c3c2485a3d3d472f411d0fc5a6f4402a96d50ea41b3d600db520

SHA512
9bc496c77eb319652cc2e0fbc3c2bd7376d494a7976ff8a4e7da4ee89640e9204de97dfb671d8d21502981fe542d90b9e2e81d2449434f0b6b4d5168fca0143b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
f2fd397ccc53332d7d99037affa26450

SHA1
6e2abba6b95482ddbb17d3d5732bec5052d25052

SHA256
e927c21e55b975403d515cb80077403c41258124aa1599f1d28d3aba068daf9f

SHA512
3716b2220d7650b8c386cf8f5518db781bae04e84dae471fa1b94c923b417e891640b248c294231b990678dad3f2f1df2758e32a26c26d2a197a81507e65dfac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
7479fb4e86d7dbe7ae89c205d858296e

SHA1
b408c67f914e92528fa307737cf49258e6a152c4

SHA256
5d5d33bf918d89fbdbb0a733db744104b8070a69d3939a849be93c46b61c70a8

SHA512
86cf6d85987cabd434813558500187ed46fcc803673460237f6a03075614845d9cc8c61e88d47439b76f46a706ed961e44210bb58d1a560de82961647ce318a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9cb333f0437335d_0

Filesize
54KB

MD5
6d17f6fd8bb2be42a5759b277902583e

SHA1
2069db22ac74ed6bb3e90f58de2fe163032e04dc

SHA256
ffe799930e56b10f4f80bc11f4e837e4a335899c9aa736956d848a75d0a98bd4

SHA512
ff86c279fda96752e2013fdc87177c8c648705393581fb167c604ad43472f7c582c8496af945c241dfd5d3b0535c28c3ea1d10c577dd2e8ab9354741b383fec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdd8a4f7267aaf50_0

Filesize
2KB

MD5
20eb93b062fb952556a99b055d7f6a39

SHA1
3e622ab937f830d0978448506cbfacbd25302a1c

SHA256
dee215bec32ff77754ce0ed3666a68fc58e39e35680da717e7745200cfb1398d

SHA512
45b0e9acf98808c8ceb751f0db49e46c89ad51d0e3f48934473fd9c0441e8be47b7f34a9c296bcda8c50d8d800b950f5155bbe90c47f67a34f9a290f1cb44afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
c0faa612f3a42302658c081acd83f8d9

SHA1
5c00352e675843cf339f91c0f70a112720c141bf

SHA256
c7050c134a15250b5a1641f5cea004b240a60f1a919f0638240280743eb7089b

SHA512
cdfbbd629d97e8186046345ba47887c140e3e31486778f9c80d8d462025f03c7564ddef08f5ce366af62bcf2a0c107cc8c715a7e5e0a007cee4904c4de91ddd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6084cb9b14e42bc_0

Filesize
289KB

MD5
83c3ad063bc95829c7de61e9bbad2c6a

SHA1
64075dcbcc715c5c9882e60e5de24e9def94b9e1

SHA256
221ca39a8af51cddcd8caff19b969f25a649dd1907ac9f2a5dbce1000a45d5b2

SHA512
c9ac2cc5cee0e13b639cf955171129d3fce2f6897de020e2b0d45eb2e21780f317ed40c269afbeac9d858d016a87a129f111397c793cf55c3d8521d040ebe82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd309193553f2dbf_0

Filesize
22KB

MD5
4d4c018f709d1f071ab3b3f67078596a

SHA1
90f84aae0b2dc5d041fd641b3220572cafccd061

SHA256
a5c4af1ac3682eaa1e2b7930e2c2bf7a7484775ecba9df6e6958915e679d8a0a

SHA512
417a218351b7262072ed0d8ab7d6adda38a69dc1974b1f113a9fdbe81a6d06f377b40511fd338bf6496caf54323e92a6efb6f7bb0b442444fcac92b1b5fa1f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

Filesize
3KB

MD5
a81a28dc844462b15c9f69d1b971bdd7

SHA1
e875e925ba2ae067f91ae5f0b6fa00056262b342

SHA256
d97d5cfbad8447c800da41535a21065ad3bad0f1c0a7a2063aa2139edd15a08d

SHA512
b81b17c3c312f6be1679040ee9873f9bf963eb89ffb8bf5103a9059d6aa61e692a4d334ea23580c4c98047697146e2e530433114bc1c1540512f7c8a2964d145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d23224e9406f7bb6_0

Filesize
294B

MD5
139ff80bbe4dfe723e4fce9528a6b218

SHA1
0901e07c7a5bb8797d9b679928341e8d5c324554

SHA256
b4bef9ed2f869fd2d6978b1b907c4603d8ae101ec6645a39fb9517339f50c717

SHA512
0d64414023ef9763e51e119ccc7f57b30458c552b463be0399dee5c8eb443ec1d1750a97730059487a0e7226ba8f5b1d7027a32a3769ac0457773aa1a572cc9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
7f858cf8d5969d72e157a2143d9fe3ea

SHA1
30d4d1a685849a507a81e06c539350f8b076c6f4

SHA256
c5a554fda474d1d31750795aeb946637c9845a3dc86909b8485c6ecae75d9f81

SHA512
2316532cc3dac18d496f24dca2c8ccf3ddc39719bf40fde96a6d1cde58f214447d0395f23d2462ebd18485f88a87752dd1e7eb70fbb64e88b49947363aaf885e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ded2abbba2b439aa_0

Filesize
74KB

MD5
d3f6fb627efeac4d3b904f5769f13c4e

SHA1
fceb51cb817452a3916010e79fceb279c1d5d66b

SHA256
f33d9c2f3936b5f960915d50dc8e170264e2a3294533e91dcca2a107fbc30d05

SHA512
7800674b9f48e40a8147b2b8a453cc78d81796c30f9f27077bc48f5ee98c6ad949f711774a0cdac44e73cd77d9cb3981df24a99e73fba9fd26164d3c2865c515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
d63394f6ac0756c0246805eeda8aca9e

SHA1
6a108677efe38d7a94c46b60ef85fca8935e14ff

SHA256
7eaacea6e5d3da3c8e79070eca99ccf36edb792987e0a430fc0056b635c3f864

SHA512
cacf1110c7e3b3be15d7b5c8e1809fb911dfd620dbc7a04dfe74a9f930586eee9f639be69d98fda5ca05d7c227bbfcb1286a92543831c3caf257b9310e52be9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
47KB

MD5
3a86b9585e58c514204df5813c41c744

SHA1
4941d9ed2b58ef091a9897c2f0240ff956633649

SHA256
c12aa941133eff3726da1e0e4d521cde58aeb0b0c7d6801a507dcd81c1ec3fd0

SHA512
9cd6368e01fe95fb9404bc814224e4e270a12d07a4dc0fa239cffa907135bc1fdab0985b5c98bd7eb47a2cccaabf824a8a08b58c82ef0a14e4a45da1754a3ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
14f6fac5241d7efe9494d346d78f8915

SHA1
213a8618a617239a125a015eac0a2206eb879889

SHA256
f295af821e998af172062c078ae8f75d33688a2d4abe167146e2ec74e9cc1f79

SHA512
6be3173e2222bd577eaf2d596ffe5f4422e61c1051ef8d0ca29068d3340a1fbbc98a03ce4c2724eab7256793c8ca5a2eada7415919f3efc8da0acdd3583ab5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f80903814b1d77d6_0

Filesize
175KB

MD5
a4a57ad1c88fb51b4684df5795f450f9

SHA1
de15df54cec4197109266172431067580371c2fe

SHA256
486726bcefd41da5ceaa1095111a350dd702eaf4b20ccc51cc6e61670b1562ea

SHA512
7dc2ef6115a7948400dc0b37606af7fc276d8cf8805823db533ea74e171236377dae56246b81d72aba475c32dda6eeb2d9d2b8ef4912299abd4c6d065f684613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
721b466861dfcc6fdaa88823dc6afea0

SHA1
cd905cbf657be15e74a701db32f4075e242bd91e

SHA256
2b07570f22a97dbc134f87b766be09d18a52ed31becd5d9e184f513628ec0c92

SHA512
70e5f0a3b113a6a3113a949280d731ad5ef4920d9c7a01edd8243ac349b2000569acf5418bf1f47e40e1a262a46ef3251c9685bde8c51ea8a5c3e2dc1cb5cad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
69cf5f847d38c98e5db0ee60f722cc14

SHA1
0a3dc189311041f3f04d11c3cbf809847ca96ec3

SHA256
685da4c38c9247d2c96e51753364881d3e74e7c33257ec56d924eaadcd38979a

SHA512
0368b6628bbdfa8894d613263947c9faebac54473681bbcdc4eada2caf4e98243fb15d0b7076f8382e35c40657518693dcfd4d3f045418622e29e82ba76e562c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
fc362e389be088d1a85629867ae8d20e

SHA1
e9f4969be47c10391d2f3b024fa29bbd8836ecdf

SHA256
d9d72c66eee5383ce4d43e51b844cf51871f4059e58fa01416fe6584ce9aeb80

SHA512
814958e875eb0e2385bc4ebc0c1d01fe80852659dc664befa37d51eeb04be1645cd99c5fc7c754d360ace7d6f04c95fc93e9e7d8faac08b3ec939440c1120cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b88f04c3e40ebc255c9fea59f08c6ea2

SHA1
f26292f2a2e8543ada503d88ba250d839b57396f

SHA256
e014b6288ecf74a8fdf86d0aabd19eebee086aaf3d7325937180a7efdfe7502d

SHA512
58d3824b86c2cec75232cd99c2af05ea2b1b9b1c800c012b594c0072af58e8fb50f682dfd9817f2b59495aeb7e58f1c007f8d7a04aad64afee383c8a5bd9e41d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
35225266fb2283f2f1fcfbb8ca05a18d

SHA1
e8432509519dc2a65d2767b40a6c070b964cc732

SHA256
e61175cd0b35e3b9cc1464372ec587974786fb4cf69bd9df338b718863fdd35c

SHA512
4bf3d4c79106ce960ed8db17ddea8cde3b33d930d5fac958b11ef00e40bbc07509613fa51fa8dab4399b5ff4f235c958cd555b11d5c5b98f2d55776260fe0166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a2fed697db4c5862c5bdc18043d259c5

SHA1
4fc6b4732964708039ea5b9f982760ffe4a61d94

SHA256
e0a635d8a1ca75cce50239504694719c7bd14328aa296ecd455dabf1ecb6b5e1

SHA512
426cf4964a7affbbf9b355a3f106c1cd29b85399e3f3f6eddc53ec12f8ee13080b6be8055ff9621e94defde81d21b6230b769df5083a9f308e0a66e8da8a7d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
96243400a770f83fe80cad265f13387d

SHA1
628dd7d5a111f44ab8d0cb2bbdd91be19dfeaf15

SHA256
3fca580fa5e76aaed83403253b6c2325cc9d951df0d86b4173b36e61359d6f96

SHA512
67abef3e374b05c69280b3dbf64a53d07fec5c4062c21a64f86dbf70ac5b8c3cbadcb9270a4076f13310c781a6b1f4204afe16581e4c224d0001ed8a3a614ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
06ace3513faec96a27852fb04ee49bfd

SHA1
dce4bacb22c36dfa794cff30c7963085fe3c3c40

SHA256
a4ec6ce613b779cb4e68031b4da9b0b44e363f1cc2df17bba880f6c47d6a5f5c

SHA512
955878cb73a591649c9cb2262fe0cbfa5976bafd857febd7737af1542eb9f31a8067cf0c862641a57bfab242c88948c11979a0556e3e7c856a6c301622cf1e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
545B

MD5
7b66a763fac931bfab89c91e16aab01d

SHA1
54255f1fa9940fbff845dd661b06f3366bdc3267

SHA256
dd3329b74f11bca0cd2ed593f0d1fa1d2ca3384e2b8a5608f8e796e2d8c7e2e4

SHA512
faf37202475c01cc663535c3ec7e44620010c71ac270cebcac5654ea22eb006e05b5b1ed706dba88b31de72b50129b7e01a8b887b6778a343e139923423de46a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
67141c4dff398d99d89da72b969c7693

SHA1
6c87d76a7b8c57ec1f5fc5d686eb5c3592fbc577

SHA256
807d8c44973ba38e830a6886301d60bfbc002de574a1cb9fa26abcb8ae0d12fd

SHA512
aa073d25da1eb88fadbc11f2918d8179212c02024cff92e9c2fe03cade28e8fb63aaa4fa5e2388137254c91a34b409cf5c355c1bb9308df63ce8775d2e217f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f30f09c1598806dddb910e351b2dcdc4

SHA1
bcff43216d8f9ba86eab38486bb6f337848126a5

SHA256
68f0148882e97d537526fcfc9456983ae9851304bc1bcf3df7a79e355493b870

SHA512
3bd5cb0217d975f7d267e55fbefcffb62f4a184a984af9c56894ae92188b1a3d47dbc8da5dc0f006afc1fa260e78080944af2d8d3b41b6c55f686f30aaa7844c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
23459ed8a4b1b5c964e401b89576750d

SHA1
85c4f80e64a0359337c0a4a02919f1609f149c18

SHA256
3e5cd816baaa269bfa31c33fd949f8473b58ffdf2c364dabb5d393aec80b027f

SHA512
a33b5f7e178b84af25452bceddf6c139c19c9ef3ba336669699927c65e37fd1a6846fb956eb0c208804691d839a4b1454a03187c19b5bbde2cd1118c381896d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
97f0c170c5585c53a47248fc2ed6069f

SHA1
5874c075f8dcb07e682a60f4e7b1401c962f0491

SHA256
e0835ffeb0128be98d5d6c05c464571c8657abeac867618fbc7b11a67bde0fab

SHA512
5bb38923bb485e73ae1601454bfabb7d36ad47968b6cd8fff89c586d6e39d809065a5392570454b297385de47ea177bb0ebdb8b2ea80e20dd30ad054d15e4121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d16238863c4da1a6e10707296d2da026

SHA1
91103542307910ee2f1c553e39b041c95158c5f9

SHA256
cc3b96de5002cc3a888f9d7c1ebe07b0525cc680803d6d5136b5002e93a7d2f4

SHA512
4ac40c9b9f3505096b4b085ac67d6b005c5d895d4736b03a272ebd1f88faf65dbce172b0189f88f73f9e18117d4e067e687111a1b6de1cc6b03de7cbaca446f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7f510ccd5128623d0e9a7805435d8702

SHA1
d82d1e2e50c1bd0d4cb552237d1f7730abdd97c3

SHA256
15d2b5f6654ffbb092d17808fe671f26d1d359609c50078b6435565f9c7cf429

SHA512
4473520faf7b617eb0bda79f302c87719481769c6734e2ad2fd7d881a1893f35b460685cd60195bdc280d7420a39ebc02ca90d40da0166cc2015464c2745817f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0678195f71624fea565ac5e28177790

SHA1
d342704e86ca33fed123082e444ab6c66a71d3af

SHA256
d4d9b2316ac9dbfa1df1f9bbe2b9746b698b1f031ceb407c4acd8f132070e498

SHA512
aacf19c78e11bbf102f4e09864db3b21922583b84b129a34b75deb0dd0098d6bcd3cda1711e3f3208642adbebf81121e89e29296493e711eb33491074d2df4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5cb723bf904e688cff4d5fa1522a96c4

SHA1
902dbcbc337d3787482267befa3205db69b977dd

SHA256
3520f2d0e528320c4e52597b2ae4dfa906f37214f21f5264f0dbadaf3ad45ffb

SHA512
3b09322e0a5c9a0d0131f4942f5855e9a3ed856ef668471d274c2b1892df585f21f186f87ecbd1a7c724848a95c7d3f0d331440ea779aad678bafdff6c5acbc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
205b1e706ce369fab674679c0a714646

SHA1
9e4471108d911b50959df7d063e1c1045c78d861

SHA256
d99e2266c99f7f2c14eff0e928f6d0490d147f1a6d49c2f61878134543d3de39

SHA512
64a0d220f25199459f99cbf98268d24b072b890ab7c8757e53e4f96babdcf31ec1d6075daedbc531712eb3b7019458f262c32c7ce1a2113e8c6b2041f39c266c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fa1aa05edbce50e1f94b7fabe084fe7e

SHA1
6a426b09418894acea841e4ebadd9cf287eb2784

SHA256
d9958b038b290f396bb2035d563d909b85292b2601b3d7271c55db21e58d1e3f

SHA512
f134ee3dcfc776072b55978fd967af5800d31a1e297476dc28bde9e2160178188e80e26248defb4233bc3eb6ed33f8042ea29a626d7f2a5aed7753f00f7b229f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5685cf606ed61034bf478484c256ba7a

SHA1
e149b0c8e2492a2306cc6d9b646c9f75972a2298

SHA256
b95c140fc120ab7d26d8a4f8f59bd88ae6dfe42aa55ba3aca1cf5f2542c74ac4

SHA512
da3fe406c0ed4dc49112f25ba5a03e4c60e70ad15a4c07d6b960fbc1b3f831bf3d421992c0c90db3350d9e69039fc8f87af1fd04836f72bd2b20412b46249eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
66ad559b636ccfb6ea0583ce48c5b2fe

SHA1
a26c98aab028f18b46ae76fd6af0f774b3e12775

SHA256
fc6b5ca38b0184a830387b3573fecc85e3cbf01602ba26545474ce721ece71e9

SHA512
b6756571da87b0f66c798ba4098619f5623f44b398d24a5e17c8bfbf148106f2829d0c9878e0fdc203771d5c350893b97d5431f8586a5f43af1db81cac032d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
80c8198da1aa197439a1a49a1217f7a6

SHA1
1f024b4b756dfce47604ab873e4425ac0ea93e39

SHA256
fa0cc71ef76761927a0c1de89eceaa9b103814be0d88a9d9777a2f93f00ecb90

SHA512
ef586ce4f93d409459168aef5f8feadef02f0b400d5b01eeab18e709f2300ab0e9f02aef3f72a8793f1c6e50cc14e6f559861f9e30b1e7389b79e5c0907ad29e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d9267153cb1208ca56db449984f834cd

SHA1
3b91cc22a1655adf7595a2a8091e937fd67d8266

SHA256
6fdc2e3d66d446567527636be917d73c3f5715cb3ddf34b3cd62f4dfde6d3dfd

SHA512
d7c057774f9fcaa972410736c61090ecf52d419a5583f4820137ed99c64dfc3e8a75e4a25c9b91cceb82d867202abe5b9fdba6215c600ec20cae32a1b514b281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d3ba7a2dc71848face6ef6d11191593b

SHA1
7e30886d99c04c925e3c7133687037ea03e4ab4c

SHA256
485ee51231ada6c6411b49a06dd36c4dc14c285dd9a056804521f2e5dd19b182

SHA512
f249fcc885a510395a64543075800fbe5e82e9cac8411767561104271ecf66cdbfc808cfc27aa0dcd56b2fc8c8b20f625657bd068b16fd10c40bbb2cad9f8ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de55f5829e350023263881d66ae637a3

SHA1
686ac58fae73f6298731a0ce904d35701b1bfd2c

SHA256
324771fc0c45dd871a1c3211f84db7676ab90b7d95ebfc6090b9a104b3afd47e

SHA512
3fab53a6f60d2b8a10e69d717abc2cb4b081fd341d6f0353b931251c632dbd04c0a3f2318239f229a2e63f3e5a993799d86027571c889bc0642913500f4cbc57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f7257ed0c0cd506d3c78d622608a62bc

SHA1
54f1d0c23a698f266ee0bac46f3e26e36814e928

SHA256
7e99f000279cb168992ae3914796fd81c4a9f38d5e993a0a75258f2e9fed43d2

SHA512
65f58d75c3d725a51d46a28c6cdd46e06c57f38dee6ce101ffb91edd21f4a94036728ff029cdc8d2afd7c39748308346c47e0e7559bf92b4efd5966b7013eada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c5eff457bb1a0552ed467e33b62c02ee

SHA1
7989080e1d6fac403d54919ffc0303b7676cbbdb

SHA256
455ee2dd15693779919cb9d09fea72997268af4f909eab63259299ea2f36b2d6

SHA512
62f377d31be7fb7589088032cc1b61f1ec0dc576fd5fd24379f464d4f7c4e38e01f7f6098a32d43fb721299c874189b0149905e3e55b9c3147048acb697027ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
4afc87d9bd5ce6ab134b3d9f7b8ed0b3

SHA1
9d7beeaa7ab69c0533d3f3becdcbc3cbc655a753

SHA256
9021be0b573bf6f677b6481ee4771813102ffe0d954bb90f34bb233e837c4cd7

SHA512
e8935719a3892a6f7c4f87e3be503af377b44d551ecb90d9100d15a3da89d9fb1cff292f1a50619cc225f2af71f5fd09edccd9845e8ed95cf309681a0bd74bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
59f025bd3755b9593884eef67ef3dc5b

SHA1
029513972dc5c2fc8970d867a73e9607d5ea632f

SHA256
ddaca6b36da2cd8d1b4b05e3d1b59628de527b00667a9e61432e9517364d80ce

SHA512
9301019aac93cf7841ad2610b711229aa4d2fad0630b3386c93c5db5a7bf5bba4ee46c82af25c963d9a48f902c79b419b76bb01514cd0d6622ce930594675c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3982039b2c3e1ad9ac35055a1729929d

SHA1
1495271dab18327b7916e8c6466239070768c799

SHA256
4ff6338a52fc30e2d7ceb70e53768e8a6d6bd182e926e0cae2e701515772be61

SHA512
19d8d21c5ffadaa6ae99072bf532e80eab9f0458bf37b66e2a70d84833ee4c79e6764f2f5f49af1c9f547b2fa905c97b4d556129f57693802c27c1673514d729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b695ae447a4af5e9cf5cdef885580be9

SHA1
18846d1b8a133400cd67f16bacbba99c94b41443

SHA256
a80c191668f53b6754660ebcf909ab46def586810847d596fc64396c8ff660fc

SHA512
629dc9872f7a72da54bda0bfedfb40bfac11c4d6e436b713ad79f9998af67211b7e76303d0529074379bdd1b119013a7bfaa584d8e469c0d7e2f2013f350c5c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
83d447076456029de30f77a578448026

SHA1
1b0b693dbe96a3aef040fce672ba9f986d7874c3

SHA256
ae800b2927f6b7f6b1db5b5387e098b3501682a659885dc52ae25dc820438f1b

SHA512
5db6cc8f1307b9450bcd343cca36b521c13450271ba59b85437d7cad6ec2fe0463703eec29d19c31ceb0bc3184e711a25a4667e8350b3661888a30a7c74b4f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe592ef6.TMP

Filesize
48B

MD5
6379238775d68334d53fea38df24d1dc

SHA1
6b48316813522a20e8eb76e5d71284ecd2fec011

SHA256
ce9e10d3fab87517aa3fb5f6426fb0be2347f0af738b7cd17d9c5f7ed5113b10

SHA512
b98fb51390418fc1583d7cb2b061503b1bc9d3755e5388e6974e2a57ce5a87bc36c60e73a7695bd226ec4eb32832dbfad8e18d2cc0326f8d735176dd6413eccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9be8c6352cc43051596a50bcedb5dd8a

SHA1
8b1a5c8339312e970a37fd4f32302b81ed395bdf

SHA256
666b0c44d88b81d0f2d1ff3586a6e20ef0ee0421d9af95191a8cd3f3c1203c64

SHA512
2bbf4c808f5758d0a00fb95d71e57693fa2f209a24c3671bfc28ae69dc758ad7740369c324c5913ce3e6bd0823f067802634c698ef9e594a90ab6a4e594afb86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e25289e995eaa9a0a62aad0f17d263e5

SHA1
a15ad9c4f1def488f0bfba9d1da0b36b49af7009

SHA256
08169ca8a0d5d6bb26d1ec8555c5501ab6f87785a11560fb6ecfe8799d42ac70

SHA512
374cea4563978af08e63537f44c9ee5b0ec748d85075ef80f66ff2030338877d5c4d95fc5170fc8d7373eb078f69439dcfffe657bedd0f2fcfa5c210dd71867d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d0db6dfbc7e0e85865a2300cb386042

SHA1
82915a060a764828fe3b6600c2f22d7fd0a3b4f9

SHA256
dc32c9b8e59776a6d234e7cd9729caf8954c87b8f98b2e5c9548664842137968

SHA512
a10c3b8347f80a9c92fa76b93eb7c4fb9337cbf06f19eee0b4d7e14f8939f9a72f073d5627ac63b9604849dc0ba6217758c0fa3680acffa9b3d043574ff57753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
82a0b2d1d1df36378acdf846a43bef7c

SHA1
cc5ac506f9385ceee9bb09d89ddf4c66d8265531

SHA256
1200dd911dcea45796e9ea19ba745aafe5e2710f507369277fe48a21027e13e3

SHA512
e81503f050a76996a19c6891e0f0d3a80659b66b64d14e8d944552924180423c37205865f75b5604dc15fa6bf9e2c27fad1b8acfdcc99b6a8f908ef472cefe4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4383e32093d3bc6f59f44feb1307a68f

SHA1
788a8730d22fb87331be9fb202a0144eb22d8e99

SHA256
bf523162f645bf754b3a51a0c8a02c4f535cfdd52f3a371559da15ee09c996dc

SHA512
2cba349aa86f622dd5b6fc6e743d97047507992f8502fee306b7731e47e1de569531718e671a90b0c71fa9d6cc551b2d9590c36bc5e56fb345b9a7bef3980ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
46cf6535e31a8ab626a7e21c94c44ff9

SHA1
626b976950d78e11d047fb66ed59d6f5b13dd679

SHA256
3c8e9ddf92f0c11f9b4f78adf1c66731cfb544ec023bf7b903a779d960ac6f71

SHA512
84cf3b58cfe5f3302b649768e22287c9041911f2e4b7b5489722fcc1f219ef796444dd0665075a09f5ed4c17e4aa46af96e112a60a716d7acf5d2da75d9a9a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
549342a853a026fa65828104549610ba

SHA1
0e41f05bc3ba3919dab8ae7e88bb1a2dfcfb1fca

SHA256
b87f61528877b727767b3d01a94380efb39682bfd349ef828e822d1eb7c43cc7

SHA512
f913104048bda3360c915c32f7ba35b074883b1e704888a1d255b92f316ebe96f078add779181a602cb6ab96b41c395f9f113bc0f466f9df9b1e356eca344b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
530ec2d89b09983f911662e775fffa34

SHA1
7ec0ee6edcc38fcae5cde5a05e822e20c3e69831

SHA256
bc477885c0fb9ad80b32b6c93d1e704440a658a3a0d38c468b66c41258c1907b

SHA512
79a8d856ab4364651ad0622c929606590a316eef7f5561370212712f52ff7bb8e0d5b18a2108defedf580f525e635fc22d4e54faad576b7f1cb970cf3e87010f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b3561a08f03aff92e6f53995014d5448

SHA1
77b6bfba34432d32779960f1a7897ba57b28dba2

SHA256
9070835fc2265dca81eb38e5bf0a02ec3a706a595ec95dd8e5e60b1a2f279aeb

SHA512
1604b91dbcdcd8144aac1f7d072ae983a7dbcccb3c5810d487e5a0341df35ed012852d5a04807029c868a815b438663231cfe984560c7f88c711a8f0be74d860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
ff69f5fc2e733b7fc67bd6f40123c2cf

SHA1
3a8b074cd89edfe0b00325ef226de0f4f24ed6ed

SHA256
a6b0fad5f88d7a5f5d949d4d52834f4beb885aad695f5dfe743729a5c2ccdf9c

SHA512
d8c67fbaf931c8e10533a273c6799e9c52b1894ba12558ef90761938a67a9c10cc09e5bafb039f92df34f29fa584268f94ded04431aa7eb85de00c2451bbd7b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f51ddcef1477b90f08ee6d3e5e0d8e63

SHA1
2711939b420493d3765dfc4ed70cd8af73d490a5

SHA256
c89b2aeccb236068feae7179c89e5f2ae6aed7320610ade03e21c19cbccc04a1

SHA512
b38db489fb74c614eec8b6991c3380dfbfb27b07dda56460c9f5ee13c49224cf3a8f6f928d6a27a476f456f060ad816d2e2fdd94f81a82a875e109c9f0b4ea91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9ace1d0a1b870c32ffe41330c5224bb

SHA1
2534a1f4903eabe9986c180fb245e4da3b6c972c

SHA256
be748a93d1f82615ccd10f35da544042b55da65e03b606dfe6d98fe65f4e2be3

SHA512
e6b006802c97baf52dc5691720e04d3e3e7280701953ab652024534cc7102ad86d7643d0daf3719e1ea4110bcf742b73729c29b867f2ee044edb185679300f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1fce14969cc1ca278933689b5f91f20e

SHA1
2ed51a155f385340df8afebfbe3c6325c090dce7

SHA256
cc6b0b92a63c1c1effcb66ea528b542e3276dd4fcc7669ef27c8291df985aedc

SHA512
5bf49eb83080a8f88e1546e81caa4f2508a80c54624aad88a6f9ecbfc23ca9b3738aea0b16a275e1f0716daa1ab2993b3d1986c2718c15f0ad8216161bcdee93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c43235674d29b0e5bd038c1d385867f

SHA1
e32640c8596b55f90d5cdeb4a5d83b5f6fa0f881

SHA256
ae35d15acbeb254303eeac9695f24d8dc5a08f10054d2d0aa52279bc65814785

SHA512
70c77a178681ab73a4b0464af9f4e30a1f68b19d0689f7f0fbd0e099b01b9eb9ab60fa05eaef80b1a47a099a8661463a34a35c39b321bc730ff3aa3742cf0396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
253f72a5b6b2aa072badbdba0df97df6

SHA1
13ba7c35a420d8a4270f7fdb2369368271af8c68

SHA256
65e63a0f8c915c369e6d5f8303cae807e2c4f2b622a497007670b775396f5091

SHA512
da4f0352e646af1a98697eb8cde246e954d6b812bfa2aa1425b6423a9c1132dab77902e866f6eec082d5f85ac823b12dc122ba2c12e20adf84b1bc0f15016d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2215fa0fc37d51f066800d7a1c91c856

SHA1
e34e809572493fbc86ec1514fe005c51f6978206

SHA256
5f6d98b54a103080c92308c02f35d6c055218eef27cddb7284515c33bc01c5ae

SHA512
1fb6f536ca3926dd15982061e6b88e12872c21ebc98c69d306b459295eb4f4827fcb8b03023b6b5de3f10a645dc222bc206edba39ebab9ed05923f7600f99b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d1c34525bb402a0b3be97fdceb02350

SHA1
755446ca5d290641631c6ca93717d7b54d3811d0

SHA256
3ac16420018f40ae0999121c0884ce6f8ad8f7025cce69d5a4767cb419242ba3

SHA512
9edd24db7a693e791864db03aa552101e7b48663ebbc59b9d3184d3b20b6220e6132f67c0d83503c6900c7fd1b4d0d77fb6148968e54fa93bf53fc8e46f6a09f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
80a39473a4c60e87473bac723745f539

SHA1
174e78b65aac9bf1a74f34093e0b0ef6567942db

SHA256
d5615db876bfb0c222c4d7161af36de3f1df9b47d4083295d2780709ce7e364f

SHA512
72f6a3179cbcd6b0caa978f7627bc9a33c7dd947939d653752cbf71f44525c5b5519ca65a4e6fc76b3d9fee2afb7c8520f0806fcb8af185de2708a8188af2235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58213f.TMP

Filesize
536B

MD5
29a04a062213cf307317e1aecbbb335c

SHA1
3dd643c2491aca93d8d31137b6f675b5e0d81237

SHA256
1ae56502288daaf82de36772738bf87e29d3eb7925979766cd16f961f66a413b

SHA512
a1626bad6262bea432deb4c329ce23921db8ca8934f3fee1a048c1c2826b216857ab0c4a6b290a7828d0048146117b0f215c453e6a2a05abfb03b66e904e49c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bf353e7e-2284-4375-9b83-bd89c55c2650.tmp

Filesize
2KB

MD5
2c4c88211157df96c2d785d07eb12c03

SHA1
d8f9fafece17a8038a9804eb9922fbc60a139743

SHA256
b23c47e6f492cfb4e03009b3d2acdb46c2e736b507c984ccce215db264f56465

SHA512
54ff99967e4d0220daa8704202527e7dda0240d3483fd5a236d1ead2677f54822050422288d03c67f5b30284fba348185d2f344a09beedc9827a63cbed54bafc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
07a1ded1192c632808858972f267db89

SHA1
1239ae7483e7faed47b7e13cb5ae3df85588d726

SHA256
d39d71687272efe6ba9afe2d9d39a477c21af4bdc110d4f8f73eb0933b34dbe9

SHA512
09729f60caa13721302cae7cc78643bf77c44cf349e4c9b507162d4a935a66752ef34d4abd1c17014137b608ed42acb89edd737426810616f1279f3357ec303f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09fc9fc3b8dfb900d3f655b40a99fdfe

SHA1
1e7d145580e50e380e659863c7ea93785acad82a

SHA256
453d423e18470345dd63a4fe2f0e0e4cedd28d4b4a02cca9a1bc3951ea6b8a0d

SHA512
957aad5c22f17ff5b44fd4fd5f8299b1ded4256ef7492220fcb6c25b7ab17a58f94f7247f936c910298258108dcdc35289ab4183f6a49d6c0f5af795de552ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
701b745b1d391230fc91cb6e8ba759f8

SHA1
e8e5d5f25f3b241341889b501cbc5c83e4436ab8

SHA256
7549478d2865f751189fe83d966ff4cba429a5dcb9fe83c4e2b0d18eb011af94

SHA512
5634e7b2622ef07ef9685b47f1522a143a09ae734810911c679ab938a7b8de21cb754e02cae629fa32c149a0cb71cda189639e24b93409c07758bc4bd8bcd2cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6cd58bfcef8a3049515e02e257efe485

SHA1
b2dff76a08136442a68b2c0f08a54a2044c08100

SHA256
a05718ff74712d8d85928a00dfcd4d1b3f1d8249aa4d7d20e1effcdda4714c92

SHA512
58f864f4bd042b3c8e78f7cb7badee822796f7357f0cd7d38bc86a8c1a7e48db0711e887882827279478fa320dcfd7b1caa17c82d24a2d78118e9650b6cdb0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
850044acd7a77d7721578f8fadebf26d

SHA1
378807e857d13ac6021a647795c9b24692f00178

SHA256
306d0dff7ca6c1ae643b5c32e82c441e0396b700b2b10ab42cd8510a4434c365

SHA512
6dc7830ed552785148b2793e643300ec9787414ca9612224409e23f6e7f028c4f470f38a117611bcb79b75172a9be2e96bfaa0b07218afa975907f497bc9276f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cdd164bbfa74f340701b6cf79f552782

SHA1
67f2e6d43e1fc70b620072945c29c41056ffcbd0

SHA256
c35deba77868a0d2395b0bc239d0e4854bc7ae6ae860edb143e4057c1cd7f501

SHA512
0cdf055bc18a8eb85ab10aca4f4da089f7775a850a59a8148e661b162bf046f6e83983ccb326a42bd0f8bd70c7222d72b02b1364c078351ffcd15c3666f27977

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\c.wnry

Filesize
780B

MD5
8124a611153cd3aceb85a7ac58eaa25d

SHA1
c1d5cd8774261d810dca9b6a8e478d01cd4995d6

SHA256
0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e

SHA512
b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
76199f6fadd322044f82227985fc2cc9

SHA1
fa5e44508d8766f794a5a89e2e042b2479064495

SHA256
0b2b25aeed0f5516cef345d81c889cb5c5ba475e2160603fe687db032761ab65

SHA512
2e7a764bbc09b7f36d2d558f220852de4dcc0eb2e8826a2b73d68b2bf40fcad91fa1ab15723cd20861bb6bd5dbaff6b3d331d0743d7a34c348270da60dc48eaa

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
8.7MB

MD5
79257cb089e65ce8e756c4e86e4f320e

SHA1
2caaa21348abdb444e3c536a562840f925685701

SHA256
e75e115ea22449d63d1c841bb0d16ab6d0196b9e405c4d4fdc7814e0a57c8982

SHA512
f7fef581386778078adc489f60ad82d6b0b33c2364d2f6952eadb7c88ba8a54cfe721cc6d8a81aa4d5bcf8a145cc09ae6595a725c54dfaddf708936d850c2182

Download Submit
C:\Users\Admin\Downloads\Bonzify-master.zip

Filesize
3KB

MD5
512066537f528631b41638ed25891d6b

SHA1
c640b7acd1ade524d4351052eb400881f2f8dff6

SHA256
bbcce67b9de792a506cf0228321d4a4e02d0cee128d3085dd7f7e7f989c45850

SHA512
d02ef9cf4b92cff6cb758d77179e6d2d1bdb5901fecbad7110e2394219d63cecdf2aee51d39b684fbe37fbf52048bbf35ef8a04cad6a9ac4ec01092eab9ef8ba

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 674559.crdownload

Filesize
357B

MD5
cfa27e8812e0a903b24bf565ddd47ef2

SHA1
3a68a14becaa4e3604d4e1b6c2e7cb8640b26295

SHA256
9ad2c0a8bd41e1b5a4a1f67584b6438ece8cc57aa145fa0d1c19d1eebd2cd8bb

SHA512
56910085163e8368507129910f081d1944456d50822a1e5e1a3450da0af18231604e278308bb5aadef77b22e29b620bf76212e398e6037a998ac24263eef76d3

Download Submit
C:\Users\Admin\Downloads\WannaCry.zip

Filesize
3.3MB

MD5
05098733b42aa547546b3fd7d4eb95d7

SHA1
e756989fb205516b665610ea25f9e897295ad792

SHA256
c0d0291ed579c974d771ecf6d255fc21122301868e40dce5c09fc67479a488d1

SHA512
3730d6c96050c6480ddebf3c92549c7135c67b2058ec8ee88c9d7f1fd6eb606918ed25f4db9fbb111930707aff7b96db906ef301a4e8674cb9a321cde129b97f

Download Submit
C:\Users\Admin\Downloads\WannaCry\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\Downloads\WannaCry\t.wnry

Filesize
64KB

MD5
5dcaac857e695a65f5c3ef1441a73a8f

SHA1
7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

SHA256
97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

SHA512
06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

Download Submit
memory/1968-2421-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2720-4145-0x0000000073620000-0x000000007383C000-memory.dmp

Filesize
2.1MB

Download
memory/2720-3891-0x0000000073920000-0x00000000739A2000-memory.dmp

Filesize
520KB

Download
memory/2720-3893-0x0000000073840000-0x00000000738C2000-memory.dmp

Filesize
520KB

Download
memory/2720-3894-0x00000000738D0000-0x00000000738F2000-memory.dmp

Filesize
136KB

Download
memory/2720-3892-0x0000000073620000-0x000000007383C000-memory.dmp

Filesize
2.1MB

Download
memory/2720-3895-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/2720-3955-0x0000000073620000-0x000000007383C000-memory.dmp

Filesize
2.1MB

Download
memory/2720-3956-0x00000000735A0000-0x0000000073617000-memory.dmp

Filesize
476KB

Download
memory/2720-3954-0x0000000073840000-0x00000000738C2000-memory.dmp

Filesize
520KB

Download
memory/2720-3953-0x00000000738D0000-0x00000000738F2000-memory.dmp

Filesize
136KB

Download
memory/2720-4242-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/2720-3952-0x0000000073900000-0x000000007391C000-memory.dmp

Filesize
112KB

Download
memory/2720-4140-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/2720-4079-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/2720-4042-0x0000000073620000-0x000000007383C000-memory.dmp

Filesize
2.1MB

Download
memory/2720-4037-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/2720-4018-0x0000000073620000-0x000000007383C000-memory.dmp

Filesize
2.1MB

Download
memory/2720-4013-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/2720-4001-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/2720-3951-0x0000000073920000-0x00000000739A2000-memory.dmp

Filesize
520KB

Download
memory/2720-3950-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download