Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://youtube.com

windows11-21h2-x64

10

Analysis

  • max time kernel
    899s
  • max time network
    900s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250314-en
  • resource tags

    arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    17/03/2025, 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://youtube.com

Score
10/10
badrabbitmimikatzwannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

  • BadRabbit

    Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    ransomwarebadrabbit
  • Badrabbit family
    badrabbit
  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • Mimikatz family
    mimikatz
  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs
  • Blocklisted process makes network request 25 IoCs
  • Drops startup file 2 IoCs
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 9 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
    defense_evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
    ransomware
  • Drops file in Windows directory 41 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 6 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • NTFS ADS 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 50 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 30 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 2 IoCs
    defense_evasion

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://youtube.com
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2b8,0x7ffabcf3f208,0x7ffabcf3f214,0x7ffabcf3f220
      2⤵
        PID:2876
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1824,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=2184 /prefetch:11
        2⤵
          PID:4880
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2156,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=1884 /prefetch:2
          2⤵
            PID:4888
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2532,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:13
            2⤵
              PID:4848
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3380,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=3428 /prefetch:1
              2⤵
                PID:2376
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3408,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:1
                2⤵
                  PID:5076
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4844,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:1
                  2⤵
                    PID:3088
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4064,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:1
                    2⤵
                      PID:4044
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3664,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=3688 /prefetch:12
                      2⤵
                        PID:3820
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4672,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=3432 /prefetch:14
                        2⤵
                        • Modifies registry class
                        PID:6132
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5264,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:14
                        2⤵
                          PID:3176
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3692,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:14
                          2⤵
                            PID:492
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5452,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:14
                            2⤵
                              PID:6016
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3660,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:14
                              2⤵
                                PID:3268
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:14
                                2⤵
                                  PID:5920
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6620,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=6624 /prefetch:14
                                  2⤵
                                    PID:5556
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                                      cookie_exporter.exe --cookie-json=1132
                                      3⤵
                                        PID:5036
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6636,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:14
                                      2⤵
                                        PID:4232
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6636,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:14
                                        2⤵
                                          PID:236
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7120,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:1
                                          2⤵
                                            PID:3524
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=4864,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:1
                                            2⤵
                                              PID:5312
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6736,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=7112 /prefetch:1
                                              2⤵
                                                PID:2372
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=4904,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:1
                                                2⤵
                                                  PID:5652
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=3460,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:1
                                                  2⤵
                                                    PID:5044
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7580,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=7624 /prefetch:14
                                                    2⤵
                                                      PID:5540
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7612,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:14
                                                      2⤵
                                                        PID:4968
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7604,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=7432 /prefetch:14
                                                        2⤵
                                                          PID:1092
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7020,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=7668 /prefetch:1
                                                          2⤵
                                                            PID:5776
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5680,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:14
                                                            2⤵
                                                              PID:4424
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7436,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=7552 /prefetch:14
                                                              2⤵
                                                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                              • NTFS ADS
                                                              PID:712
                                                            • C:\Users\Admin\Downloads\BadRabbit.exe
                                                              "C:\Users\Admin\Downloads\BadRabbit.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              • Drops file in Windows directory
                                                              PID:5456
                                                              • C:\Windows\SysWOW64\rundll32.exe
                                                                C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
                                                                3⤵
                                                                • Blocklisted process makes network request
                                                                • Loads dropped DLL
                                                                • Drops file in Windows directory
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:3712
                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                  /c schtasks /Delete /F /TN rhaegal
                                                                  4⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:5520
                                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                                    schtasks /Delete /F /TN rhaegal
                                                                    5⤵
                                                                      PID:5356
                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                    /c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 817992814 && exit"
                                                                    4⤵
                                                                      PID:1124
                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                        schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 817992814 && exit"
                                                                        5⤵
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Scheduled Task/Job: Scheduled Task
                                                                        PID:5200
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      /c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 15:06:00
                                                                      4⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:2264
                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                        schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 15:06:00
                                                                        5⤵
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Scheduled Task/Job: Scheduled Task
                                                                        PID:700
                                                                    • C:\Windows\406F.tmp
                                                                      "C:\Windows\406F.tmp" \\.\pipe\{435B90BD-1F87-49B4-A754-E25599C00915}
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:2108
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8640,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=8832 /prefetch:14
                                                                  2⤵
                                                                    PID:3032
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6524,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:14
                                                                    2⤵
                                                                      PID:4936
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2068,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:14
                                                                      2⤵
                                                                        PID:4804
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4948,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=6552 /prefetch:14
                                                                        2⤵
                                                                          PID:124
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6784,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=8796 /prefetch:1
                                                                          2⤵
                                                                            PID:5532
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7272,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=6796 /prefetch:10
                                                                            2⤵
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:6032
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6480,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:14
                                                                            2⤵
                                                                              PID:968
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=6484,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=7076 /prefetch:1
                                                                              2⤵
                                                                                PID:5208
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=3708,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:1
                                                                                2⤵
                                                                                  PID:5148
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=8348,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=7376 /prefetch:1
                                                                                  2⤵
                                                                                    PID:3196
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7060,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=8624 /prefetch:14
                                                                                    2⤵
                                                                                    • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                    • NTFS ADS
                                                                                    PID:3580
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4764,i,2076589555968519919,5899396011787430385,262144 --variations-seed-version --mojo-platform-channel-handle=7236 /prefetch:14
                                                                                    2⤵
                                                                                      PID:5384
                                                                                    • C:\Users\Admin\Downloads\WannaCry.EXE
                                                                                      "C:\Users\Admin\Downloads\WannaCry.EXE"
                                                                                      2⤵
                                                                                      • Drops startup file
                                                                                      • Executes dropped EXE
                                                                                      • Sets desktop wallpaper using registry
                                                                                      PID:2068
                                                                                      • C:\Windows\SysWOW64\attrib.exe
                                                                                        attrib +h .
                                                                                        3⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Views/modifies file attributes
                                                                                        PID:712
                                                                                      • C:\Windows\SysWOW64\icacls.exe
                                                                                        icacls . /grant Everyone:F /T /C /Q
                                                                                        3⤵
                                                                                        • Modifies file permissions
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:5588
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:4388
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        C:\Windows\system32\cmd.exe /c 251741742223033.bat
                                                                                        3⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:1560
                                                                                        • C:\Windows\SysWOW64\cscript.exe
                                                                                          cscript.exe //nologo m.vbs
                                                                                          4⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:1504
                                                                                      • C:\Windows\SysWOW64\attrib.exe
                                                                                        attrib +h +s F:\$RECYCLE
                                                                                        3⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Views/modifies file attributes
                                                                                        PID:1660
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected] co
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:3488
                                                                                        • C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
                                                                                          TaskData\Tor\taskhsvc.exe
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:5448
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        cmd.exe /c start /b @[email protected] vs
                                                                                        3⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:1452
                                                                                        • C:\Users\Admin\Downloads\@[email protected]
                                                                                          @[email protected] vs
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                          PID:2392
                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                            cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                                            5⤵
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:5928
                                                                                            • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                              wmic shadowcopy delete
                                                                                              6⤵
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:1960
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:5600
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:2080
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • Sets desktop wallpaper using registry
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:5932
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "ozxkuzanekhexu426" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
                                                                                        3⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:6016
                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                          reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "ozxkuzanekhexu426" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
                                                                                          4⤵
                                                                                          • Adds Run key to start application
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          • Modifies registry key
                                                                                          PID:4932
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:5344
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:5248
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:4620
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:5852
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:5644
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:5612
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:6120
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:5424
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:2780
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:2104
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:5976
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:5360
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:5200
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:5356
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:4824
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:412
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:6124
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:5064
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:3960
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:3816
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:2092
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:5312
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:1104
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:3192
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:5572
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:1080
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:3204
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:1436
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:5344
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:2372
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:3492
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:8
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:3352
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:2052
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:1264
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:2512
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:5004
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:3152
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:4432
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:1876
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:1456
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:6124
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:752
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:2204
                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                        @[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:1100
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:4680
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:72
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:5312
                                                                                      • C:\Users\Admin\Downloads\taskse.exe
                                                                                        taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                        3⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:1232
                                                                                      • C:\Users\Admin\Downloads\taskdl.exe
                                                                                        taskdl.exe
                                                                                        3⤵
                                                                                          PID:3176
                                                                                        • C:\Users\Admin\Downloads\taskse.exe
                                                                                          taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                          3⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:1384
                                                                                        • C:\Users\Admin\Downloads\taskdl.exe
                                                                                          taskdl.exe
                                                                                          3⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:2036
                                                                                        • C:\Users\Admin\Downloads\taskse.exe
                                                                                          taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                          3⤵
                                                                                            PID:2812
                                                                                          • C:\Users\Admin\Downloads\taskdl.exe
                                                                                            taskdl.exe
                                                                                            3⤵
                                                                                              PID:5940
                                                                                            • C:\Users\Admin\Downloads\taskse.exe
                                                                                              taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                              3⤵
                                                                                                PID:5888
                                                                                              • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                taskdl.exe
                                                                                                3⤵
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                PID:5792
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                                                                                              2⤵
                                                                                              • Drops file in Windows directory
                                                                                              • Enumerates system info in registry
                                                                                              • Modifies data under HKEY_USERS
                                                                                              • Modifies registry class
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                              PID:3432
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2ac,0x7ffabcf3f208,0x7ffabcf3f214,0x7ffabcf3f220
                                                                                                3⤵
                                                                                                  PID:2448
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2148,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=2144 /prefetch:2
                                                                                                  3⤵
                                                                                                    PID:1312
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1776,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=2420 /prefetch:11
                                                                                                    3⤵
                                                                                                      PID:4984
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2160,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:13
                                                                                                      3⤵
                                                                                                        PID:5372
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4412,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=4388 /prefetch:14
                                                                                                        3⤵
                                                                                                          PID:4524
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4364,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=4556 /prefetch:14
                                                                                                          3⤵
                                                                                                            PID:4892
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4364,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=4556 /prefetch:14
                                                                                                            3⤵
                                                                                                              PID:2872
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4500,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=4540 /prefetch:1
                                                                                                              3⤵
                                                                                                                PID:6020
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4864,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:14
                                                                                                                3⤵
                                                                                                                  PID:5756
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4884,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=4924 /prefetch:14
                                                                                                                  3⤵
                                                                                                                    PID:5872
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5404,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:1
                                                                                                                    3⤵
                                                                                                                      PID:4196
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5792,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=5948 /prefetch:14
                                                                                                                      3⤵
                                                                                                                        PID:5432
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5768,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:14
                                                                                                                        3⤵
                                                                                                                          PID:6132
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5680,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:14
                                                                                                                          3⤵
                                                                                                                            PID:2832
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=5808 /prefetch:14
                                                                                                                            3⤵
                                                                                                                              PID:2608
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5208,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=1420 /prefetch:10
                                                                                                                              3⤵
                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                              PID:5656
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4640,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=3828 /prefetch:14
                                                                                                                              3⤵
                                                                                                                                PID:3208
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3892,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=4688 /prefetch:14
                                                                                                                                3⤵
                                                                                                                                  PID:5420
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3804,i,135023142624949973,1270741033067811364,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:14
                                                                                                                                  3⤵
                                                                                                                                    PID:1788
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                                                                1⤵
                                                                                                                                  PID:4620
                                                                                                                                • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                  C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4
                                                                                                                                  1⤵
                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                  PID:4552
                                                                                                                                • C:\Windows\System32\rundll32.exe
                                                                                                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                  1⤵
                                                                                                                                    PID:5396
                                                                                                                                  • C:\Users\Admin\Downloads\BadRabbit.exe
                                                                                                                                    "C:\Users\Admin\Downloads\BadRabbit.exe"
                                                                                                                                    1⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Drops file in Windows directory
                                                                                                                                    PID:5516
                                                                                                                                    • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                      C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
                                                                                                                                      2⤵
                                                                                                                                      • Loads dropped DLL
                                                                                                                                      • Drops file in Windows directory
                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                      PID:1724
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                                                                    1⤵
                                                                                                                                      PID:6048
                                                                                                                                    • C:\Windows\system32\vssvc.exe
                                                                                                                                      C:\Windows\system32\vssvc.exe
                                                                                                                                      1⤵
                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                      PID:5232
                                                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                                                      "C:\Users\Admin\Downloads\@[email protected]"
                                                                                                                                      1⤵
                                                                                                                                      • Executes dropped EXE
                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                      PID:896
                                                                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                      1⤵
                                                                                                                                      • Modifies registry class
                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                      PID:4720

                                                                                                                                    Network

                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                    Reconnaissance

                                                                                                                                    Resource Development

                                                                                                                                    Initial Access

                                                                                                                                    Execution

                                                                                                                                    Scheduled Task/Job

                                                                                                                                    1
                                                                                                                                    T1053

                                                                                                                                    Scheduled Task

                                                                                                                                    1
                                                                                                                                    T1053.005

                                                                                                                                    Windows Management Instrumentation

                                                                                                                                    1
                                                                                                                                    T1047

                                                                                                                                    Persistence

                                                                                                                                    Boot or Logon Autostart Execution

                                                                                                                                    1
                                                                                                                                    T1547

                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                    1
                                                                                                                                    T1547.001

                                                                                                                                    Scheduled Task/Job

                                                                                                                                    1
                                                                                                                                    T1053

                                                                                                                                    Scheduled Task

                                                                                                                                    1
                                                                                                                                    T1053.005

                                                                                                                                    Privilege Escalation

                                                                                                                                    Boot or Logon Autostart Execution

                                                                                                                                    1
                                                                                                                                    T1547

                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                    1
                                                                                                                                    T1547.001

                                                                                                                                    Scheduled Task/Job

                                                                                                                                    1
                                                                                                                                    T1053

                                                                                                                                    Scheduled Task

                                                                                                                                    1
                                                                                                                                    T1053.005

                                                                                                                                    Defense Evasion

                                                                                                                                    File and Directory Permissions Modification

                                                                                                                                    2
                                                                                                                                    T1222

                                                                                                                                    Windows File and Directory Permissions Modification

                                                                                                                                    1
                                                                                                                                    T1222.001

                                                                                                                                    Hide Artifacts

                                                                                                                                    1
                                                                                                                                    T1564

                                                                                                                                    Hidden Files and Directories

                                                                                                                                    1
                                                                                                                                    T1564.001

                                                                                                                                    Indicator Removal

                                                                                                                                    1
                                                                                                                                    T1070

                                                                                                                                    File Deletion

                                                                                                                                    1
                                                                                                                                    T1070.004

                                                                                                                                    Modify Registry

                                                                                                                                    3
                                                                                                                                    T1112

                                                                                                                                    Subvert Trust Controls

                                                                                                                                    1
                                                                                                                                    T1553

                                                                                                                                    SIP and Trust Provider Hijacking

                                                                                                                                    1
                                                                                                                                    T1553.003

                                                                                                                                    Credential Access

                                                                                                                                    Credentials from Password Stores

                                                                                                                                    1
                                                                                                                                    T1555

                                                                                                                                    Credentials from Web Browsers

                                                                                                                                    1
                                                                                                                                    T1555.003

                                                                                                                                    Unsecured Credentials

                                                                                                                                    1
                                                                                                                                    T1552

                                                                                                                                    Credentials In Files

                                                                                                                                    1
                                                                                                                                    T1552.001

                                                                                                                                    Discovery

                                                                                                                                    Browser Information Discovery

                                                                                                                                    1
                                                                                                                                    T1217

                                                                                                                                    Query Registry

                                                                                                                                    1
                                                                                                                                    T1012

                                                                                                                                    System Information Discovery

                                                                                                                                    2
                                                                                                                                    T1082

                                                                                                                                    System Location Discovery

                                                                                                                                    1
                                                                                                                                    T1614

                                                                                                                                    System Language Discovery

                                                                                                                                    1
                                                                                                                                    T1614.001

                                                                                                                                    Lateral Movement

                                                                                                                                    Collection

                                                                                                                                    Data from Local System

                                                                                                                                    1
                                                                                                                                    T1005

                                                                                                                                    Command and Control

                                                                                                                                    Web Service

                                                                                                                                    1
                                                                                                                                    T1102

                                                                                                                                    Exfiltration

                                                                                                                                    Impact

                                                                                                                                    Defacement

                                                                                                                                    1
                                                                                                                                    T1491

                                                                                                                                    Inhibit System Recovery

                                                                                                                                    1
                                                                                                                                    T1490

                                                                                                                                    Replay Monitor

                                                                                                                                    Loading Replay Monitor...

                                                                                                                                    Downloads

                                                                                                                                    • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
                                                                                                                                      Filesize

                                                                                                                                      585B

                                                                                                                                      MD5

                                                                                                                                      a7fb3909c9d778e04b64bfc066fa28f4

                                                                                                                                      SHA1

                                                                                                                                      39f4b7fe19301b25a05aeea8ccdcdb63604e0102

                                                                                                                                      SHA256

                                                                                                                                      ba979b6afa2164ba75f285c2f7b9acea1153214ca8e2b428e5b2d0037e2455fd

                                                                                                                                      SHA512

                                                                                                                                      fba9a55a21df0fd61168b74a5ff4604003a1ab7f272a23dcd9bc62d2bd3efb6dc0690d7d1a83f800ddc77e69dfff02ef2f03ed2c9fe1e953cb1d11b80d0de5b1

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CDE89F9DCB25D8AC547E3CEFDA4FB6C2_EFB75332C2EEE29C462FC21A350076B8
                                                                                                                                      Filesize

                                                                                                                                      5B

                                                                                                                                      MD5

                                                                                                                                      5bfa51f3a417b98e7443eca90fc94703

                                                                                                                                      SHA1

                                                                                                                                      8c015d80b8a23f780bdd215dc842b0f5551f63bd

                                                                                                                                      SHA256

                                                                                                                                      bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

                                                                                                                                      SHA512

                                                                                                                                      4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                      Filesize

                                                                                                                                      280B

                                                                                                                                      MD5

                                                                                                                                      509e630f2aea0919b6158790ecedff06

                                                                                                                                      SHA1

                                                                                                                                      ba9a6adff6f624a938f6ac99ece90fdeadcb47e7

                                                                                                                                      SHA256

                                                                                                                                      067308f8a68703d3069336cb4231478addc400f1b5cbb95a5948e87d9dc4f78b

                                                                                                                                      SHA512

                                                                                                                                      1cb2680d3b8ddef287547c26f32be407feae3346a8664288de38fe6157fb4aeceb72f780fd21522417298e1639b721b96846d381da34a5eb1f3695e8e6ef7264

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                      Filesize

                                                                                                                                      280B

                                                                                                                                      MD5

                                                                                                                                      492a05d475c2d70f81d87f1a2d57fd60

                                                                                                                                      SHA1

                                                                                                                                      3b1b63070421a86854d10c032eb34865a1d54b9e

                                                                                                                                      SHA256

                                                                                                                                      53a459ae92f89214a0db1fcedf4d9b4579c69419d745465c2ce8b897ad96d5b3

                                                                                                                                      SHA512

                                                                                                                                      d39c3e8f886343390e663be1c63fc25d3defded3c763c732969e3e4221594e34d8a77942df3ed6fee6ac629068c55120a8a5ba350f7533ea8e88635108cb9c64

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log
                                                                                                                                      Filesize

                                                                                                                                      21KB

                                                                                                                                      MD5

                                                                                                                                      52b69e446dbea5950daa6fc25f6895fa

                                                                                                                                      SHA1

                                                                                                                                      844eb4a51c5424450fe3a2cccf5efd55b2b3b6dc

                                                                                                                                      SHA256

                                                                                                                                      32124d42ea4f6aef34bc953b10bbebc107f1af7a8bd563603ac93bc918b553ad

                                                                                                                                      SHA512

                                                                                                                                      318f99b827bf5e4fea27b02097edc1a09e50bc410ecca75f787bfa8e36392259c0f333e904f582d3d5c906e56b139d079514d77d8a4b3651811b014ebd1d5f01

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
                                                                                                                                      Filesize

                                                                                                                                      334B

                                                                                                                                      MD5

                                                                                                                                      0d217bab1523fcb463a8e1dcb8b4f74e

                                                                                                                                      SHA1

                                                                                                                                      9bdaff10082a902aa4a2a6966893381019f46d7e

                                                                                                                                      SHA256

                                                                                                                                      080ede46669d9cdd8e6d76c486fbafa8e990c71fce61d0038ed48b9d7b9879ac

                                                                                                                                      SHA512

                                                                                                                                      a6a7a6686cfb5cface793211a556f8edb9cfd900d296d5c724ac89e0ff57d5d53fa669ea1c2dbc4393d4aeaee533b678daddaf7bcc2bf1fa95d6bd1889b061b4

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
                                                                                                                                      Filesize

                                                                                                                                      331B

                                                                                                                                      MD5

                                                                                                                                      b44cd8e1c6363dda0881d36147041066

                                                                                                                                      SHA1

                                                                                                                                      08bba3c53a6a9a0a8623ad71dda60a76e38df8a8

                                                                                                                                      SHA256

                                                                                                                                      73e05dd40187899abb2d03380c03840c78127a2eb6b100ba17fb500bba29308f

                                                                                                                                      SHA512

                                                                                                                                      61b82dee61622c2be5f8603e28c137723070cf567dc94e3ccce39b22cf324783b5bb6b19a96608fbf945665278af89367d381a15e95476e5acdd34620dbce981

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a2
                                                                                                                                      Filesize

                                                                                                                                      64KB

                                                                                                                                      MD5

                                                                                                                                      d6b36c7d4b06f140f860ddc91a4c659c

                                                                                                                                      SHA1

                                                                                                                                      ccf16571637b8d3e4c9423688c5bd06167bfb9e9

                                                                                                                                      SHA256

                                                                                                                                      34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

                                                                                                                                      SHA512

                                                                                                                                      2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a3
                                                                                                                                      Filesize

                                                                                                                                      67KB

                                                                                                                                      MD5

                                                                                                                                      cc63ec5f8962041727f3a20d6a278329

                                                                                                                                      SHA1

                                                                                                                                      6cbeee84f8f648f6c2484e8934b189ba76eaeb81

                                                                                                                                      SHA256

                                                                                                                                      89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

                                                                                                                                      SHA512

                                                                                                                                      107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a4
                                                                                                                                      Filesize

                                                                                                                                      19KB

                                                                                                                                      MD5

                                                                                                                                      2e86a72f4e82614cd4842950d2e0a716

                                                                                                                                      SHA1

                                                                                                                                      d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                                                                      SHA256

                                                                                                                                      c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                                                                      SHA512

                                                                                                                                      7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a5
                                                                                                                                      Filesize

                                                                                                                                      65KB

                                                                                                                                      MD5

                                                                                                                                      56d57bc655526551f217536f19195495

                                                                                                                                      SHA1

                                                                                                                                      28b430886d1220855a805d78dc5d6414aeee6995

                                                                                                                                      SHA256

                                                                                                                                      f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                                                                      SHA512

                                                                                                                                      7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                                                                                                                                      Filesize

                                                                                                                                      7KB

                                                                                                                                      MD5

                                                                                                                                      6660db1d33d2d296a1a834bdda35020b

                                                                                                                                      SHA1

                                                                                                                                      c4121589b263f7e9df3beac570bb3d06a29b4c6f

                                                                                                                                      SHA256

                                                                                                                                      2a7e7f2b54b594d2982abe6322442ad6678acc04c77a661ce2d75460d680213e

                                                                                                                                      SHA512

                                                                                                                                      450d0fab755a501b14456cf5a3fe97c0ce3bfebd3e2a294c7766ee9afccb1ce55c4cae738adb57c99a10b41bf3a42723cb3c33524a7d2e69342893d55ddefd66

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                      Filesize

                                                                                                                                      10KB

                                                                                                                                      MD5

                                                                                                                                      30593fa3d5a848f53414cb0bc82d94a2

                                                                                                                                      SHA1

                                                                                                                                      59da6094d56f8a74aa680031e23cdb3a78f710d3

                                                                                                                                      SHA256

                                                                                                                                      de869235263b612dc5183183fb079d701b9624f8435c3b72bbc02ff81a8c81f8

                                                                                                                                      SHA512

                                                                                                                                      960cbb2be5b935438e0f29b0ec9b0bdeb3ac13d72f9845b9dbd6ef15f14999e4788d85097653307812bc8e3c728b3485a09bce5a6e8a2b38d3aa725d382add06

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                      Filesize

                                                                                                                                      8KB

                                                                                                                                      MD5

                                                                                                                                      433a2f2a8723f840d410731b792daee7

                                                                                                                                      SHA1

                                                                                                                                      1d04cde15ad5dec4b65e57aa21180f7773692278

                                                                                                                                      SHA256

                                                                                                                                      881db0456b7b572e17d22b068732c5c9b048ab7e8a931fc1ff35a4e3cab1bf07

                                                                                                                                      SHA512

                                                                                                                                      a6d83aeb74608eb28583a218571165f2e0aeeb49bbaf6d4059e6c8b92870ec3636cca4bfcd6ff0a18bc537cb64c19bacbc0d541f1b1049d44cacc080c1157ad6

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      85033b7bfbc524091c5d38767cd8cd3f

                                                                                                                                      SHA1

                                                                                                                                      64392872312f55aa5a6669fc0eec711fe75055e2

                                                                                                                                      SHA256

                                                                                                                                      d7930ca9345383e623b7136d982677835ccf7de4403fe12b9444d81f94f815f5

                                                                                                                                      SHA512

                                                                                                                                      ccb12a97b89dcb2c58ae726f9efb0323f138d7c02bb529895ec2b16bb0a006687744f7ea4787f1ea763a4813b525aa9fae69f0b62b006b559d0fe9831c32c8da

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe584e0b.TMP
                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                      MD5

                                                                                                                                      e510fa2c6fd77f36870d8fdbd63dd12f

                                                                                                                                      SHA1

                                                                                                                                      b418650a28c28645fe0651f2a6c6761e73b35de0

                                                                                                                                      SHA256

                                                                                                                                      1f22ab718979e82ecfa4099abc3f2d345681c12f7da42a1b737b5f7d61100206

                                                                                                                                      SHA512

                                                                                                                                      41cee3193d0fbcb25f5bff8b830b705d7363793d89d84546bb5670492f1074c6794999821e43080000636f40233b94ad0ba611c3dce21226b1c2749c86053cf9

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                                                                                                                      Filesize

                                                                                                                                      2B

                                                                                                                                      MD5

                                                                                                                                      99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                      SHA1

                                                                                                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                      SHA256

                                                                                                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                      SHA512

                                                                                                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                                                                                                                      Filesize

                                                                                                                                      107KB

                                                                                                                                      MD5

                                                                                                                                      40e2018187b61af5be8caf035fb72882

                                                                                                                                      SHA1

                                                                                                                                      72a0b7bcb454b6b727bf90da35879b3e9a70621e

                                                                                                                                      SHA256

                                                                                                                                      b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

                                                                                                                                      SHA512

                                                                                                                                      a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
                                                                                                                                      Filesize

                                                                                                                                      105KB

                                                                                                                                      MD5

                                                                                                                                      563d3c439698b0d1d989b1ca2cc56c83

                                                                                                                                      SHA1

                                                                                                                                      78330692411b47a0bb8b216a5c2d36840e5eb3fc

                                                                                                                                      SHA256

                                                                                                                                      cbb7f8172b1b0a6c452fe967c6418723d7cbef26987a585d1557cbc86e04a70f

                                                                                                                                      SHA512

                                                                                                                                      697d48a5268212dacfda9d133f025a6fa92d3d3916c5eff4d3914552066793e5efc64d84b09b07116b9a9f76bd3bbe0b8b777bda44a2d1d4aa2de96407252432

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
                                                                                                                                      Filesize

                                                                                                                                      16B

                                                                                                                                      MD5

                                                                                                                                      46295cac801e5d4857d09837238a6394

                                                                                                                                      SHA1

                                                                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                      SHA256

                                                                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                      SHA512

                                                                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG
                                                                                                                                      Filesize

                                                                                                                                      351B

                                                                                                                                      MD5

                                                                                                                                      1ce9fcf2abd72eb7b0c25a24f29be43e

                                                                                                                                      SHA1

                                                                                                                                      398590d0e9e887398d47363aca8036f8a9981c19

                                                                                                                                      SHA256

                                                                                                                                      53382248c1e0e21750988af24d54a7854f97765c3a77c3ad714757ce773ed311

                                                                                                                                      SHA512

                                                                                                                                      d5d96ad84edfa4ec712f382ef247965c662d00e2e9e932b53046b5a05b8bc95c08d855122389f75ccd652c43eab631f692c3e28ab457f14f9265740c8639e3af

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
                                                                                                                                      Filesize

                                                                                                                                      23B

                                                                                                                                      MD5

                                                                                                                                      3fd11ff447c1ee23538dc4d9724427a3

                                                                                                                                      SHA1

                                                                                                                                      1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                                                                                      SHA256

                                                                                                                                      720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                                                                                      SHA512

                                                                                                                                      10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                                      Filesize

                                                                                                                                      6KB

                                                                                                                                      MD5

                                                                                                                                      90f3a39ee5326cc9901ed091b6306e33

                                                                                                                                      SHA1

                                                                                                                                      b2d7704dacbcca0703015214af4a7f264f9e2caf

                                                                                                                                      SHA256

                                                                                                                                      8e2654ce5b36406f064142523858c5ccb76f9998bca9d0ddb6ed98fc716c81d9

                                                                                                                                      SHA512

                                                                                                                                      2e48847d74017dfd55b8c7504faacc1acc239831a6e3383f65c9c81818aaf644fd2d0b03e51e6469225c312d1b4f190215c6c792249efe677ea4c2d70294151d

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                                      Filesize

                                                                                                                                      6KB

                                                                                                                                      MD5

                                                                                                                                      e80a1e87fd5da3af78eb29e2b26435f9

                                                                                                                                      SHA1

                                                                                                                                      f19f079e0809f69124c8684e3bc545249b4b142c

                                                                                                                                      SHA256

                                                                                                                                      2a2f7fb4dc4206bf8845c326c586f39aae49a6ae9d50900d52aa99d5a5154a60

                                                                                                                                      SHA512

                                                                                                                                      3161201f13423ff3deb1c6368bf577237acd07b8ead8406f0971e1322af0e3d3d729aa9297d8f41fefed3c65d8772224bac73010de99bf5bebf13320856785b2

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                                      Filesize

                                                                                                                                      2B

                                                                                                                                      MD5

                                                                                                                                      d751713988987e9331980363e24189ce

                                                                                                                                      SHA1

                                                                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                      SHA256

                                                                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                      SHA512

                                                                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                                                                                                                      Filesize

                                                                                                                                      40B

                                                                                                                                      MD5

                                                                                                                                      20d4b8fa017a12a108c87f540836e250

                                                                                                                                      SHA1

                                                                                                                                      1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                                                                                      SHA256

                                                                                                                                      6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                                                                                      SHA512

                                                                                                                                      507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                                                                                                                      Filesize

                                                                                                                                      211B

                                                                                                                                      MD5

                                                                                                                                      5d701ab09b95716170db1cd599bc0a0d

                                                                                                                                      SHA1

                                                                                                                                      4268c9c2a186358e133a5fbd62c6a767a29aa4e1

                                                                                                                                      SHA256

                                                                                                                                      ab6ca28e68e80bd725794536d751edbfa1db025659380e482df5ea6dfeb52e81

                                                                                                                                      SHA512

                                                                                                                                      9b240f61ea115a650f372d53e089c0629929f9c840098546b7ba870ba8459c74baae17916c0423ebaeca7bd4849515e729351aebe9a2774905158d37f0fd7f17

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                                                                                                                      Filesize

                                                                                                                                      211B

                                                                                                                                      MD5

                                                                                                                                      76ccafb7b9cbe99c7bc00fcd3ba37535

                                                                                                                                      SHA1

                                                                                                                                      2aeb8b7adf7b19a5c505b8ab9b4dba1d63d8d756

                                                                                                                                      SHA256

                                                                                                                                      b4c40be79f15a81bf4f5ea9904108f77b2b6bde82dd728b75e475be6348551cc

                                                                                                                                      SHA512

                                                                                                                                      8d0cb31aa9fa414528a5b0937f1b2625ea59ff4f31a28607a473d8b1b6e83d9891d23d050af6b420261c22b390c193a0c909fb057a908a39cfe52a6c4ef87c43

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                                                                                                                      Filesize

                                                                                                                                      211B

                                                                                                                                      MD5

                                                                                                                                      a3af47cebfdeb39ae9368bf4fa647f41

                                                                                                                                      SHA1

                                                                                                                                      f125db9bf90e8e79112a9aa801b2a75ff1b99a37

                                                                                                                                      SHA256

                                                                                                                                      9a815bc2dcd2b73cb9909146a523f0442993bcd0782605405b3b7e27ce27faba

                                                                                                                                      SHA512

                                                                                                                                      73de68925cc96a71dcb66470b270944748ff4769061257540a05b9aaf654e6aae2dd14537ae697f2b581bb5c9cb8782e55a584ed84c72dcfdf4038f8e15d791c

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
                                                                                                                                      Filesize

                                                                                                                                      2KB

                                                                                                                                      MD5

                                                                                                                                      906d3023dcf73d7c5c2185f6d58d135c

                                                                                                                                      SHA1

                                                                                                                                      1b2770dfdf7d5e43b75f3dd510ac161ff5c34b93

                                                                                                                                      SHA256

                                                                                                                                      a432ac1f8375c3741e7a6ceb49c4f15cd6c2c2026ac64f25c20c8d8e8e366d7b

                                                                                                                                      SHA512

                                                                                                                                      8ed089b0e092e8d4589a4f5a20abbe3cdffae23d4c970dbe8ee344e9556d4333965a2f138b7ce11293207d715ae1b36bd3a23b19f54a1d47cd6674e4ef5be975

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                      Filesize

                                                                                                                                      413KB

                                                                                                                                      MD5

                                                                                                                                      30659b7315bb45fe078461b2eb10d1cf

                                                                                                                                      SHA1

                                                                                                                                      20ded697fb941a5ea4db1ca1f403eab57bd765f9

                                                                                                                                      SHA256

                                                                                                                                      e7a2fcf29d8ee5d1575ee67eaf0229f02430ff4fa3a2dd2a2931d869838766f0

                                                                                                                                      SHA512

                                                                                                                                      933e9506173d746dd1f542e4e5a3fadd34b9717125bc5bf106adf093f5e3ea2728d1cb7b34602507e7d85fff406b8212960dceeabb23a631a716fb4a0428c943

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                      Filesize

                                                                                                                                      414KB

                                                                                                                                      MD5

                                                                                                                                      b8212d673e7195d56ed80493cb9c6efc

                                                                                                                                      SHA1

                                                                                                                                      946fc9227867fa2b22a3c0ac797ad44b397f1647

                                                                                                                                      SHA256

                                                                                                                                      83346d98b4e45f5e9d50de436a95ecf25d344b8639d0be247bb28a04b926e57b

                                                                                                                                      SHA512

                                                                                                                                      a1496e1a7f4d8e742995e0837c99c79e6ce9a129c9ed9789c3280258465dddb939147d3559c47cc5138adfbeff797475a7428f401a706af761fffa4a09515b1a

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                      Filesize

                                                                                                                                      412KB

                                                                                                                                      MD5

                                                                                                                                      0ac302d277eb5a61e88dbe1c292946bc

                                                                                                                                      SHA1

                                                                                                                                      25168c6f26d28b82dd87d5c66e8a19647ab3f420

                                                                                                                                      SHA256

                                                                                                                                      7da8b6ccf611b75067368df3a30249653a6ec697bd1be82f08c1d9126f763ef7

                                                                                                                                      SHA512

                                                                                                                                      2330d338685cdc904348cb96e111c279f594ab37c6443e6941d0de77830196fb7535929462c1976246face72eb0508a91cfdc2feac27102d15a3a08020884cba

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                      Filesize

                                                                                                                                      415KB

                                                                                                                                      MD5

                                                                                                                                      c5f310b10e21c0facf561e47f578bfee

                                                                                                                                      SHA1

                                                                                                                                      0355e7a60f61dc7f1931a75bb693bfe285db04a1

                                                                                                                                      SHA256

                                                                                                                                      78bf697b27fa57e91233737abe8c2f59883cc330d5e07b8837eb71935afc9f88

                                                                                                                                      SHA512

                                                                                                                                      515ca040174ca471d08e14736fc62bd4d7ade5b046960edfa0576183a4f2460725e59531503a860a0a70248c482c29e19d72eaa6de6b91e50aadd3b5b8a1f537

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c51c4316-560b-49fe-95be-1c234b331ee4\index-dir\the-real-index
                                                                                                                                      Filesize

                                                                                                                                      2KB

                                                                                                                                      MD5

                                                                                                                                      fcc382b275682e80d779a7e35d150e0b

                                                                                                                                      SHA1

                                                                                                                                      aa07ec86f1939bfcb060f14bbeca33643080fbf4

                                                                                                                                      SHA256

                                                                                                                                      9e4abba540e486e26eb1a47e3a57ebbbde4a11b315ce38a2882692ee3794cb0e

                                                                                                                                      SHA512

                                                                                                                                      a266a5924e59430e2f76d80e912d9afbd3f47ec2e89a345f82ddf964db0950af79af6c90594b06d53aedd502d9c99899d3c93cd880debbd807566a3eef3a3e0b

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c51c4316-560b-49fe-95be-1c234b331ee4\index-dir\the-real-index~RFe57af6a.TMP
                                                                                                                                      Filesize

                                                                                                                                      48B

                                                                                                                                      MD5

                                                                                                                                      8431eeb3fe9f4627e24d666d16ec948f

                                                                                                                                      SHA1

                                                                                                                                      fd6b09a4c5d1a01c521a63c1dd362ad4b1a80665

                                                                                                                                      SHA256

                                                                                                                                      064818a011a4cb92b6842740c199b181b3c7cf433404ba3c638378e9bc8989d3

                                                                                                                                      SHA512

                                                                                                                                      b8603aba995ce43a604ea688d8a4145d1883890d2383481913ef3081431698004ee9c3034598af70b1aafb2a8d1606ffec915772b069b8e4da833bd3870d4988

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                      Filesize

                                                                                                                                      183B

                                                                                                                                      MD5

                                                                                                                                      694f5bd50decf678186cad7fdc2ad88c

                                                                                                                                      SHA1

                                                                                                                                      617b529726e054fe823453ef6a9bad8412453798

                                                                                                                                      SHA256

                                                                                                                                      beeb40c9183c383c5518bdf2b1960e51046cd84a81cb3666e3c53254b854f349

                                                                                                                                      SHA512

                                                                                                                                      cd2fe32779d155a43e33e798307e58ebf13b1d9467eeb888f2e08611693e02095cbe712ad44fd9178aac3f32d328165f229a322154a61014c6481909b98dfb37

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                      Filesize

                                                                                                                                      112B

                                                                                                                                      MD5

                                                                                                                                      04a42b73499119ffa1ef83ae2d02f16a

                                                                                                                                      SHA1

                                                                                                                                      72ce59b93d80176bbc1523858032dbcdd4c9b1f2

                                                                                                                                      SHA256

                                                                                                                                      6a2fd2cfc79f6339ce21bc07e848b4899aefef51ec8716f1cafd0f4baa9dd3e7

                                                                                                                                      SHA512

                                                                                                                                      93e67d23acead0955364478e116ebac741113023626e0f3671cd8d9bfc3f6199b7a616d6baceb31b42868048a9f699dbc3bcfb4fac7988437a9949e711d10385

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                      Filesize

                                                                                                                                      114B

                                                                                                                                      MD5

                                                                                                                                      b1583446f5ead8958c4ae6a4b8a1cedc

                                                                                                                                      SHA1

                                                                                                                                      b5e7c8fec042fbf135f36553916569bfa78e82e7

                                                                                                                                      SHA256

                                                                                                                                      1ce27213b39079221395c4706f2d71bdbdd05997ef1aceab3ed5a2dee221edc1

                                                                                                                                      SHA512

                                                                                                                                      051a69e886d2f19b96323e28fada62dc8d4cfab167325df0bcd1fa1b10b2f9df69a78163b5fe3dfd0dec78cb132ac838ec63bce837a88e7f84faee46bf1826b0

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5767e2.TMP
                                                                                                                                      Filesize

                                                                                                                                      119B

                                                                                                                                      MD5

                                                                                                                                      9cee204ef5fef9e796477a3f17d28aa4

                                                                                                                                      SHA1

                                                                                                                                      dff7df54435589f1c35a3d92747a4e092a2c0b88

                                                                                                                                      SHA256

                                                                                                                                      7c1df7298ec53af4493ad014c50a522329cab3876e37c8de56905f3e2d99cfe4

                                                                                                                                      SHA512

                                                                                                                                      017ad475f121488defe5e70b0a882241af68fc12618d0c4ada0c583634b577b3774bb30fc84afdbe7e7ef4b712e44ea2a5451aecfa6671c75a2f2b54041c7f8b

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0fc5b3b-1c80-48cb-a8d2-b43051a74a70\index-dir\the-real-index
                                                                                                                                      Filesize

                                                                                                                                      2KB

                                                                                                                                      MD5

                                                                                                                                      df3c6a2bf7dada28a3d7521dbd0150af

                                                                                                                                      SHA1

                                                                                                                                      acdf51db15cbd88c58f83b747bb8f74b62235214

                                                                                                                                      SHA256

                                                                                                                                      c672d5c328fe02d411df09ebe448b521939912e686778f6dbeff67e71d2c4953

                                                                                                                                      SHA512

                                                                                                                                      a4856edea5c2137c35b73c658787dc72a4cabb97a01767a734ee0a818121ffc17bda16259976c414029703c03d9292f6c45d565202cb0cc49ec6e0bec5f25adb

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0fc5b3b-1c80-48cb-a8d2-b43051a74a70\index-dir\the-real-index
                                                                                                                                      Filesize

                                                                                                                                      1KB

                                                                                                                                      MD5

                                                                                                                                      af8cd3f783cd26663720adeac01fdcbe

                                                                                                                                      SHA1

                                                                                                                                      dfbf59374cb4d23de4d3c7a71e5fe8d07e3083bf

                                                                                                                                      SHA256

                                                                                                                                      da86d8d9676d1160776e22376c0b976d9353b26dbdab7dc29c98c041fcae9723

                                                                                                                                      SHA512

                                                                                                                                      2094d71b8efdeeb8e2b1cad9afb0ff4b6d3f1f6c8bc8774aa25ac6aab78bc221589a508efc0c015f4b1649a7a533fa418986eb6cdc6ad2dde3c15a41985a5cb1

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0fc5b3b-1c80-48cb-a8d2-b43051a74a70\index-dir\the-real-index~RFe5a50d1.TMP
                                                                                                                                      Filesize

                                                                                                                                      1KB

                                                                                                                                      MD5

                                                                                                                                      473669b07a18204b20afad1779fc67a6

                                                                                                                                      SHA1

                                                                                                                                      0c316830802d426998799124799e0a7100e7ecce

                                                                                                                                      SHA256

                                                                                                                                      1e6dbbd6553d0b98ee2112333ee4bd7a936b87840fe0b03abd03bf0b995dd251

                                                                                                                                      SHA512

                                                                                                                                      f965902dda36820dba32a3cbe1af7b7febd846d9a8cc0155488efb3e8d8f56632b11ef687724fd90e94c4bd1fe2821d64a40fe24c4dc14782456c65154725587

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
                                                                                                                                      Filesize

                                                                                                                                      253B

                                                                                                                                      MD5

                                                                                                                                      1e4709638d108fdd900dd6a86d9ae2ab

                                                                                                                                      SHA1

                                                                                                                                      d5243315489fa915a50946c965b4e8243553d7ef

                                                                                                                                      SHA256

                                                                                                                                      17bb58e3c18af8f4203b224ba4fee297a29d90990cd22ae0558c44ca4d78971d

                                                                                                                                      SHA512

                                                                                                                                      904a1ce51a3fe26c0b28da02bb70ec44225523812f1f444b0a1fc49f7a5cafcc41b027111eaf3dab2981956c568f1d926a8afe272bf9980a8f9e28a9e7a91fa8

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
                                                                                                                                      Filesize

                                                                                                                                      115KB

                                                                                                                                      MD5

                                                                                                                                      d2bd13f1214da80618e1ea725c441293

                                                                                                                                      SHA1

                                                                                                                                      8cff87046b79204fd6c96a466fff36fdabfb9bd6

                                                                                                                                      SHA256

                                                                                                                                      d466595a6e775e5ee446eae7baf9e4ebb30f1ade19326adffc79a42122b228c4

                                                                                                                                      SHA512

                                                                                                                                      c9d666346ea49a0d3720f692e1828c836fb17a35e03b1e8d98b91608229b94cde8f8d025b5b88789fc78f60a6e688fdddfd72a04c2643b32e131f94a94d9ca56

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1
                                                                                                                                      Filesize

                                                                                                                                      202KB

                                                                                                                                      MD5

                                                                                                                                      9b07fb98703aa261afef2b15cde6df8f

                                                                                                                                      SHA1

                                                                                                                                      e31d8c2d15b11cdbc9e45f6ecf593c7ed9f96918

                                                                                                                                      SHA256

                                                                                                                                      eb0bbbbc58662d8ea866a9c6f876a35278ba712c48989a032535e61e308d300f

                                                                                                                                      SHA512

                                                                                                                                      4681c5defab62b9badc721d7589c01787491151189aa050aaae1904f5473f93eb26100ba51bb5c5d2581558e4f2f825922d7cfb12b853f4e69076ff0be90c3d9

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
                                                                                                                                      Filesize

                                                                                                                                      48B

                                                                                                                                      MD5

                                                                                                                                      e0b4dfc646c5f0be2b9827810e1d69b2

                                                                                                                                      SHA1

                                                                                                                                      134da306ff3ace9b8fea8699766d85304329a670

                                                                                                                                      SHA256

                                                                                                                                      9dc32e34bd77ce0b0881ce9a8dd44346e6fe501eb1a436909920d81a9808db4a

                                                                                                                                      SHA512

                                                                                                                                      185fd4bb63cf2c04fe4d79a98468a5b8cfd3ced4625fbc1bc0bee922be267b906cec3cd7ef5a03b0768ef86f81f07e76ac1b58bc55fab8cfb989b2f83600a125

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                                      Filesize

                                                                                                                                      72B

                                                                                                                                      MD5

                                                                                                                                      2a3ef11563ead836e299b823d53f343f

                                                                                                                                      SHA1

                                                                                                                                      dee90f592e568bd79300f8bab6ee8583c79a6e72

                                                                                                                                      SHA256

                                                                                                                                      3b2c35c80440340a72e51715a7236bd60ed3e7ee348ca9f4619604ad27142fce

                                                                                                                                      SHA512

                                                                                                                                      deb698c2f4f0a4bae2adc02a25496527d89034bfc82227b6ab39ef673e7fc59b767cc37df1d06bf14d995b18cd048fce843428129436488276e720e968f2a52c

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                                      Filesize

                                                                                                                                      48B

                                                                                                                                      MD5

                                                                                                                                      521a40ea8df1940992834809a14e16ee

                                                                                                                                      SHA1

                                                                                                                                      5f0ae7e0aec4145005cad8c6862c79fe400d1c4c

                                                                                                                                      SHA256

                                                                                                                                      5bfe4bc5ac2e74cdaca6c1b4968fc8aedcbb31ac26901b873985b0406c4c9247

                                                                                                                                      SHA512

                                                                                                                                      a6a65cf001aa84f35b9d92aa857e3a52672e5e234d10cad75c5747788474447c738870720760a857f64a66105d6483a227b9671435c0c90f0269423f4e2f4d56

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fcfd.TMP
                                                                                                                                      Filesize

                                                                                                                                      48B

                                                                                                                                      MD5

                                                                                                                                      c6cfd30ad0efbcac1bacfe12d95d0556

                                                                                                                                      SHA1

                                                                                                                                      bc58a1e006df3f175a92724ced1606ed9577d20e

                                                                                                                                      SHA256

                                                                                                                                      5ebc9156f3186c0d32d4ac848963eee5d79900e9afabcc796b907ef82e76771d

                                                                                                                                      SHA512

                                                                                                                                      b1411507f849174d6cabb4b7d22774b10cd0c7e50db7b53584d6f2eafe6067a3d922fe1eaec3047245433a3127c95e2bfa952edebbc13f189eb865d4ffc51e20

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                                                                                                                      Filesize

                                                                                                                                      22KB

                                                                                                                                      MD5

                                                                                                                                      b93e5ab824487f9e0f79024d1fd9e946

                                                                                                                                      SHA1

                                                                                                                                      560b08954005e89e2c18e014c3f26cefcc6f1d16

                                                                                                                                      SHA256

                                                                                                                                      70643a983b468fac7cd1aaa1f609349cc1c293f3f3bb5779983061f3c0c0dc01

                                                                                                                                      SHA512

                                                                                                                                      9b36b0e2a727e84d3f31327c19421ea3f5e0604032c13c0e630d19f71b7f034bc2aba871cc91f28f29cb66ba768bbe1eb8977c932333119845c5a9e2b264c4ba

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c6c6dcec-dfe5-41b1-827f-b25526696a9a.tmp
                                                                                                                                      Filesize

                                                                                                                                      37KB

                                                                                                                                      MD5

                                                                                                                                      778791138c192944b940e2f8511899b9

                                                                                                                                      SHA1

                                                                                                                                      2f7e516c10bde5834894fd6fe6b2871c28c16de9

                                                                                                                                      SHA256

                                                                                                                                      e64a083390f7b7c6d4d49e3889d169cf5c34a25ce22411cdd600454aa3f9f171

                                                                                                                                      SHA512

                                                                                                                                      d73e4d9673900a1f1905d178a3fcf7698a41a892e1b274749fbd8a2ba69495c41a44522a0908eafa5c6428b35d23af9c30ff0b910ee10fc67128ba57b0d30c5e

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cd2aa74c-78f8-4498-8f15-e72a0dcd218c.tmp
                                                                                                                                      Filesize

                                                                                                                                      414KB

                                                                                                                                      MD5

                                                                                                                                      ce6d3138989ed70a9644b857fca943e3

                                                                                                                                      SHA1

                                                                                                                                      99f63e0d95fed4a71bf35a83972d147cedcda7d4

                                                                                                                                      SHA256

                                                                                                                                      a38fe0b6bd7643419a29b9f9e59b1853ba4e86e95fe10938d41dea3450aeffe2

                                                                                                                                      SHA512

                                                                                                                                      e2697266a5c490348718b749c7ecc0308b71f291482ce7c097e4b6f38340febed6ff1454e35fcaf324c94f39d28edd40547b1c580f486e549c698b07ccd6a717

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                                                      Filesize

                                                                                                                                      469B

                                                                                                                                      MD5

                                                                                                                                      639cfcf1afa66356f4aba54976e57c4d

                                                                                                                                      SHA1

                                                                                                                                      b17341461104e18f0705583616200d0f3f7112b8

                                                                                                                                      SHA256

                                                                                                                                      5912282e4e46dd07f10896b608fdbdcb2c89df61555a1bffb1ea75ca5951cddd

                                                                                                                                      SHA512

                                                                                                                                      883a78dfb12e9e6b5526c76fc3c3c03ad425d4d1fc05c792e7c3c16716bb413af225df64f6f24e76a09f5ec84d2e40e2f383c130415197bb9912df4f07c569cc

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                                                      Filesize

                                                                                                                                      464B

                                                                                                                                      MD5

                                                                                                                                      3a3a4068a5d204427ddca7b31897a2f6

                                                                                                                                      SHA1

                                                                                                                                      994c6f068d4484a3e73712b052225017d38f7edf

                                                                                                                                      SHA256

                                                                                                                                      6dd1f01860ae65d9e8fb70088d9a8398cd55af8b093b1f7a50d2531e64eeb096

                                                                                                                                      SHA512

                                                                                                                                      51ed3cc3d942550d45f6abf2a260efaa21977371e08aad8abaa2e3e17930848514adafeb8526984d608b15f4f02f4d33043e541a0676df00f5e05f3640cd01c3

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                                                      Filesize

                                                                                                                                      904B

                                                                                                                                      MD5

                                                                                                                                      6bdd6a2c10446a7d2ee5f855be0b27cd

                                                                                                                                      SHA1

                                                                                                                                      b8b87c0b24699334c3b67d495079da47cd857009

                                                                                                                                      SHA256

                                                                                                                                      cc6208a4ab86f3b8bf0621959e649ced0b3814468843e8941d81758547f0d087

                                                                                                                                      SHA512

                                                                                                                                      27d4bf35bc67c2efc2afbb0543f80ab4b5026fd0d7886f56406eaef46dd4461a632fb9fc699ff0776a399e23bf0f2c14859cc39d944fbc8304ffa0f43cfa8123

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                                                      Filesize

                                                                                                                                      18KB

                                                                                                                                      MD5

                                                                                                                                      87b4243c4483298a9431cc473b2bdac8

                                                                                                                                      SHA1

                                                                                                                                      8c10f4424ff602d3beb16c80a6c8d7c30facabde

                                                                                                                                      SHA256

                                                                                                                                      2b07a2cec736848a693792355e0d8a4927a354f648f00172192a375f104a1e5b

                                                                                                                                      SHA512

                                                                                                                                      6f6dc01008890f060cd3e838cf754e626220439b46b05dfead7eb3c485ed3c1fb43386c3181433de939505918743420fcc6254a60c9c0964469a489c53e5f849

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
                                                                                                                                      Filesize

                                                                                                                                      19KB

                                                                                                                                      MD5

                                                                                                                                      41c1930548d8b99ff1dbb64ba7fecb3d

                                                                                                                                      SHA1

                                                                                                                                      d8acfeaf7c74e2b289be37687f886f50c01d4f2f

                                                                                                                                      SHA256

                                                                                                                                      16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

                                                                                                                                      SHA512

                                                                                                                                      a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1
                                                                                                                                      Filesize

                                                                                                                                      264KB

                                                                                                                                      MD5

                                                                                                                                      620395c732a4119e3300b6d916bc5a24

                                                                                                                                      SHA1

                                                                                                                                      d344c887c8a3cac58a19c3f35333f8680d96da17

                                                                                                                                      SHA256

                                                                                                                                      ec71774f8de76a6a969054e25c0c5be7d9ba8f42da6beba1cd2ddf3801acee87

                                                                                                                                      SHA512

                                                                                                                                      0328787bce5aa6f5a80058a702fec4e3da4e00e743d965ec8897786997a2c307de2867cc0d580253a71ff027d723da4b3992f08f7767683519d26d7f59314258

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                      Filesize

                                                                                                                                      56KB

                                                                                                                                      MD5

                                                                                                                                      923bf1db2823fd53ec1789ed181a577d

                                                                                                                                      SHA1

                                                                                                                                      6bc1874ecfb8a1e4800f590bd6b3f81abfb0cbdc

                                                                                                                                      SHA256

                                                                                                                                      ef834a3ee81496be193cad292582ed25f18880594d81b46bc2cf26f1fc4e6569

                                                                                                                                      SHA512

                                                                                                                                      426835681800d29a595e89a7ba3d294eb212d141fd5a7ad7cfd459267feb72f0b8046a6917e347918f2b1560f15e8f64938ac71278c8383aaba48f149cfc7db6

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                      Filesize

                                                                                                                                      50KB

                                                                                                                                      MD5

                                                                                                                                      780bc216349133d44c6edacec0714bde

                                                                                                                                      SHA1

                                                                                                                                      85059a6e021ee63174b9b86eae0e4fb789ff9d37

                                                                                                                                      SHA256

                                                                                                                                      fe6cebe57e517e2ecc8f6a87cb83d47b049ed1fc4fe2acef34c7d04348fe0f17

                                                                                                                                      SHA512

                                                                                                                                      e01c56cee329201b8eef10d17f9ba77d8de619e80173b1e2d4d28b830e4197196f5b2aa63533e08f9ae50f31f8490d7add9307416a96a0093cf8c68f76f6424c

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                      Filesize

                                                                                                                                      41KB

                                                                                                                                      MD5

                                                                                                                                      c2c0692558098dc4eac01b94685d97d4

                                                                                                                                      SHA1

                                                                                                                                      399b60872046ba2e7b4cef3d02254941c217d681

                                                                                                                                      SHA256

                                                                                                                                      4062745b2344faa40a8bdeb607ce946026c90d14c758e77b2d5e8c360006367d

                                                                                                                                      SHA512

                                                                                                                                      dbb3bffbadcd0a135b5d630cd965964d7cd059f80f2f3544150de547f3500f57c44ac43bbf184a4eac2b0a14d16e49b7236140b23ed60b33855ae7a1f1daa107

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                      Filesize

                                                                                                                                      50KB

                                                                                                                                      MD5

                                                                                                                                      1923ff7752438a2cd0ccb99a6e00153a

                                                                                                                                      SHA1

                                                                                                                                      c91de06f0344371636957b49a98b356f1aadf74e

                                                                                                                                      SHA256

                                                                                                                                      4fb5cdec0a53489aa4a39bd6d4cd3126f1e35c92bb22a4bfac191b618fbc76d2

                                                                                                                                      SHA512

                                                                                                                                      5b256c6debb946d2794b437f95a4fbb7513098252f79bd70135fc12230b1ce62e1f3e46fb8a287fed9007b15964fb3bd492a866a739486551e09919c2071226b

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                      Filesize

                                                                                                                                      62KB

                                                                                                                                      MD5

                                                                                                                                      9ae7b59dc7e2dce329eafdc4f6224624

                                                                                                                                      SHA1

                                                                                                                                      c0edd5636fd5c794b5d9468867e820c56c8e6776

                                                                                                                                      SHA256

                                                                                                                                      5b3f596b89378320bf000f20486a9d35f7f5cc08e6770331443a54381a48e9e7

                                                                                                                                      SHA512

                                                                                                                                      6b21a6a9a9a4dea0544fe4b891aa12a7957562226a80b61d2c08da82c6bd7e138839765129528ba1957b422d4d08a55978abd1a3bd062b479fcfb0b102fe4674

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                      Filesize

                                                                                                                                      392B

                                                                                                                                      MD5

                                                                                                                                      f85faae31b639f7739050d22a9460991

                                                                                                                                      SHA1

                                                                                                                                      9ac32b217c8ce8d4fcd1a0bd5f8cd9fc6c06a66e

                                                                                                                                      SHA256

                                                                                                                                      b8cb8a8fc29d601048f13f4ef116c6ae9c7e83b01b1477ee71bf4f4821c80724

                                                                                                                                      SHA512

                                                                                                                                      f96103645da83415d14adf8308b39c7c706522d880bf643036f6e62f16bed137653d0409be20bfa618e4a7b3f31cc736158390df86c6ae5bc4fc2894a0399ab0

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                      Filesize

                                                                                                                                      392B

                                                                                                                                      MD5

                                                                                                                                      dd82b2abe06e771f03c00540ac88c05c

                                                                                                                                      SHA1

                                                                                                                                      0dd4e7588da5913a94c922ef9cc136970aa4adc4

                                                                                                                                      SHA256

                                                                                                                                      29f4ec50a235dd634e468943c0cf04dfeda9546c12e9787aa27d71a5bd2d08e0

                                                                                                                                      SHA512

                                                                                                                                      db0c09e5962493bf8f13b8fb672daec44d57577e65a7e699025383de60f5cf63c784720d48c416f66a1f47dd6cec346c9dda48b18fc42e5a661d4fdd813ad580

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                      Filesize

                                                                                                                                      392B

                                                                                                                                      MD5

                                                                                                                                      28f2847c24f17b39592a89c59702e644

                                                                                                                                      SHA1

                                                                                                                                      45e8aa182060b8bd34bbe8a9aca6283c0446a560

                                                                                                                                      SHA256

                                                                                                                                      c46e333fa9d094b04f4c15f37a0bbd23c88ef9409d44fe4f53f4173625a6ec00

                                                                                                                                      SHA512

                                                                                                                                      cdeb3989d05f758970cd21eabd7aeffb0e37b4a93d5e9fa0492d5cbc288b10ca22a8d49b6049cf4c5a3b2574daf1955cffa77ddb833661f208aa610c65baed0e

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                      Filesize

                                                                                                                                      392B

                                                                                                                                      MD5

                                                                                                                                      ddf1374019b739deb944fc79a0b40a4f

                                                                                                                                      SHA1

                                                                                                                                      7270367e4832a6d8a9e09ac65ac5d4743862607f

                                                                                                                                      SHA256

                                                                                                                                      b01231341e46704b92bacd71e783505e586a58bb944e10103ffc0f5743d81f44

                                                                                                                                      SHA512

                                                                                                                                      8dd8a4ef6b57290e56d57a2c9447846086578fcf760737fa486e6dbc32d8f40324cc0253486e9e8b16505eeca27b229c292853d4972e1b41b473e3674851a917

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                      Filesize

                                                                                                                                      392B

                                                                                                                                      MD5

                                                                                                                                      a2450b81987470bf20a1309e79b62503

                                                                                                                                      SHA1

                                                                                                                                      21c605259fbaef6f98193a53d6d8aa59ddf9c688

                                                                                                                                      SHA256

                                                                                                                                      565c2d5aef0e423b59a6b0fa840f93087c09f40025be25e4cbfdf6aba2f6aa86

                                                                                                                                      SHA512

                                                                                                                                      a2133ee4d690aba12e178522536dcc92ceb4d5ff548fc1d6c4f150a023a2423a08d4881ee6f92eb27ed5ed70eb9b9c6f951ba6b990d4785d5c6d5876d4a47076

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe5812a8.TMP
                                                                                                                                      Filesize

                                                                                                                                      392B

                                                                                                                                      MD5

                                                                                                                                      35e1d75e8d00b4ea58f2f1c05a77c1b5

                                                                                                                                      SHA1

                                                                                                                                      2cb5a2ec7542abd80a96752cdba297d727796033

                                                                                                                                      SHA256

                                                                                                                                      7215540f422c5c99a5e8925d642af9d7d97c229d62f8ea8f3300aeffba0e8704

                                                                                                                                      SHA512

                                                                                                                                      b207b1a6889488fc1a70bb0e16e3c7edbd918f71d14b698a304565eb120ccd97d38ec0f8ccbe69d0555100fbb3aa3c94e336253606be5b280e53599eeb1d1abb

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.17.1\typosquatting_list.pb
                                                                                                                                      Filesize

                                                                                                                                      631KB

                                                                                                                                      MD5

                                                                                                                                      094ca661fb20ae7e5c26df780e0f7ecd

                                                                                                                                      SHA1

                                                                                                                                      0cc79e2fdf43962d9597b7eec7b34c8983c3562c

                                                                                                                                      SHA256

                                                                                                                                      76f100a3d96cddfbad67460eb0db1a8877a53c8a1881888b208011cd3a9d5726

                                                                                                                                      SHA512

                                                                                                                                      088ca8996eb3bd02f5561b026a9e36755c915d19eb9ae768ee3949491059b1c7e34117b72828d843131df50456c6a162eb2cffe74fd38c273708cd4ac6fda53e

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ce031caa-c263-4772-8814-d21350cfd1b4.tmp
                                                                                                                                      Filesize

                                                                                                                                      392B

                                                                                                                                      MD5

                                                                                                                                      c9d8938993561d4ba7a3b666e3fd8899

                                                                                                                                      SHA1

                                                                                                                                      5fc35a30a2fa317bd4b6731d3763d60598b32109

                                                                                                                                      SHA256

                                                                                                                                      de199e1aed10ab1c8ebeee970cf4dde1adc91bc194a45e49017c48d8017b0698

                                                                                                                                      SHA512

                                                                                                                                      63be4edd53afbeb6f20fd250f1ce93d5d50c7103a2bddca0d5116e998b15502935852289a49ad4441723977a974c3a3aebe1880f88342b9726071728e2070759

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
                                                                                                                                      Filesize

                                                                                                                                      19.0MB

                                                                                                                                      MD5

                                                                                                                                      df1a3fa1b7b4047451a93de10f3df81d

                                                                                                                                      SHA1

                                                                                                                                      7003ff2db01a031436c777fda1f1b3d6e995604e

                                                                                                                                      SHA256

                                                                                                                                      bd13f5085fbb4fedcd50c799a17594469516c2ab36009423d1cbbf7ab3ff0b0a

                                                                                                                                      SHA512

                                                                                                                                      0dd05cb14d35770c947ba0adda856f7f75b170b3357ff2c5034ceaca6d1c5bee0d52eb1031826a501f469ff901e6d67fdc5185fb68acbba3e3925c6eba480e9a

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                                                      Filesize

                                                                                                                                      933B

                                                                                                                                      MD5

                                                                                                                                      7e6b6da7c61fcb66f3f30166871def5b

                                                                                                                                      SHA1

                                                                                                                                      00f699cf9bbc0308f6e101283eca15a7c566d4f9

                                                                                                                                      SHA256

                                                                                                                                      4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

                                                                                                                                      SHA512

                                                                                                                                      e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                                                      Filesize

                                                                                                                                      240KB

                                                                                                                                      MD5

                                                                                                                                      7bf2b57f2a205768755c07f238fb32cc

                                                                                                                                      SHA1

                                                                                                                                      45356a9dd616ed7161a3b9192e2f318d0ab5ad10

                                                                                                                                      SHA256

                                                                                                                                      b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

                                                                                                                                      SHA512

                                                                                                                                      91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\BadRabbit.exe.crdownload
                                                                                                                                      Filesize

                                                                                                                                      431KB

                                                                                                                                      MD5

                                                                                                                                      fbbdc39af1139aebba4da004475e8839

                                                                                                                                      SHA1

                                                                                                                                      de5c8d858e6e41da715dca1c019df0bfb92d32c0

                                                                                                                                      SHA256

                                                                                                                                      630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da

                                                                                                                                      SHA512

                                                                                                                                      74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\BadRabbit.exe:Zone.Identifier
                                                                                                                                      Filesize

                                                                                                                                      26B

                                                                                                                                      MD5

                                                                                                                                      fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                                      SHA1

                                                                                                                                      d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                                      SHA256

                                                                                                                                      eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                                      SHA512

                                                                                                                                      aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
                                                                                                                                      Filesize

                                                                                                                                      3.0MB

                                                                                                                                      MD5

                                                                                                                                      fe7eb54691ad6e6af77f8a9a0b6de26d

                                                                                                                                      SHA1

                                                                                                                                      53912d33bec3375153b7e4e68b78d66dab62671a

                                                                                                                                      SHA256

                                                                                                                                      e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

                                                                                                                                      SHA512

                                                                                                                                      8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\WannaCry.EXE.crdownload
                                                                                                                                      Filesize

                                                                                                                                      3.4MB

                                                                                                                                      MD5

                                                                                                                                      84c82835a5d21bbcf75a61706d8ab549

                                                                                                                                      SHA1

                                                                                                                                      5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

                                                                                                                                      SHA256

                                                                                                                                      ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

                                                                                                                                      SHA512

                                                                                                                                      90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\b.wnry
                                                                                                                                      Filesize

                                                                                                                                      1.4MB

                                                                                                                                      MD5

                                                                                                                                      c17170262312f3be7027bc2ca825bf0c

                                                                                                                                      SHA1

                                                                                                                                      f19eceda82973239a1fdc5826bce7691e5dcb4fb

                                                                                                                                      SHA256

                                                                                                                                      d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

                                                                                                                                      SHA512

                                                                                                                                      c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\c.wnry
                                                                                                                                      Filesize

                                                                                                                                      780B

                                                                                                                                      MD5

                                                                                                                                      93f33b83f1f263e2419006d6026e7bc1

                                                                                                                                      SHA1

                                                                                                                                      1a4b36c56430a56af2e0ecabd754bf00067ce488

                                                                                                                                      SHA256

                                                                                                                                      ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4

                                                                                                                                      SHA512

                                                                                                                                      45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\msg\m_bulgarian.wnry
                                                                                                                                      Filesize

                                                                                                                                      46KB

                                                                                                                                      MD5

                                                                                                                                      95673b0f968c0f55b32204361940d184

                                                                                                                                      SHA1

                                                                                                                                      81e427d15a1a826b93e91c3d2fa65221c8ca9cff

                                                                                                                                      SHA256

                                                                                                                                      40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

                                                                                                                                      SHA512

                                                                                                                                      7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry
                                                                                                                                      Filesize

                                                                                                                                      53KB

                                                                                                                                      MD5

                                                                                                                                      0252d45ca21c8e43c9742285c48e91ad

                                                                                                                                      SHA1

                                                                                                                                      5c14551d2736eef3a1c1970cc492206e531703c1

                                                                                                                                      SHA256

                                                                                                                                      845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

                                                                                                                                      SHA512

                                                                                                                                      1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry
                                                                                                                                      Filesize

                                                                                                                                      77KB

                                                                                                                                      MD5

                                                                                                                                      2efc3690d67cd073a9406a25005f7cea

                                                                                                                                      SHA1

                                                                                                                                      52c07f98870eabace6ec370b7eb562751e8067e9

                                                                                                                                      SHA256

                                                                                                                                      5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

                                                                                                                                      SHA512

                                                                                                                                      0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\msg\m_croatian.wnry
                                                                                                                                      Filesize

                                                                                                                                      38KB

                                                                                                                                      MD5

                                                                                                                                      17194003fa70ce477326ce2f6deeb270

                                                                                                                                      SHA1

                                                                                                                                      e325988f68d327743926ea317abb9882f347fa73

                                                                                                                                      SHA256

                                                                                                                                      3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

                                                                                                                                      SHA512

                                                                                                                                      dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\msg\m_czech.wnry
                                                                                                                                      Filesize

                                                                                                                                      39KB

                                                                                                                                      MD5

                                                                                                                                      537efeecdfa94cc421e58fd82a58ba9e

                                                                                                                                      SHA1

                                                                                                                                      3609456e16bc16ba447979f3aa69221290ec17d0

                                                                                                                                      SHA256

                                                                                                                                      5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

                                                                                                                                      SHA512

                                                                                                                                      e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\msg\m_danish.wnry
                                                                                                                                      Filesize

                                                                                                                                      36KB

                                                                                                                                      MD5

                                                                                                                                      2c5a3b81d5c4715b7bea01033367fcb5

                                                                                                                                      SHA1

                                                                                                                                      b548b45da8463e17199daafd34c23591f94e82cd

                                                                                                                                      SHA256

                                                                                                                                      a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

                                                                                                                                      SHA512

                                                                                                                                      490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\msg\m_dutch.wnry
                                                                                                                                      Filesize

                                                                                                                                      36KB

                                                                                                                                      MD5

                                                                                                                                      7a8d499407c6a647c03c4471a67eaad7

                                                                                                                                      SHA1

                                                                                                                                      d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

                                                                                                                                      SHA256

                                                                                                                                      2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

                                                                                                                                      SHA512

                                                                                                                                      608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\msg\m_english.wnry
                                                                                                                                      Filesize

                                                                                                                                      36KB

                                                                                                                                      MD5

                                                                                                                                      fe68c2dc0d2419b38f44d83f2fcf232e

                                                                                                                                      SHA1

                                                                                                                                      6c6e49949957215aa2f3dfb72207d249adf36283

                                                                                                                                      SHA256

                                                                                                                                      26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

                                                                                                                                      SHA512

                                                                                                                                      941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\msg\m_filipino.wnry
                                                                                                                                      Filesize

                                                                                                                                      36KB

                                                                                                                                      MD5

                                                                                                                                      08b9e69b57e4c9b966664f8e1c27ab09

                                                                                                                                      SHA1

                                                                                                                                      2da1025bbbfb3cd308070765fc0893a48e5a85fa

                                                                                                                                      SHA256

                                                                                                                                      d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

                                                                                                                                      SHA512

                                                                                                                                      966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\msg\m_finnish.wnry
                                                                                                                                      Filesize

                                                                                                                                      37KB

                                                                                                                                      MD5

                                                                                                                                      35c2f97eea8819b1caebd23fee732d8f

                                                                                                                                      SHA1

                                                                                                                                      e354d1cc43d6a39d9732adea5d3b0f57284255d2

                                                                                                                                      SHA256

                                                                                                                                      1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

                                                                                                                                      SHA512

                                                                                                                                      908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Users\Admin\Downloads\msg\m_french.wnry
                                                                                                                                      Filesize

                                                                                                                                      37KB

                                                                                                                                      MD5

                                                                                                                                      4e57113a6bf6b88fdd32782a4a381274

                                                                                                                                      SHA1

                                                                                                                                      0fccbc91f0f94453d91670c6794f71348711061d

                                                                                                                                      SHA256

                                                                                                                                      9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

                                                                                                                                      SHA512

                                                                                                                                      4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Windows\406F.tmp
                                                                                                                                      Filesize

                                                                                                                                      60KB

                                                                                                                                      MD5

                                                                                                                                      347ac3b6b791054de3e5720a7144a977

                                                                                                                                      SHA1

                                                                                                                                      413eba3973a15c1a6429d9f170f3e8287f98c21c

                                                                                                                                      SHA256

                                                                                                                                      301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c

                                                                                                                                      SHA512

                                                                                                                                      9a399916bc681964af1e1061bc0a8e2926307642557539ad587ce6f9b5ef93bdf1820fe5d7b5ffe5f0bb38e5b4dc6add213ba04048c0c7c264646375fcd01787

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1608_1235379072\manifest.json
                                                                                                                                      Filesize

                                                                                                                                      1003B

                                                                                                                                      MD5

                                                                                                                                      578c9dbc62724b9d481ec9484a347b37

                                                                                                                                      SHA1

                                                                                                                                      a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

                                                                                                                                      SHA256

                                                                                                                                      005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

                                                                                                                                      SHA512

                                                                                                                                      2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1608_1552640941\manifest.json
                                                                                                                                      Filesize

                                                                                                                                      118B

                                                                                                                                      MD5

                                                                                                                                      acb8ebb43624ece8dd7964092455d2b7

                                                                                                                                      SHA1

                                                                                                                                      7c61f04b419f927f98120afa18d8553513e2a0f6

                                                                                                                                      SHA256

                                                                                                                                      55b2b1fd2a563b240179fde6335370f5e22068ada77b5dc5af50bbc379c72953

                                                                                                                                      SHA512

                                                                                                                                      8e6c135aa19d6d21b32c6e9c0727ccf3df7e8dfcaf49e3f0ce55af9b53748188949746d69d17cdafd9d77511b1550d970289912a33b3d9c4daed8837762d91c3

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1608_2123999405\manifest.json
                                                                                                                                      Filesize

                                                                                                                                      145B

                                                                                                                                      MD5

                                                                                                                                      0df2306638bd60162686e9c4bafbd505

                                                                                                                                      SHA1

                                                                                                                                      ef9e16bf867f7950d5a30172e1d34d38686b0e72

                                                                                                                                      SHA256

                                                                                                                                      fd7b554588c5e72506a0bfed89bc298911a5649b9f5168ad7c1804d1c75de42e

                                                                                                                                      SHA512

                                                                                                                                      73fca229097631104cf352061d62455b6c5520bf59777520165719d2368b0e77f3ce66f52873fec53ac60e35274bf397ba321bc62610f0b7b172a7c5c4975174

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1608_790651084\LICENSE
                                                                                                                                      Filesize

                                                                                                                                      1KB

                                                                                                                                      MD5

                                                                                                                                      ee002cb9e51bb8dfa89640a406a1090a

                                                                                                                                      SHA1

                                                                                                                                      49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                                                                                      SHA256

                                                                                                                                      3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                                                                                      SHA512

                                                                                                                                      d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1608_790651084\manifest.json
                                                                                                                                      Filesize

                                                                                                                                      85B

                                                                                                                                      MD5

                                                                                                                                      c3419069a1c30140b77045aba38f12cf

                                                                                                                                      SHA1

                                                                                                                                      11920f0c1e55cadc7d2893d1eebb268b3459762a

                                                                                                                                      SHA256

                                                                                                                                      db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

                                                                                                                                      SHA512

                                                                                                                                      c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3432_842883342\_metadata\verified_contents.json
                                                                                                                                      Filesize

                                                                                                                                      1KB

                                                                                                                                      MD5

                                                                                                                                      68e6b5733e04ab7bf19699a84d8abbc2

                                                                                                                                      SHA1

                                                                                                                                      1c11f06ca1ad3ed8116d356ab9164fd1d52b5cf0

                                                                                                                                      SHA256

                                                                                                                                      f095f969d6711f53f97747371c83d5d634eaef21c54cb1a6a1cc5b816d633709

                                                                                                                                      SHA512

                                                                                                                                      9dc5d824a55c969820d5d1fbb0ca7773361f044ae0c255e7c48d994e16ce169fceac3de180a3a544ebef32337ea535683115584d592370e5fe7d85c68b86c891

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3432_842883342\manifest.fingerprint
                                                                                                                                      Filesize

                                                                                                                                      66B

                                                                                                                                      MD5

                                                                                                                                      8294c363a7eb84b4fc2faa7f8608d584

                                                                                                                                      SHA1

                                                                                                                                      00df15e2d5167f81c86bca8930d749ebe2716f55

                                                                                                                                      SHA256

                                                                                                                                      c6602cb5c85369350d8351675f006fc58aea20b8abf922a2c64700070daaa694

                                                                                                                                      SHA512

                                                                                                                                      22ed0211822f6f60fe46184fb6e5e7fcb2b3a9d2e19f25fb6e84e1ca3a5d645183959309549cdb07c999b345cfdd9a1351f3474e03fb8d451b0f093d44844d7c

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3432_842883342\sets.json
                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      eea4913a6625beb838b3e4e79999b627

                                                                                                                                      SHA1

                                                                                                                                      1b4966850f1b117041407413b70bfa925fd83703

                                                                                                                                      SHA256

                                                                                                                                      20ef4de871ece3c5f14867c4ae8465999c7a2cc1633525e752320e61f78a373c

                                                                                                                                      SHA512

                                                                                                                                      31b1429a5facd6787f6bb45216a4ab1c724c79438c18ebfa8c19ced83149c17783fd492a03197110a75aaf38486a9f58828ca30b58d41e0fe89dfe8bdfc8a004

                                                                                                                                      Download Submit

                                                                                                                                    • C:\Windows\infpub.dat
                                                                                                                                      Filesize

                                                                                                                                      401KB

                                                                                                                                      MD5

                                                                                                                                      1d724f95c61f1055f0d02c2154bbccd3

                                                                                                                                      SHA1

                                                                                                                                      79116fe99f2b421c52ef64097f0f39b815b20907

                                                                                                                                      SHA256

                                                                                                                                      579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648

                                                                                                                                      SHA512

                                                                                                                                      f2d7b018d1516df1c97cfff5507957c75c6d9bf8e2ce52ae0052706f4ec62f13eba6d7be17e6ad2b693fdd58e1fd091c37f17bd2b948cdcd9b95b4ad428c0113

                                                                                                                                      Download Submit

                                                                                                                                    • memory/1724-1146-0x00000000026F0000-0x0000000002758000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      416KB

                                                                                                                                      Download

                                                                                                                                    • memory/1724-1154-0x00000000026F0000-0x0000000002758000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      416KB

                                                                                                                                      Download

                                                                                                                                    • memory/2068-2079-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      64KB

                                                                                                                                      Download

                                                                                                                                    • memory/3712-1005-0x0000000002910000-0x0000000002978000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      416KB

                                                                                                                                      Download

                                                                                                                                    • memory/3712-994-0x0000000002910000-0x0000000002978000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      416KB

                                                                                                                                      Download

                                                                                                                                    • memory/3712-1002-0x0000000002910000-0x0000000002978000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      416KB

                                                                                                                                      Download

                                                                                                                                    • memory/5448-4131-0x0000000073150000-0x00000000731D2000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      520KB

                                                                                                                                      Download