Overview

overview

7

Static

static

1

WinSCP-5.2...up.exe

windows7-x64

7

WinSCP-5.2...up.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    87s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-04-2023 07:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinSCP-5.21.7-Setup.exe

  • Size

    10.9MB

  • MD5

    4b6dcc18e7ea50caab02f11d9abb3dee

  • SHA1

    fd36c8ff64d2cabb7c35bb2e9100f5245544ecf2

  • SHA256

    6f8ba50c67083504a4dbc064f0d7e172ee9205db65557a12fd3193749fb8651b

  • SHA512

    ef9c0dbfb52919c3d420320406e3487892a5be30aa275d32981e799cb4711abe54e11085c3c9131073a0e012763db994acd0039c36475b0c35ebe54fe84a8a63

  • SSDEEP

    196608:wCIA4//b/VVVLXx1is5RFZ06uhRrvh311cJGB/NP9AhXxtJUyT5:rO/r5fltZBQN5l1lB18X/JUy

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 2 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 61 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinSCP-5.21.7-Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\WinSCP-5.21.7-Setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4660
    • C:\Users\Admin\AppData\Local\Temp\is-61JFH.tmp\WinSCP-5.21.7-Setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-61JFH.tmp\WinSCP-5.21.7-Setup.tmp" /SL5="$501CA,10341314,864768,C:\Users\Admin\AppData\Local\Temp\WinSCP-5.21.7-Setup.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1144
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\WinSCP\DragExt64.dll"
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:3508
        • C:\Windows\system32\regsvr32.exe
          /s "C:\Program Files (x86)\WinSCP\DragExt64.dll"
          4⤵
          • Loads dropped DLL
          • Registers COM server for autorun
          • Modifies registry class
          PID:3280
      • C:\Program Files (x86)\WinSCP\WinSCP.exe
        "C:\Program Files (x86)\WinSCP\WinSCP.exe" /RegisterForDefaultProtocols
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:3852
      • C:\Program Files (x86)\WinSCP\WinSCP.exe
        "C:\Program Files (x86)\WinSCP\WinSCP.exe" /ImportSitesIfAny
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:1820
      • C:\Program Files (x86)\WinSCP\WinSCP.exe
        "C:\Program Files (x86)\WinSCP\WinSCP.exe" /Usage=TypicalInstallation:1,InstallationsUser+,InstallationParentProcess@,InstallationsFirstTypical+,LastInstallationAutomaticUpgrade:0,InstallationsGettingStarted+,InstallationsLaunch+,
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:968
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://winscp.net/eng/installed.php?ver=5.21.7&lang=en&utm_source=winscp&utm_medium=setup&utm_campaign=5.21.7&prevver=&automatic=0
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:1612
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd9fbc46f8,0x7ffd9fbc4708,0x7ffd9fbc4718
          4⤵
            PID:1004
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10870263280102868610,7579400890674442125,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
            4⤵
              PID:4624
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10870263280102868610,7579400890674442125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4836
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10870263280102868610,7579400890674442125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
              4⤵
                PID:5008
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10870263280102868610,7579400890674442125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
                4⤵
                  PID:4916
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10870263280102868610,7579400890674442125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
                  4⤵
                    PID:4524
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10870263280102868610,7579400890674442125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
                    4⤵
                      PID:1336
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10870263280102868610,7579400890674442125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
                      4⤵
                        PID:3704
                    • C:\Program Files (x86)\WinSCP\WinSCP.exe
                      "C:\Program Files (x86)\WinSCP\WinSCP.exe"
                      3⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • Enumerates connected drives
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of SetWindowsHookEx
                      PID:4128
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:2296

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Program Files (x86)\WinSCP\DragExt64.dll
                    Filesize

                    479KB

                    MD5

                    5aa9eb658328c2a51dade7dae59aecf7

                    SHA1

                    f6718e0fc2abd4bcbf4dc248aacd4a1b383aaaf0

                    SHA256

                    86361a2499566dd1b06a713a790e32c59876bebcec6b0ece7b54fe871f43d4f5

                    SHA512

                    78f421fbe84e641d3f787cf4b17221aa45a714c33abe4b4177c13b0acd9f8d057e49852adb79d6573b11dd1ca276b966cb2266fe410de6a00e657d45493c79fd

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\DragExt64.dll
                    Filesize

                    479KB

                    MD5

                    5aa9eb658328c2a51dade7dae59aecf7

                    SHA1

                    f6718e0fc2abd4bcbf4dc248aacd4a1b383aaaf0

                    SHA256

                    86361a2499566dd1b06a713a790e32c59876bebcec6b0ece7b54fe871f43d4f5

                    SHA512

                    78f421fbe84e641d3f787cf4b17221aa45a714c33abe4b4177c13b0acd9f8d057e49852adb79d6573b11dd1ca276b966cb2266fe410de6a00e657d45493c79fd

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\DragExt64.dll
                    Filesize

                    479KB

                    MD5

                    5aa9eb658328c2a51dade7dae59aecf7

                    SHA1

                    f6718e0fc2abd4bcbf4dc248aacd4a1b383aaaf0

                    SHA256

                    86361a2499566dd1b06a713a790e32c59876bebcec6b0ece7b54fe871f43d4f5

                    SHA512

                    78f421fbe84e641d3f787cf4b17221aa45a714c33abe4b4177c13b0acd9f8d057e49852adb79d6573b11dd1ca276b966cb2266fe410de6a00e657d45493c79fd

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\Extensions\ArchiveDownload.WinSCPextension.ps1
                    Filesize

                    6KB

                    MD5

                    b16082ceeb34da39af1d52adc88be7db

                    SHA1

                    b7719fec4c89fe09904ae5fecf96aa364914e57e

                    SHA256

                    beee09ea768f58f29f03025984e0ce8fe4f8fd8c9cc454d9fa3869ba679f5356

                    SHA512

                    bb6509a92048f4a8219ec91c9b7e75d0453ee026f91e38daab33ff7af8022f690f2e31c6b6767010ae3ae0530c854ed92a458e2c1f42d11905bb1231e32fcdf5

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\Extensions\BatchRename.WinSCPextension.ps1
                    Filesize

                    4KB

                    MD5

                    2ed11efbb12a1e8de4197b5432321958

                    SHA1

                    ed6add9f956866895ed2d55115f74061d8dd9b39

                    SHA256

                    7e605503bc77f9fec8f5b10ee6fd1e5da273ca8b8c213985e75069a66deee649

                    SHA512

                    acfbcad5dfa662f336f57db7d6975df53194faf985d1c8e874936885926fe846665c1e654026a91e6a6bec2f0ace2efc1680a17212f4278136009c5a721230c0

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\Extensions\CompareFiles.WinSCPextension.ps1
                    Filesize

                    2KB

                    MD5

                    5658e87d86c7e1f4a375e65075c73f27

                    SHA1

                    1928b74fa34e139051bf8a8414a45ca84e6dc070

                    SHA256

                    71e5fb801d2132f44cda67c65fba980347b891b138a43d2e8ded6a1825a9a510

                    SHA512

                    b564a2588727762a34cedb5d0b39df6477da95784bfa1dd4b97f3603c3bff0261e10409c7caad10ca364dfe76e3236c839e61213c230d4e8b4864fdcb1f0a061

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\Extensions\GenerateHttpUrl.WinSCPextension.ps1
                    Filesize

                    3KB

                    MD5

                    7b02c62423d08d7c340a530f85261534

                    SHA1

                    f57fc70cac8655e1ac75abfcd83d623f83778b89

                    SHA256

                    737c824e719e9e5cc43048383f8d7c7717bcb35ba37e07624c855e258d3753cf

                    SHA512

                    1cee9e7ac2eea1e47dfa6d8a81b5d6ed0540db83d5280b9a4983f4dd23fba8de79a5833afba413f1bfa0189aae860079a671e18f37716b48b4d1a4f39038f663

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\Extensions\KeepLocalUpToDate.WinSCPextension.ps1
                    Filesize

                    5KB

                    MD5

                    6f10dd9ca31373018e319ba80abb5532

                    SHA1

                    1325eab389ec9961120e0cd569b37f566a764fe7

                    SHA256

                    79c87ff4a8cd2a2613a22f1e0dd4c3708b652e42fc92200b50e6d4adf91e561d

                    SHA512

                    8f272cf4de55bd6e3d563ae5c87df035b3684c008bf64152bca1480f411413ff0999dd14dc802fcc72372313d19aff8159ccd4be48528c54963c59deba49c726

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\Extensions\SearchText.WinSCPextension.ps1
                    Filesize

                    3KB

                    MD5

                    d26c1a56f63d3682da6e676b606894af

                    SHA1

                    e18ed1d358dc0026ecf64f49cc5f7b4c687523c3

                    SHA256

                    6b9f82c04625443346c74b907fb96d8319d22bc5a6d946fcc7a7c19c67b0757c

                    SHA512

                    dffbba900e510deca45f24af1786a0cd4d5f97b6c6bd6a219bdaf74d773ed42fdbbc9490dcb457063e879d46eba047225ebf40f1110e18195d53de607b4baf07

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\Extensions\SynchronizeAnotherServer.WinSCPextension.ps1
                    Filesize

                    10KB

                    MD5

                    680bbba778a319ba57ccc5c5c9f50c03

                    SHA1

                    12705a80f1be125f12a5c6e8511deccdba8bbec6

                    SHA256

                    e73b3b68425691605d643e53ac729426b52168585d4b06234cfd8d592828b019

                    SHA512

                    94983f38ecbc271b5452dee0777d0b669a106a0f8a9f23bfe528412ec0c75f2d249e2fb964f71d21d5bebf0f79952bf4bdc3af18f2678a2dbb32511d1259c84b

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\Extensions\VerifyFileChecksum.WinSCPextension.ps1
                    Filesize

                    2KB

                    MD5

                    e4eb33335b663fc23aa03ab6ef80cb8d

                    SHA1

                    0db1095d82e27ef352d96a8f36ac022f035ce90d

                    SHA256

                    dbdf82b86dd366dcc71edbae46f7008910e2be3f420b79e34159a81df1b39534

                    SHA512

                    4f9df209721f293896c59a4db390ca2875d705625a1151f0b1481e37db6537480cf29ea1e8311dcea0643ae8e4f130efcda27d9246f8058b2765ef1b3a98138b

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\Extensions\ZipUpload.WinSCPextension.ps1
                    Filesize

                    5KB

                    MD5

                    3963399fcb03e28453f38d93755795a0

                    SHA1

                    384abd9957a9ac16805c36a44bc49de9bf757644

                    SHA256

                    a62d0af7080942304a27883fb986d3a3f2fa9fcefc73108a1142f968649cc872

                    SHA512

                    5944a51ac0bc1e6cb8e041853b2720e2790f6b0f3a69ede16eba499645b62f703fd4145ef7107ef4b64b818bc44349e3af71c0e9d8586693dacde2042c527051

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\WinSCP.exe
                    Filesize

                    25.9MB

                    MD5

                    f787cf4c084f5143c7de0dec3505af58

                    SHA1

                    72a19bea7ac2937497738cdf46b76827a1ec11c8

                    SHA256

                    366f5d5281f53f06fffe72f82588f1591191684b6283fb04102e2685e5d8e95c

                    SHA512

                    16111a45ab2afe50279097d8ac654eb8651374165c0663d9e589656df509dcc85ab474799cb36ee4bb43e54611472211e310268551b06bfc3e81b01fd6b4028e

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\WinSCP.exe
                    Filesize

                    25.9MB

                    MD5

                    f787cf4c084f5143c7de0dec3505af58

                    SHA1

                    72a19bea7ac2937497738cdf46b76827a1ec11c8

                    SHA256

                    366f5d5281f53f06fffe72f82588f1591191684b6283fb04102e2685e5d8e95c

                    SHA512

                    16111a45ab2afe50279097d8ac654eb8651374165c0663d9e589656df509dcc85ab474799cb36ee4bb43e54611472211e310268551b06bfc3e81b01fd6b4028e

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\WinSCP.exe
                    Filesize

                    25.9MB

                    MD5

                    f787cf4c084f5143c7de0dec3505af58

                    SHA1

                    72a19bea7ac2937497738cdf46b76827a1ec11c8

                    SHA256

                    366f5d5281f53f06fffe72f82588f1591191684b6283fb04102e2685e5d8e95c

                    SHA512

                    16111a45ab2afe50279097d8ac654eb8651374165c0663d9e589656df509dcc85ab474799cb36ee4bb43e54611472211e310268551b06bfc3e81b01fd6b4028e

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\WinSCP.exe
                    Filesize

                    25.9MB

                    MD5

                    f787cf4c084f5143c7de0dec3505af58

                    SHA1

                    72a19bea7ac2937497738cdf46b76827a1ec11c8

                    SHA256

                    366f5d5281f53f06fffe72f82588f1591191684b6283fb04102e2685e5d8e95c

                    SHA512

                    16111a45ab2afe50279097d8ac654eb8651374165c0663d9e589656df509dcc85ab474799cb36ee4bb43e54611472211e310268551b06bfc3e81b01fd6b4028e

                    Download Submit

                  • C:\Program Files (x86)\WinSCP\WinSCP.exe
                    Filesize

                    25.9MB

                    MD5

                    f787cf4c084f5143c7de0dec3505af58

                    SHA1

                    72a19bea7ac2937497738cdf46b76827a1ec11c8

                    SHA256

                    366f5d5281f53f06fffe72f82588f1591191684b6283fb04102e2685e5d8e95c

                    SHA512

                    16111a45ab2afe50279097d8ac654eb8651374165c0663d9e589656df509dcc85ab474799cb36ee4bb43e54611472211e310268551b06bfc3e81b01fd6b4028e

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    78c7656527762ed2977adf983a6f4766

                    SHA1

                    21a66d2eefcb059371f4972694057e4b1f827ce6

                    SHA256

                    e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

                    SHA512

                    0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    099b4ba2787e99b696fc61528100f83f

                    SHA1

                    06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

                    SHA256

                    cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

                    SHA512

                    4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\64e36dcb-4fb9-40fa-9867-787c94bda45b.tmp
                    Filesize

                    70KB

                    MD5

                    e5e3377341056643b0494b6842c0b544

                    SHA1

                    d53fd8e256ec9d5cef8ef5387872e544a2df9108

                    SHA256

                    e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                    SHA512

                    83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                    Filesize

                    456B

                    MD5

                    be98ab0dc9544a112b4b3b97a51a2afd

                    SHA1

                    10b054990903baeaba2920ced0a437b214ef2131

                    SHA256

                    e6d9409aad436f0b4b3d098aab1e75048a6fd05badc61aa5c37da44721b0b835

                    SHA512

                    5fdd519a7a566be94dacddc51125c5da10b148541446161f446d285af2aa0369efd95ee6b2a0c5d866e54c94c0a5fad6d2655c141178d7128b79e0b9cd30ef3e

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                    Filesize

                    48B

                    MD5

                    9de805f3801e7042796c4a3dd98556d6

                    SHA1

                    5dd958fb9c30456315c1b81b16fb70915d8c3743

                    SHA256

                    537b4bb9dd792f7601b044593d8bccea78a5d571e3f042267a52f0d1b7caa26c

                    SHA512

                    1eb3385a0631c0b4b88456a13f7dea9d6c0d0fc8533a0a569eb703008aacb449e652036e6943f89701ed3a750fefe6bf1e71448bfbf110a5e96530ab59587883

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
                    Filesize

                    2KB

                    MD5

                    88c47e2c48fcc9fb516a0470b746147a

                    SHA1

                    67718fcb2e4fac09f702cd69ba7d6f7301f77dfb

                    SHA256

                    22ba914e2b092e617b66795840d82b7244fbc69ba11ece37fcd2b34095aa3234

                    SHA512

                    f33c46fa7496d71e0928e5c23d61e0b6f1bc382ad733dfdc172f03612c4485dcc3d890a98dac9035b7ec2eb000b0d9a183bd0453e7bdb799230630380be8a4e7

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                    Filesize

                    2KB

                    MD5

                    f0935bdeb41a8bcaac81b3de6c00ec00

                    SHA1

                    380062f742a2e640f39ee4169332993ad5b2b853

                    SHA256

                    82503a86cfcde151c4e2beeaa5228846aad6776c033ded639fc121b949823b0a

                    SHA512

                    fb556a9402094307eba46e0065a83c3e74bede0576591680168f2210fbe29582ce6f75c322b7d7853d919dd485dd02de28cc2cb8b37f98298b0433279a21cf38

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    4KB

                    MD5

                    fe7f6c49fb60970afe45c79183080839

                    SHA1

                    5fd0442cf7dd83874ce95e186c27d3f4cfe2095b

                    SHA256

                    fd2ab8efd735654f45c932e517292e752fac334ad6416f14a8517616c2532145

                    SHA512

                    54814095024d3e6da9dbce1cca0b10548f9441f4c684493736fcac5e2cc28b8b13152f27fbe7304feaee9da66fba269a7c98a7fbef70b2e4eaadc4c53b145d83

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    7KB

                    MD5

                    4d16696627be936c4475cc4c5083cde1

                    SHA1

                    9ebc1acc10aaf16827032ae7fce79f0981005b00

                    SHA256

                    f6063ee8b8eb0bb206a723f745c0f56943d369413ec95f6e4d9c5d09c8271c9e

                    SHA512

                    81c2b63302c5d39ecde7b2d1d7899e5814d38cc79323919bae055d98e48ed858b8ca9396f20c2b75c40a4dfe948d661c90727f082d873af8625f793d8a1b50cf

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                    Filesize

                    24KB

                    MD5

                    02ee7addc9e8a2d07af55556ebf0ff5c

                    SHA1

                    020161bb64ecb7c6e6886ccc055908984dc651d8

                    SHA256

                    552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

                    SHA512

                    567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
                    Filesize

                    41B

                    MD5

                    5af87dfd673ba2115e2fcf5cfdb727ab

                    SHA1

                    d5b5bbf396dc291274584ef71f444f420b6056f1

                    SHA256

                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                    SHA512

                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                    Filesize

                    16B

                    MD5

                    46295cac801e5d4857d09837238a6394

                    SHA1

                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                    SHA256

                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                    SHA512

                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
                    Filesize

                    264KB

                    MD5

                    f50f89a0a91564d0b8a211f8921aa7de

                    SHA1

                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                    SHA256

                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                    SHA512

                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                    Filesize

                    9KB

                    MD5

                    8ca9c1d4158a1806e9a1ddedbd218822

                    SHA1

                    db8e9527e082087b75032ec66db6c8498b6e5818

                    SHA256

                    956ba084952de1029eb0794a47c302d27f94b59d294595e9bccf797b22c0f24e

                    SHA512

                    bbadf21a79d1034d4469fd96c50593fb519591432d08c4a2128450e51221685b170342d86b8008eee0ec8bbff29cda4fa2b7bc90056798e8ce57de2968f088c1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\is-61JFH.tmp\WinSCP-5.21.7-Setup.tmp
                    Filesize

                    3.1MB

                    MD5

                    cbc9e059de252e52ad2f1d6c3b215e78

                    SHA1

                    4111f1543d22077afa12376e3b358c14b6a4ed36

                    SHA256

                    5cf4783828639fd8f11310c5afcdec98566b7b041bc1ee18c554dd78faf03c96

                    SHA512

                    e9c306bd563e848ed9d5030e480fb992a677212883a857e7575f5fa490f98a210eae3516306e11b51e2c3931cd4105cadac8194045a299aa35cad16a17851117

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\is-61JFH.tmp\WinSCP-5.21.7-Setup.tmp
                    Filesize

                    3.1MB

                    MD5

                    cbc9e059de252e52ad2f1d6c3b215e78

                    SHA1

                    4111f1543d22077afa12376e3b358c14b6a4ed36

                    SHA256

                    5cf4783828639fd8f11310c5afcdec98566b7b041bc1ee18c554dd78faf03c96

                    SHA512

                    e9c306bd563e848ed9d5030e480fb992a677212883a857e7575f5fa490f98a210eae3516306e11b51e2c3931cd4105cadac8194045a299aa35cad16a17851117

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6bb54d82fa42128d.customDestinations-ms
                    Filesize

                    12B

                    MD5

                    e4a1661c2c886ebb688dec494532431c

                    SHA1

                    a2ae2a7db83b33dc95396607258f553114c9183c

                    SHA256

                    b76875c50ef704dbbf7f02c982445971d1bbd61aebe2e4b28ddc58a1d66317d5

                    SHA512

                    efdcb76fb40482bc94e37eae3701e844bf22c7d74d53aef93ac7b6ae1c1094ba2f853875d2c66a49a7075ea8c69f5a348b786d6ee0fa711669279d04adaac22c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6bb54d82fa42128d.customDestinations-ms
                    Filesize

                    12B

                    MD5

                    e4a1661c2c886ebb688dec494532431c

                    SHA1

                    a2ae2a7db83b33dc95396607258f553114c9183c

                    SHA256

                    b76875c50ef704dbbf7f02c982445971d1bbd61aebe2e4b28ddc58a1d66317d5

                    SHA512

                    efdcb76fb40482bc94e37eae3701e844bf22c7d74d53aef93ac7b6ae1c1094ba2f853875d2c66a49a7075ea8c69f5a348b786d6ee0fa711669279d04adaac22c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6bb54d82fa42128d.customDestinations-ms
                    Filesize

                    12B

                    MD5

                    e4a1661c2c886ebb688dec494532431c

                    SHA1

                    a2ae2a7db83b33dc95396607258f553114c9183c

                    SHA256

                    b76875c50ef704dbbf7f02c982445971d1bbd61aebe2e4b28ddc58a1d66317d5

                    SHA512

                    efdcb76fb40482bc94e37eae3701e844bf22c7d74d53aef93ac7b6ae1c1094ba2f853875d2c66a49a7075ea8c69f5a348b786d6ee0fa711669279d04adaac22c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QG6GUE67YTV818QQWO2E.temp
                    Filesize

                    12B

                    MD5

                    e4a1661c2c886ebb688dec494532431c

                    SHA1

                    a2ae2a7db83b33dc95396607258f553114c9183c

                    SHA256

                    b76875c50ef704dbbf7f02c982445971d1bbd61aebe2e4b28ddc58a1d66317d5

                    SHA512

                    efdcb76fb40482bc94e37eae3701e844bf22c7d74d53aef93ac7b6ae1c1094ba2f853875d2c66a49a7075ea8c69f5a348b786d6ee0fa711669279d04adaac22c

                    Download Submit

                  • \??\pipe\LOCAL\crashpad_1612_JCPMMMCQLCNXTDOV
                    MD5

                    d41d8cd98f00b204e9800998ecf8427e

                    SHA1

                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                    SHA256

                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                    SHA512

                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                    Download Submit

                  • memory/968-330-0x0000000000F80000-0x0000000002A0C000-memory.dmp

                    Filesize

                    26.5MB

                    Download

                  • memory/968-333-0x0000000000F70000-0x0000000000F71000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/968-340-0x0000000000F80000-0x0000000002A0C000-memory.dmp

                    Filesize

                    26.5MB

                    Download

                  • memory/1144-140-0x0000000000400000-0x000000000071B000-memory.dmp

                    Filesize

                    3.1MB

                    Download

                  • memory/1144-345-0x0000000000400000-0x000000000071B000-memory.dmp

                    Filesize

                    3.1MB

                    Download

                  • memory/1144-138-0x0000000000EB0000-0x0000000000EB1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/1144-327-0x0000000000400000-0x000000000071B000-memory.dmp

                    Filesize

                    3.1MB

                    Download

                  • memory/1144-161-0x0000000000400000-0x000000000071B000-memory.dmp

                    Filesize

                    3.1MB

                    Download

                  • memory/1144-310-0x0000000000400000-0x000000000071B000-memory.dmp

                    Filesize

                    3.1MB

                    Download

                  • memory/1820-325-0x0000000000F80000-0x0000000002A0C000-memory.dmp

                    Filesize

                    26.5MB

                    Download

                  • memory/1820-323-0x0000000004E00000-0x0000000004E01000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/1820-315-0x0000000000F80000-0x0000000002A0C000-memory.dmp

                    Filesize

                    26.5MB

                    Download

                  • memory/3852-306-0x0000000000A00000-0x0000000000A01000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/3852-312-0x0000000000F80000-0x0000000002A0C000-memory.dmp

                    Filesize

                    26.5MB

                    Download

                  • memory/3852-295-0x0000000000F80000-0x0000000002A0C000-memory.dmp

                    Filesize

                    26.5MB

                    Download

                  • memory/4128-349-0x0000000000870000-0x0000000000871000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4128-344-0x0000000000F80000-0x0000000002A0C000-memory.dmp

                    Filesize

                    26.5MB

                    Download

                  • memory/4128-528-0x0000000000F80000-0x0000000002A0C000-memory.dmp

                    Filesize

                    26.5MB

                    Download

                  • memory/4128-626-0x0000000000870000-0x0000000000871000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4660-133-0x0000000000400000-0x00000000004E0000-memory.dmp

                    Filesize

                    896KB

                    Download

                  • memory/4660-347-0x0000000000400000-0x00000000004E0000-memory.dmp

                    Filesize

                    896KB

                    Download

                  • memory/4660-139-0x0000000000400000-0x00000000004E0000-memory.dmp

                    Filesize

                    896KB

                    Download