Overview

overview

10

Static

static

10

03b5a7ffe1...82.exe

windows10-2004-x64

10

Resubmissions

12-02-2024 06:06

240212-gtspasgb59 10

Analysis

  • max time kernel
    111s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 06:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03b5a7ffe111cca63fc687a295ba8075087cc90812f6b988797a2d49a5db1482.exe

  • Size

    122KB

  • MD5

    979635229dfcfae1aae74ae296ec78c8

  • SHA1

    b4e0d9256b62868eb5c6f651ac4a154c6d71eb14

  • SHA256

    03b5a7ffe111cca63fc687a295ba8075087cc90812f6b988797a2d49a5db1482

  • SHA512

    6303685d772ec6760ef4cbb952c5fd11658b4d066e8c02ee0f491382f19650197b2c1e47ae01119f51d358252ed66a7934ca0865b82c356b03f8b323719a1d43

  • SSDEEP

    1536:uhxOUyl20w8bVZQ40iMSO1fY+iUyQs2r8t5p1ySotICS4A6Udoah5Dta66GDReU6:yMhQNDEtb3AioaheW8NR

Score
10/10
sodinokibievasionpersistenceransomware

Malware Config

Extracted

Path

C:\Recovery\xvma6ku645-readme.txt

Family

sodinokibi

Ransom Note
---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension xvma6ku645. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/877BFD63545BA860 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decoder.re/877BFD63545BA860 Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: w6Oa2+3YGeKBtN3M1Vq/f7M1ZjLF25ftuGVs/TMskcCKgHfQcWBOScuguTuG6c/O bsOs7oo/YlyO+Ofl0w/E/9eqPJVyf2lOVwTywAqXMTWs4DOQjXHVHmze3qARkofA t6MZdOrs+nrOBiw8szrcWhCWw4MacU4JjGMNH9EqwlryCT79hxexdBzHywNvjZ3J Kbzlk69HlF+SkQSE7vNNQx3bTKxtXjY07NAO7fMf5Yk3KH9Mz3n9HhroJlciGU6B E0X4UdmoVJM3qU7PP4ZNAg3psIjfhVvpnFeK0uXxsNWMygm6ll5e0I9jq2odSw+A IFtodxxQD/hO69ClWCUW+5Yg2m7tZJKYnD6lXgfPFeX/ONh6jmCvwDBjYCpdGaeq CVGSE1HsPK2IENwuJNT5UYHFLIt+gZ34xbxOX/fqzI9fQXgTloK8jYyIhjMYuxB7 fJT+QCW7GaMtMBpzus/JzHLCJ5nLRx/5TnFK39/WTq+qcygAzN3JiyZr2aIbeB1C Pla7PWwQ5UKV6o0G6K8Dgk7+MXVgT3p4IaGxa251SxAeEnKwYoMMpJs7NGb50TTR XVukymLOpiWYhQt+8Wi/GmeiiccN6aCAh5Oq6OkmyPkiikBkPxiSNmpIWXWbx1fH m1BfBrMTtn8frL3nKD5syN9EkKvycOgDE1LzEN08/5r/7hImrMwj1I/AKhjCiZq7 9yxZ56Y5y+hVeKx3ZyGZkHnPTdLYTd0bXwM9JrXGHFLMpcONUMTd2PbKVx9Vy6HQ khRWUSexNf3RelM2W6xxvOuVPvBavV284fd3zicNCKp/DEPTWRPM+mNXBwxQniE1 ID9VWAg56+Z8Hzd01wpnN8+/Wfgze84oUL/bhbYJnn8xBUueaF6TJptpg6a2xuKv XuVEizn0pz4UkvjJfPbv9XmAubX2M+13dNZFZru+Wn1rJV+VotTorX+H/6CU7jGz rDxDGvolLghGZ4k9DayIejII4jmH71c3LTv57wyfSEaGu7YePjW0LhbDYNv/EfI+ HKl0qJdxBSZ/d18tV7zs+j+zYAn3r0UfhdJv6PsylOpgsKPBaWcSV7X2myjesA5W Y0HS4CjN5kMKh3AA8HiB/mCB4jCLLQHXifh0kQthyw3wA4FgBCHYuY5q1GnsNtSM mmSrwavujiU0x9qRcHC634Yl5mI3mmn+SBGqjFPq8kgKg0i9LQklCjfiGYyCN+7j h++C9qkVYjVzbEw85BRt6meUznTseng2WoqGpA47jeTyNEE8rp28SoHrSOYtkckM j0JRDsNL45F5BsosNKF2MOszesKYMpRo3cy9OrCLUnG/Hi1Q8NsTZp4fIWIwMmGP c9n0+cUdCPkeCJElATtzBkpnxp8VDadASbinwrGagwmrM+aP ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!
URLs

http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/877BFD63545BA860

http://decoder.re/877BFD63545BA860

Signatures

  • Sodin,Sodinokibi,REvil

    Ransomware with advanced anti-analysis and privilege escalation functionality.

    ransomwaresodinokibi
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 25 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 24 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of FindShellTrayWindow 54 IoCs
  • Suspicious use of SendNotifyMessage 49 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\03b5a7ffe111cca63fc687a295ba8075087cc90812f6b988797a2d49a5db1482.exe
    "C:\Users\Admin\AppData\Local\Temp\03b5a7ffe111cca63fc687a295ba8075087cc90812f6b988797a2d49a5db1482.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3588
    • C:\Windows\SysWOW64\netsh.exe
      netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes
      2⤵
      • Modifies Windows Firewall
      PID:2692
  • C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    1⤵
      PID:4752
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4988
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4908
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cabf46f8,0x7ff8cabf4708,0x7ff8cabf4718
        2⤵
          PID:4944
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10691301532442679562,2841100356928909573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1852
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10691301532442679562,2841100356928909573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
          2⤵
            PID:2220
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10691301532442679562,2841100356928909573,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
            2⤵
              PID:2136
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10691301532442679562,2841100356928909573,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
              2⤵
                PID:4552
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10691301532442679562,2841100356928909573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                2⤵
                  PID:1324
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:276
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:3820
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe"
                    1⤵
                      PID:3056
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe"
                        2⤵
                        • Checks processor information in registry
                        • Suspicious use of FindShellTrayWindow
                        • Suspicious use of SendNotifyMessage
                        • Suspicious use of SetWindowsHookEx
                        PID:2072
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2072.0.621215351\2072853436" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18857ecb-0bfa-4d37-bdf3-158a39d13f35} 2072 "\\.\pipe\gecko-crash-server-pipe.2072" 1964 277120bae58 gpu
                          3⤵
                            PID:3920
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2072.1.1449727765\217965744" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20707 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af06619e-93d1-4a53-87fb-8083490aa7d7} 2072 "\\.\pipe\gecko-crash-server-pipe.2072" 2364 27705671358 socket
                            3⤵
                              PID:2916
                        • C:\Windows\system32\OpenWith.exe
                          C:\Windows\system32\OpenWith.exe -Embedding
                          1⤵
                          • Modifies registry class
                          • Suspicious use of SetWindowsHookEx
                          PID:292
                        • C:\Windows\system32\NOTEPAD.EXE
                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\xvma6ku645-readme.txt
                          1⤵
                            PID:5104
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                            1⤵
                            • Enumerates system info in registry
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            PID:4188
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ca9b9758,0x7ff8ca9b9768,0x7ff8ca9b9778
                              2⤵
                                PID:3964
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=2028,i,1586291673334409868,296628508143944081,131072 /prefetch:2
                                2⤵
                                  PID:4308
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=2028,i,1586291673334409868,296628508143944081,131072 /prefetch:8
                                  2⤵
                                    PID:2448
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=2028,i,1586291673334409868,296628508143944081,131072 /prefetch:8
                                    2⤵
                                      PID:4104
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=2028,i,1586291673334409868,296628508143944081,131072 /prefetch:1
                                      2⤵
                                        PID:3596
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=2028,i,1586291673334409868,296628508143944081,131072 /prefetch:1
                                        2⤵
                                          PID:1320
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4660 --field-trial-handle=2028,i,1586291673334409868,296628508143944081,131072 /prefetch:1
                                          2⤵
                                            PID:3540
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4932 --field-trial-handle=2028,i,1586291673334409868,296628508143944081,131072 /prefetch:1
                                            2⤵
                                              PID:2716
                                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                            1⤵
                                              PID:1908
                                            • C:\Windows\system32\OpenWith.exe
                                              C:\Windows\system32\OpenWith.exe -Embedding
                                              1⤵
                                              • Modifies registry class
                                              • Suspicious use of SetWindowsHookEx
                                              PID:4548

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Recovery\xvma6ku645-readme.txt
                                              Filesize

                                              6KB

                                              MD5

                                              6115b173d7f895c144bf1647bd48eb5f

                                              SHA1

                                              aadfd627d86b601bb9ff766810cd83b7d3a360d4

                                              SHA256

                                              bd227beed6e41b6227d9a4d73ff3c1c214e0fe60c9d6c90fccd31348f67c3819

                                              SHA512

                                              bcfa431de5a475a09efc4f2768fa1236125a6690772d797d9f42a2d96875c7f5b0f6b6ec1a6cdc434d66d49ad6ea2939e3bfaeeb02e793f72148e3b4a9764d8c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
                                              Filesize

                                              194KB

                                              MD5

                                              36104d04a9994182ba78be74c7ac3b0e

                                              SHA1

                                              0c049d44cd22468abb1d0711ec844e68297a7b3d

                                              SHA256

                                              ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

                                              SHA512

                                              8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              144B

                                              MD5

                                              1bbcebdf051a9afacf58a22901025b6f

                                              SHA1

                                              5dfe1134eb9fb48db77c2ab3fe48bc4117a1dabb

                                              SHA256

                                              1e92871f4cb58ac3238131d074b177519b50d9a3d69f5d92cf25417a967cf329

                                              SHA512

                                              79a27245f1a96e67d78da1a7d9cf13e8054112c8c5515532ba741ed40afc74b9bd91aded553bc9f8ddfbd0e58398d7eea42d4bfcb7e0a53b4d122312b2e4a5a2

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                              Filesize

                                              1KB

                                              MD5

                                              8f41c00c0ef510228ab0bdf42277b589

                                              SHA1

                                              e56ce6d9a7f66b59c868f8b01d3c1f1fbbad25fa

                                              SHA256

                                              6b1dc6f7d2e4d3f0a287dcd3c18335e2ab4590c2c4227b4b493a0eb0e319af93

                                              SHA512

                                              571676430f191915a9b0d7782a258407773496b265f6c5dadc297deb779f165731eb15755af8f5b01f2021a1842bfba429b0bd549af860daf16f28e0604bc6c4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                              Filesize

                                              371B

                                              MD5

                                              e24f6563214e79616547e024fc453ac1

                                              SHA1

                                              4420386a1cacb12ab13ee46d4380ac805740b039

                                              SHA256

                                              8890f45b4d5833db5c4899c061736e5cf254138a8d4c233cb36f8f0b63adf888

                                              SHA512

                                              b761703c6f5933fb672aa3b22fff703c8dcfd2d87a03abd9813cc504e1468256307e8d00e424771a10ab027d9586a1b95803fefd7579de1eed167c393fcaf80e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              76ec18661ae74cb6d4508c30a9c571e0

                                              SHA1

                                              a824669cd5d8c855dd32caaa7bf3deb3fc108635

                                              SHA256

                                              fd956ae708ab7d92fa8144c6cc7da64bc549695a5efa567d90b37d3efeb35c77

                                              SHA512

                                              e7a0373b0b08603bda6afa74ccdfe53e90b9d71207730c793dd535d0b1ad4b541a9fc49ce9295c90784656afc884512a805ef1a829c6217750a4ef915c924420

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                              Filesize

                                              239KB

                                              MD5

                                              258930ee5ce2eb6ca51d8c1f8c3d27cc

                                              SHA1

                                              6658e757536ac0e2c1ec977263c3460f3de0c37d

                                              SHA256

                                              e3c72f90da2aeba98c00b286efaa889adc0498abb16c6bdd6e6b549d5d5c0582

                                              SHA512

                                              41d77bff173ba3f4b66b033c031f7633c7bd0e0400cc4749b92f518792d4bdc5f7392142e9638b1687e5b74aba764391abb8a9f7583480bdc83d496967edbfe0

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              1386433ecc349475d39fb1e4f9e149a0

                                              SHA1

                                              f04f71ac77cb30f1d04fd16d42852322a8b2680f

                                              SHA256

                                              a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

                                              SHA512

                                              fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              2a6953a8fa3354c1e25e04038fde3312

                                              SHA1

                                              856750b1b2130d28c6751fce39679bdb7f19f1bd

                                              SHA256

                                              a4c25e7c77359de8c4ca60d3f4d150239d49f32e6d4a74d1b1b124bc547e18e5

                                              SHA512

                                              b059ea3ddf8d19b1a44db9263ba386b786bc6e178b145d25a36b3c4f1906939d4b1b59b080a6528393d71b89519a3f7663a396bc550a0a52cb2a7da6e23d4a4a

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              ec3b653569a73c7e3244f73bca086019

                                              SHA1

                                              9b758a7caa65c6e4e2a3efe2403f9bd84d2ee20e

                                              SHA256

                                              2e1736b5b80aa013f77c85f727a70dfc4331e86e92cb15be7514b4f239531307

                                              SHA512

                                              caf42977ee1dd85440ec3b10a01007046852cf15a880b660a8ac732eb5aa5a242b26eede676c84bdeaa52e31a427991eef32fbb90c57b083e1f9570ab0101384

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                              Filesize

                                              24KB

                                              MD5

                                              da501e07c2e4f0c56da44d46d614a406

                                              SHA1

                                              9624e765801de7e06f8df24ef37a54ac21297c65

                                              SHA256

                                              801e3e8abcaa2e4101192ab3f30c4fd1cc9a3c688df4e1cc33234d975a17aac0

                                              SHA512

                                              db90caa2a15943bbc197446fed2598dfe230ca0d5e0f0a40501a4b8bc02be3027dc5a53a4b72cd2926e68372b68dd26dd5cdfe741f0de1efce1ea70adc7df1ae

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              10KB

                                              MD5

                                              5c96bc01dd8180759cc91dd7d00e196e

                                              SHA1

                                              f246a169559992aa8b9b47a6fba05e05eecb83dd

                                              SHA256

                                              039340c56ea9125849cf1bb5346eb6d6fe4aa9f0a4e11684476f2a4d0f80ef93

                                              SHA512

                                              95a8d42912f8221883e50e88c3491554f5c9b7189790b5268a9c606aa00f4651aa6b3356907ef44b2507908f16090b013f76b62707e9c62992853d20d6c5f234

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                              Filesize

                                              264KB

                                              MD5

                                              f50f89a0a91564d0b8a211f8921aa7de

                                              SHA1

                                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                                              SHA256

                                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                              SHA512

                                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                              Download Submit

                                            • \??\pipe\LOCAL\crashpad_4908_PKLHVZAUFSOEJZUH
                                              MD5

                                              d41d8cd98f00b204e9800998ecf8427e

                                              SHA1

                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                              SHA256

                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                              SHA512

                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                              Download Submit