Analysis Overview
Threat Level: Known bad
The file https://workdrive-externaltaxdrivedocument.online/mytaxdocument/Pamelataxdocument/v0SJfhiow/wjM4V/33q1ytzv/ItTP77pSD1cGFtZWxhQHBhbWVsYXRheGRvY3VtZW50LmNvbQ~lg=pamelataxdocument.pdf was found to be: Known bad.
Malicious Activity Summary
Remcos
Adds Run key to start application
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 18:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 18:02
Reported
2024-04-04 18:06
Platform
win10v2004-20240226-en
Max time kernel
208s
Max time network
212s
Command Line
Signatures
Remcos
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*Chrome = "rundll32.exe C:\\Users\\Admin\\AppData\\Roaming\\VIVA_01.dll,EntryPoint" | C:\Windows\SysWOW64\reg.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Pamelas 2023 Tax Documents\Pamelas 2023 1040 W2s Tax DocumentsPDF.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://workdrive-externaltaxdrivedocument.online/mytaxdocument/Pamelataxdocument/v0SJfhiow/wjM4V/33q1ytzv/ItTP77pSD1cGFtZWxhQHBhbWVsYXRheGRvY3VtZW50LmNvbQ~lg=pamelataxdocument.pdf
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3a0e46f8,0x7ffd3a0e4708,0x7ffd3a0e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Pamelas 2023 Tax Documents\Pamelas 2023 1040 W2s Tax DocumentsPDF.exe
"C:\Users\Admin\Downloads\Pamelas 2023 Tax Documents\Pamelas 2023 1040 W2s Tax DocumentsPDF.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*Chrome" /t REG_SZ /d "rundll32.exe C:\Users\Admin\AppData\Roaming\VIVA_01.dll",EntryPoint /f & exit
C:\Users\Admin\Downloads\Pamelas 2023 Tax Documents\Pamelas 2023 1040 W2s Tax DocumentsPDF.exe
"C:\Users\Admin\Downloads\Pamelas 2023 Tax Documents\Pamelas 2023 1040 W2s Tax DocumentsPDF.exe"
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*Chrome" /t REG_SZ /d "rundll32.exe C:\Users\Admin\AppData\Roaming\VIVA_01.dll",EntryPoint /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1097480155501080480,12748574428087047512,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | workdrive-externaltaxdrivedocument.online | udp |
| US | 62.72.27.219:443 | workdrive-externaltaxdrivedocument.online | tcp |
| US | 8.8.8.8:53 | workdrive.zohoexternal.com | udp |
| US | 136.143.191.16:443 | workdrive.zohoexternal.com | tcp |
| US | 8.8.8.8:53 | 219.27.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.zohocdn.com | udp |
| GB | 169.148.129.35:443 | static.zohocdn.com | tcp |
| GB | 169.148.129.35:443 | static.zohocdn.com | tcp |
| US | 8.8.8.8:53 | 16.191.143.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.129.148.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | files-accl.zohoexternal.com | udp |
| GB | 169.148.128.21:443 | files-accl.zohoexternal.com | tcp |
| US | 8.8.8.8:53 | 21.128.148.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| GB | 169.148.128.21:443 | files-accl.zohoexternal.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clepdhunt.duckdns.org | udp |
| RS | 45.89.55.130:4047 | clepdhunt.duckdns.org | tcp |
| US | 8.8.8.8:53 | 130.55.89.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geoplugin.net | udp |
| NL | 178.237.33.50:80 | geoplugin.net | tcp |
| US | 8.8.8.8:53 | 50.33.237.178.in-addr.arpa | udp |
| RS | 45.89.55.130:4047 | clepdhunt.duckdns.org | tcp |
| RS | 45.89.55.130:4047 | clepdhunt.duckdns.org | tcp |
| RS | 45.89.55.130:4047 | clepdhunt.duckdns.org | tcp |
| RS | 45.89.55.130:4047 | clepdhunt.duckdns.org | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e1b45169ebca0dceadb0f45697799d62 |
| SHA1 | 803604277318898e6f5c6fb92270ca83b5609cd5 |
| SHA256 | 4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60 |
| SHA512 | 357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e |
\??\pipe\LOCAL\crashpad_1224_JJQXJJYQEZCVCQBD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9ffb5f81e8eccd0963c46cbfea1abc20 |
| SHA1 | a02a610afd3543de215565bc488a4343bb5c1a59 |
| SHA256 | 3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc |
| SHA512 | 2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c9c3b4dbdbfa4fb9c7173ac70b5fc8bb |
| SHA1 | 6f3fa38b382e842e7d115a3f10ff460a16b77108 |
| SHA256 | b92df0b40895dd5e86c754fcd2c9c807def2062eba27bd4b1ec6297ebef26f0b |
| SHA512 | 52ada1ca7da456e348067b92081df1da7fee642d35e0e362642dc959bd53added425fbcb4cd69825b8e5bd8dfdbb908feaf436cff85a897588a20dbcd9aec53f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bec49837-d83a-4031-9c86-46fb5a11ef3c.tmp
| MD5 | ef28046cd23c3b7a40856c3c832a9757 |
| SHA1 | 474ea84cb4dc66c8cd5e7cedb5ccdf616969605c |
| SHA256 | ee26ee136d4d24d943b0da25d8a184985486807e9940f2603c8c40cdf4838991 |
| SHA512 | da09af9216480894da2d41bf32954b6fde28675f118f59c68e8de08bd18c81d022400ba62c29985f5ecf78b4abfc6ea81a0b86e7e15fc96daaab8918ca8fdd67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 359d35cf453d47cf1eb8bc53e7315569 |
| SHA1 | 2967fe325af4b9758d57449ac1ad47e4ba04d3dc |
| SHA256 | 61ca069d293dc1644e89cfd2440a62d1656494e55bd051d36d94dbbd26018433 |
| SHA512 | 6847000480e8ceca566a3771b780f91669d44328b168daff763c747e14b097c10546ef7676b5eb60cdb3e9a3bb38e0cc908c831ac0fa09ed2399e9a91f64cb5d |
C:\Users\Admin\Downloads\55a71ae2-a782-496f-9e19-0392b6ceeed3.tmp
| MD5 | 20ed592d9f0de74064d47efea045de9e |
| SHA1 | 7799642c21888dfdcf01a2e453b54a61ffd6b426 |
| SHA256 | 7d24984bc73adaeeeb2cdaf9da6562799b58524f2ef55770d274d66d438cd1a9 |
| SHA512 | 18a6a458c4975e840161f788709d1db83331bea71f4d7ea949d87998b4dcd34773128017fe9f45b71d656ae5a5a8cbd2f2213c702f578307123909f1c0abcc8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9354d1ba552b5f436cb873630aa71d5 |
| SHA1 | 1f4ce826468f74f2d20d88bb6d318cc0ad39bc78 |
| SHA256 | c6b73a7d7aded6ec72518cb33a957b3f1176ae93a2b0100b90f745888168ae8a |
| SHA512 | a45ec9c95760433a39ccd24f9259cdc80d2e1d95ca8819942104d49a91bb91d391e0a7d0e40f4fe587978745448dd2d74c17cfb8bbdb4d29c7a810af391b50a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 77a854295e3ba87e5019dcfc0c479c9a |
| SHA1 | 7e7465d86fb82cbc75eea4c8e0b9e10fc89f5caa |
| SHA256 | 7cc8ec070142182b10f3ddfaf18b913f7c9cdc1298a1d280e7b61323848188a6 |
| SHA512 | a1c08e882bf09d9f6fff2be72bfb109cf1ca6ea83c15150a424032f32db4a8abfb19fca47560a866c568bf0976796b344de68e5e6bdeb37f9c80614d63b6ed1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a3d1.TMP
| MD5 | 428abd634f15d1527aee60b13e92138b |
| SHA1 | ab8a5ce3fe5413c064b0522a880cf8455f075cb8 |
| SHA256 | bfbb4366aea6fa4dd2d30e1ed533ac8d546984d28089ee7fd5cc28d5f42aa7c4 |
| SHA512 | 6597d0ef51851dd931b2697fd7e1c34221d561d9f7abf418bb61a44d4099504ff30932fae463e87c8b594b524eb57ff65eaf0e32b13ea4829552d6fd14e84f2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0d1b3475c13b09689e6ef0b556d68af79b7b3495\index.txt
| MD5 | 23f29718d868007774e59f89dad2a81f |
| SHA1 | b3965763e55d2827bfe285904ee2363ceb365fa2 |
| SHA256 | 5f8fa1a979cf6d03287535133ccf430dae4a1ca7cfbbcf2a04e383c330acb632 |
| SHA512 | b9606e3a2fe52f5575fa5e7bbbec8df95fbb34894569eccfea43bf508b4ee936bbf0813023c1d5050650c9e1591f8bba1fb2142ac6965dbaea979e5620dfdab0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0d1b3475c13b09689e6ef0b556d68af79b7b3495\index.txt
| MD5 | a9151c3ec7115af99cee1e01e0277ca0 |
| SHA1 | 7f3bddb7cb0be43bd198d88f53e0c3dc126e3629 |
| SHA256 | d49c4c4a69c175fc56e6f0c5688be89f99445f15de7dfe2630b3c1fcf547371f |
| SHA512 | d3fcc1f6731a2849126547a541401ac355532bda7d13937a63cd1e95388b3175a3c14fbc39e2b0dba2c7b17e6b98de96a53ebbff51b71e5314004cd0f948a340 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0d1b3475c13b09689e6ef0b556d68af79b7b3495\813ee0fe-e5f0-4a14-b55e-fbb2fd3d30c9\index-dir\the-real-index
| MD5 | 140a8f9ea5dba80e18fa1cdb892a6908 |
| SHA1 | 31724f62f92582effc26740c1dc594e958a2d6aa |
| SHA256 | c9fb227ca24db334e256a41351aec45cfb70858c86cf1c348b11863d8e488466 |
| SHA512 | 5ab5d414a02b86bbe4e7db39b22a87f2267661a3c0c8a16606177d4d7c215f40cbb01bcc6de669ae3e280d2d2fc9a2c778c0340fb672538aa4da40b39a773eb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0d1b3475c13b09689e6ef0b556d68af79b7b3495\813ee0fe-e5f0-4a14-b55e-fbb2fd3d30c9\index-dir\the-real-index~RFe57a671.TMP
| MD5 | f7c750d370b5c2e74a122e5b76a8ae57 |
| SHA1 | a4ab6309c2e20153dc809c28f03008ea93295291 |
| SHA256 | 06042b42c47414fcee23ac555f75dc80a44d2b025acef76156b44f3935fe5411 |
| SHA512 | 8ca416537ee4a4ebeeb72c3b5aaeeae86a181ed925c57c21d749920cbaa7dd1638290bc5c9506111873d263b157f5697b307b34f42fb442bebd0033ceac01c20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 95a56ed11de889edacc169530e0507b4 |
| SHA1 | 591a1833a6bab5a770c73d01fcce04d5f7292ffb |
| SHA256 | 5132a34be2e37b00383f900080353fe3354d012ac3b2790625bacdbc76976d58 |
| SHA512 | 6ada8510674047210c5b684061eb75c9961befb7de3a2c030b090db3760736dcc22de1e4bfe5eefc3c55a533a4e2a18c7696ecd47eb2d0ee3e261839844f7fdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ed81f95b5be1955ab92f877d411f7a64 |
| SHA1 | e76076611ec090474236d7a04129292aa4b33837 |
| SHA256 | e981192090afdd980bbe217129ab199fd9dbf9e57142b895951741ef404c6614 |
| SHA512 | df3f2bc210888f1c7959f78bffe8b5e714ac610d0afbb124affbee6b25347238910e45bbde1e6e63e0fc9e6a638c90a4d94441633ec38efe3020b3b8b1855f76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a671.TMP
| MD5 | bb46b1c83afa85e74468ea7f15880cfe |
| SHA1 | 7aaa3451d04397358485c2b4a2f9061ff72f91ea |
| SHA256 | 83fe29504d6c0388cbeb0714be2592c1b9a0634877151e2633d7ad5012fe326b |
| SHA512 | bbd545864639d42a923e7f9b097bc93291ca910bb6759b349e21620408983b40c9ece3ba0d8392a736974c48332812cec5dcb16bec16ed0e685df94e05eb8fb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b6c29ce4956cc1f3de9ad91583136199 |
| SHA1 | 035273b7edd028103f0ae269b3301c6f6c298dea |
| SHA256 | e6944f304d404841f0393bc5ab4f2f79ac4653610454f69a6f0118342f4377e8 |
| SHA512 | 0d681bed5b43806b1281bf4eca5af8fb857dcef2ec1815f4bdd4d80027747a41b966050659588b72a83358ecc87535be535bc321e6cdc1770053b48a07c7af5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3ee5abf0fd354723cdfeb455a237382d |
| SHA1 | 268718abcce0ee91792bc1bfeeb2744ccd0684c8 |
| SHA256 | 6a8604dac5ddf147be33d96b917824da60430fa0d7c16a32770055ec6be1af2b |
| SHA512 | 0a9cc0e8cd4b1385cb04ab3ee0c913c6b534d2526fb72738cd168765ce633a429ad5cdf9e34d4a862f25b8ebc2c2f7adf443db90aed6c7120f43383c4794a535 |
memory/468-265-0x0000000010000000-0x0000000012DB4000-memory.dmp
memory/468-266-0x0000000010000000-0x0000000012DB4000-memory.dmp
memory/808-267-0x00000000001D0000-0x00000000001D1000-memory.dmp
memory/808-269-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-270-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-273-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-272-0x0000000000410000-0x0000000000492000-memory.dmp
memory/468-274-0x0000000010000000-0x0000000012DB4000-memory.dmp
memory/808-275-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-276-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-277-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-278-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-280-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-281-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-282-0x0000000000410000-0x0000000000492000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 08498d41e869b9b5094b6f60a7e43f71 |
| SHA1 | d7de688ba531cce78d8c9aacd3b646ec42b5c78e |
| SHA256 | f4db17b3ee1f6614dbf88fcc9f29e8faf5a10be06305a05d631670a53e30bdb3 |
| SHA512 | 62a5eb0dd79e618842c8158a283d49e30b3dd826b2df3b58820e8bbe8e2aa46700bfb6b42501c4b4b838824b30fb3707b2c51e1a3368c6f031a36d690a02f782 |
memory/808-298-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-299-0x0000000000410000-0x0000000000492000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | abd6905a050505a7b96b8f39af7f5ca0 |
| SHA1 | 8ba7ba24839e0a6fd6dcd2add687355d5461e50f |
| SHA256 | 6f5efb2d88bc7417de91a748bb7cf2e81d14272d88e09d1e7f96bcd1d337d1dd |
| SHA512 | 7ef8c3dba8aa623b67ebdaa8ca25c46380c048fb72565398b2083d199b4e17d229e1716ac12803a92831ca32312b207ac5c7cc6a9df88c98251503025d4f61b4 |
memory/808-309-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-310-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-311-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-312-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-313-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-314-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-315-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-316-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-318-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-319-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-320-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-321-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-322-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-323-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-324-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-325-0x0000000000410000-0x0000000000492000-memory.dmp
memory/808-326-0x0000000000410000-0x0000000000492000-memory.dmp