Overview

overview

10

Static

static

10

v2.exe

windows10-2004-x64

10

Resubmissions

11-04-2024 17:53

240411-wgrc2agf82 10

11-04-2024 17:50

240411-weydkagf52 10

07-03-2024 21:32

240307-1d2rtafd3x 10

05-03-2024 03:22

240305-dw4ykadb7x 10

26-02-2024 08:40

240226-klbmlahd92 10

25-01-2024 23:42

240125-3p3jlaagej 10

10-10-2023 00:01

231010-aaxetahb7s 10

14-07-2023 13:07

230714-qc385seh7w 10

11-07-2023 13:35

230711-qv314aad81 10

Analysis

  • max time kernel
    152s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-04-2024 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    v2.exe

  • Size

    121KB

  • MD5

    944ed18066724dc6ca3fb3d72e4b9bdf

  • SHA1

    1a19c8793cd783a5bb89777f5bc09e580f97ce29

  • SHA256

    74ce1be7fe32869dbbfe599d7992c306a7ee693eb517924135975daa64a3a92f

  • SHA512

    a4d23cba68205350ae58920479cb52836f9c6dac20d1634993f3758a1e5866f40b0296226341958d1200e1fcd292b8138c41a9ed8911d7abeaa223a06bfe4ad3

  • SSDEEP

    1536:vjVXKif7kaCtHM7qpo6ZQDtFnNi+ti09or2LkLpLik8ICS4Ao3uZs/WVEdz725sK:J1MZwlLk9Bm3uW/Wud2K36cn/wCY

Score
10/10
sodinokibiransomwarespywarestealer

Malware Config

Extracted

Path

C:\ProgramData\rdx2o789ek-readme.txt

Family

sodinokibi

Ransom Note
---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rdx2o789ek. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A35682333E0C09FB 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decoder.re/A35682333E0C09FB Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: zc0sO1jsuu6lhmlfx2julgVLn+bAnpSHAJDiDtOtZ/uPT0EblFcrAFtXxytqfcOx OkFMgUGBhm9bV1B+eM/DLQZMY28D70UnDtaNKYTv54w7GOU/fJDoHYelCEm2h32l t9ajq9QqpGra289oyT6emTh9DX1qF15wxLKDVHHxYDG5wziltqdG0EFZ8E5k905O qGMmePLGtz/CzOto+3bHvRQiuwnhEfL/EZqGS/z21B58Ej3WVRJoAPSwKWOolAkm kqYQty0ffqTLAT8/ZdTC+wE7czrKdWpgpva+3dzRdyPv4QgOYxRowS1RTJeV6z7V m1O/35Qg9CYK23N8xhiCr/vGxnM8RRYMDrpE2QCTGM7HRlesNGzJgYdnsfM/IMr/ fkB75Kxw87L4kz5ciyED2Dt2mJBftqkwzhZ+NygIfbHXXkZHPipxy3GDTkapBYpm kizb1Jw+wfFpv5PFmnNzXEQuKbT/QqfMOAW29Sj0xER/8lEqOcCDuw9nCTUcnY3M Sy0LECPK44z4J3knq7HUYvYHWYK2KNjPZW5oWW+k2Eh0LeIvOPPW8AYSPmrpWYMr RBbrHPX8NTfW1SFBzqMvdYORh4XRwCTiVptinBsX/zqzjH33MYbOusFHZV3KLl4H Zk4KeLP2W+RODm4eaHOKqZgfFT++4U+99W6QBBFeyZTrCEf+P5ZlTAxdkqjEKxrp l36wmDmQqxSKXPT/1OqgzNeMBmiybRr/Sr74xVR30ohBsgNL/8jezlUHTop7ikUl 1Ijlzo9rNKJXflnHyCjQ9qyP5XQVWTEzIcspuylLPFzPC1JEn6CrRgCuJN2kst9V Z125YIM5WjrtpaF/dJU3bpX43Jf8KuXf78OUi2MUE1GohLvcEuTc+AhoFSuXtZhF B6w3R7GyYLrzmbSYbxI/ku785Pe87+dTMPe8+u2A8EUxyDdpOmDeQDbi2ClmRoUJ J3oFc+svTXR4Tf77Hc5Fh3GUxKILIkHvMcUEYSM9thCKzSHHthjBOSoISoHD9/GA umcL1wJgiKKy1gqUhUuszMO2l03buv1p0LeRELvyJ1cdXBjuiAWwDP+OKui9PB2D gTlAjQO9wUeP1oEEwYcQ/rdSO2luYg3vgwQ/ey7SFRtXviOufkBbfI6xDXoFSjJW logJoyTFVYXgK+veZtZuI6FY2DUH2aQmU7GeWLjF8qnqbOgna7WFHn1lJCQ/2Bfk LVkNFN4nfir14rDJiBc1vfZ3VmKORKlnpQH/reHnteje/amstHW3Fi94ew/vbXER ucZAUj5TrCI/zVa4/VoCH960wtdVLXvRYBaeewamaGElTGXG7vrWXwT7hTn7THh/ 9Ewa3PfD/5B1UkCYN8B1cKwVoYeih61xrLuE0K0yN2f/9Rda ----------------------------------------------------------------------------------------- We will use the data gathered from your systems in future campaigns in 14 days !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!
URLs

http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A35682333E0C09FB

http://decoder.re/A35682333E0C09FB

Signatures

  • Sodin,Sodinokibi,REvil

    Ransomware with advanced anti-analysis and privilege escalation functionality.

    ransomwaresodinokibi
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 32 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\v2.exe
    "C:\Users\Admin\AppData\Local\Temp\v2.exe"
    1⤵
    • Drops startup file
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2368
  • C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    1⤵
      PID:5088
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2168
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2996
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\rdx2o789ek-readme.txt
        1⤵
          PID:6124
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
          1⤵
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:4148
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc209246f8,0x7ffc20924708,0x7ffc20924718
            2⤵
              PID:5232
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
              2⤵
                PID:5352
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:5332
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
                2⤵
                  PID:5380
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
                  2⤵
                    PID:5652
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
                    2⤵
                      PID:5880
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
                      2⤵
                        PID:5604
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
                        2⤵
                          PID:3964
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
                          2⤵
                            PID:3004
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                            2⤵
                              PID:2608
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3508
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                              2⤵
                                PID:1500
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
                                2⤵
                                  PID:3888
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                                  2⤵
                                    PID:5124
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
                                    2⤵
                                      PID:5420
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11498870868541568806,7930953864236573700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
                                      2⤵
                                        PID:5840
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:3476
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:5732
                                        • C:\Windows\system32\NOTEPAD.EXE
                                          "C:\Windows\system32\NOTEPAD.EXE" C:\rdx2o789ek-readme.txt
                                          1⤵
                                            PID:5284
                                          • C:\Windows\system32\NOTEPAD.EXE
                                            "C:\Windows\system32\NOTEPAD.EXE" C:\rdx2o789ek-readme.txt
                                            1⤵
                                            • Suspicious use of FindShellTrayWindow
                                            PID:3960
                                          • C:\Windows\system32\OpenWith.exe
                                            C:\Windows\system32\OpenWith.exe -Embedding
                                            1⤵
                                            • Modifies registry class
                                            • Suspicious use of SetWindowsHookEx
                                            PID:1868
                                          • C:\Windows\system32\NOTEPAD.EXE
                                            "C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
                                            1⤵
                                            • Opens file in notepad (likely ransom note)
                                            PID:5868

                                          Network

                                          MITRE ATT&CK Matrix ATT&CK v13

                                          Initial Access

                                          Execution

                                          Persistence

                                          Privilege Escalation

                                          Defense Evasion

                                          Credential Access

                                          Unsecured Credentials

                                          1
                                          T1552

                                          Credentials In Files

                                          1
                                          T1552.001

                                          Discovery

                                          Query Registry

                                          2
                                          T1012

                                          Peripheral Device Discovery

                                          1
                                          T1120

                                          System Information Discovery

                                          3
                                          T1082

                                          Lateral Movement

                                          Collection

                                          Data from Local System

                                          1
                                          T1005

                                          Exfiltration

                                          Command and Control

                                          Impact

                                          Resource Development

                                          Reconnaissance

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\ProgramData\rdx2o789ek-readme.txt
                                            Filesize

                                            7KB

                                            MD5

                                            767f8ed826b8ba850c8dbf16292b374a

                                            SHA1

                                            c6ae82d86590b1dd11f8ac97ece034c22db40abd

                                            SHA256

                                            743565dafbc576e9fa5360d90cc0b3e9ab0192f74257615f62613acf4286efe0

                                            SHA512

                                            41d664e54eb1ae412fc6ef604f56a8af69fc868550068844f3b4b2e4455d7da6356444b87db591ff6d30a6a208f8991b77214cc0ac1a97e916cfdf0a78118927

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            7c6d0df684a753a0833d5f03055d8458

                                            SHA1

                                            c33b2c1600fc04a090cc0809b54b80c7c90717c9

                                            SHA256

                                            9161544ad952e103ac764a2391bcd0cfd6f1d1f8af55d3b4f97d77cf46e7253f

                                            SHA512

                                            496de5ac7fe58c06090c8fccb841815fb8d23cd9fba6a0bfeea73ff30db028d93901addc4dad9a8cd006fb8d7bb9df2ce585dd95e918eca1493a5527e4a969e3

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            a080b85d22d6145228600e2d2deaeef0

                                            SHA1

                                            c325634ed40b6b67c14d74bea5162944b7f32bfb

                                            SHA256

                                            12f4541b08edbf0c358087a88a277919b557eb825d6a20a05ff78a5482693b15

                                            SHA512

                                            033131d89482f342f0c69a47ddd13705d1d99b8dd11ac198f1a19e3de1fde22151facce36a3f7064fa2e8deb78697f3df85af3ddfd8f35c9cda86c7b97df4423

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
                                            Filesize

                                            44KB

                                            MD5

                                            5ac0c7a2a515c9d67c6bab10e9ee3081

                                            SHA1

                                            881dc8c9da7dc23b265f5e2deb262c7acb783fe6

                                            SHA256

                                            141098557426fb9c5e3a1bcbbdf81d7c272b92313d751000cf78dd619971dc76

                                            SHA512

                                            f069e17aa8b786c1fccf05b3e931a1e4c1ff74d9b95e54a0611130607fbe7fdb1ef7e3ef7aacecec701b0b7269164da7860e2c11b09c77e1bb9dfcebb7788f8a

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
                                            Filesize

                                            264KB

                                            MD5

                                            593f729a7895986225aba8b5f3e2b99e

                                            SHA1

                                            0909712e06eb3347ec319702388d886238fb31cb

                                            SHA256

                                            9353e2cf8aa670f9ec7911b1382f4ababc164a792567f3db19309f0e3d026e19

                                            SHA512

                                            285551649c2175a7d1d5adf21dd7e0ac1e20d6957d65a711ced7fa6d6afd88831bfd312ce41034d37d3dc598a4eb626cc468a6644aed270bd709d54662ccb581

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
                                            Filesize

                                            4.0MB

                                            MD5

                                            be0981ef8d1134b9c9f19c89a60037f7

                                            SHA1

                                            a60a42b40a59acd326b6ae424f3f1a0ec620ba7e

                                            SHA256

                                            36409d74777c05c7f054c6eeb6f2b639b612677677dca40904b843750d2e479e

                                            SHA512

                                            f8244fdee89e580debe48db42da22ed6c484fd5ac630e4012403d7ceeb1662af0d04b90ff97f9be87f80682e828e038337e486abafc521562aa3a2651d71c72b

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                            Filesize

                                            70KB

                                            MD5

                                            e5e3377341056643b0494b6842c0b544

                                            SHA1

                                            d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                            SHA256

                                            e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                            SHA512

                                            83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
                                            Filesize

                                            322B

                                            MD5

                                            899ce3e9a64fd964a8709d74b4fefe17

                                            SHA1

                                            ff2c6469d29660763241bb37400348b50fca96f2

                                            SHA256

                                            0d189b4be64d66f16ec21bc3a13d9b37c93eab74ce820e1aac88981ac4dd3e59

                                            SHA512

                                            2f36c7b11f2ca36dbefded1533ea0e33dbc2536828694cc2c77b7236f0483aeb50c0d8ac0e1a795c7b0d916ed29c758e9041f96b6d12c496c42b078c724e97ae

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
                                            Filesize

                                            331B

                                            MD5

                                            5ed4da7954fb63c1c75ebdb0ca9e7f34

                                            SHA1

                                            9f561c7451a26730d8c6be809bea1ad6bb98961f

                                            SHA256

                                            24c2ab0b46e898c5e96a4fe2ab736b47b56c1ab13833f40ffc468d3078e54307

                                            SHA512

                                            b71638df4b689967d72ab49cd2da5d0d1f682fe3e8bf7e41cb824b2a4250e768ccfd0caba6a9db890ec669773c924d23df53f09b93657b7030a81fc3fb129beb

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            bd6c472db87764d15bf0b2ce071ecba2

                                            SHA1

                                            c79785a7babe9226234de3f8eb3e3a78d7b459ca

                                            SHA256

                                            6360ab86533f6e4e14730fd20e49cf230945a246692c168900a473d735847b7b

                                            SHA512

                                            adb39653b51b8a97b71cdf177dc993c73d719e59dd58417332992a10c87eff0aadc84c7f0d74f5929dbf9a1050eab970dd586b5c6c09c7c293ad1809badf761c

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            85a7eae0b5b88ee767418dd3033ae30c

                                            SHA1

                                            a0329bcc6565e003d256c3265e219d7f13b00a7b

                                            SHA256

                                            741d3a9d5f6a52bc85ff03e139eca70b45e6d85c543b083d5e30cfd9e827fddc

                                            SHA512

                                            7ad75edc3698176a83d0aab15560bd7d91d0164b27b0350807d98fe8f067c32de837772aaa819c2d07b424908c772e93f80a74e0e668db8496087bf658053ef0

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            7b5b65d344b90c3b7eea54962a710437

                                            SHA1

                                            565ab6bd624aad5b7a97629a79226dd0af1d7782

                                            SHA256

                                            40152f92c6f8b0c00a3d4f28e46450f48ed58ead0b5749c192d66d476bab1012

                                            SHA512

                                            7e52f24d8cbccc1bf5e6b695cba071947b7398374abafc21982117427b7d3713b8bd9102e0ea2238269c88f806628765aaaf0bd040487cffcae1523f1dbd11d6

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                            Filesize

                                            24KB

                                            MD5

                                            5b2cea66cc52717de1f148f12f2318ec

                                            SHA1

                                            c712fc76b646b78e2355a6b0a775c15b226ade36

                                            SHA256

                                            364db53390fb32f06c45f5e3b9a14ba995a9862058761f6d3069dce0ce80b764

                                            SHA512

                                            cbada8242f2f6f1c37e1b90f9c3d8d4d7e7aa54c501f0765064011345abd83405940fd04337529a386e808387a6eff27fb823eae417084891233cc92243ad332

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                            Filesize

                                            24KB

                                            MD5

                                            d9ca38e66a40a8f107795903ec9cedd8

                                            SHA1

                                            1e3440c1796d0bf295c8432307c070f4662dc6db

                                            SHA256

                                            dd14ac9715e321dc0a6dd7ff223893d4bb157a97c46e658cb225b7927e4a9585

                                            SHA512

                                            7901541a3b9c4afbab6b5f29b92f4572ac8d62001590df5118119a249f7925ad62e0b4f52a5e077c3656bb417587f1ad897bf762859aebf078d994adf142cae0

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
                                            Filesize

                                            137B

                                            MD5

                                            a62d3a19ae8455b16223d3ead5300936

                                            SHA1

                                            c0c3083c7f5f7a6b41f440244a8226f96b300343

                                            SHA256

                                            c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

                                            SHA512

                                            f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
                                            Filesize

                                            319B

                                            MD5

                                            20a9a40d1d00a098c2bbe516289518fd

                                            SHA1

                                            edf89a659d2df9c214eef9876dbbb2010d552452

                                            SHA256

                                            bedb8f4567e139bae31a559b467373efb1297e0d9507f2a102b5ff36ced9cbef

                                            SHA512

                                            8c9e843109ef40ec7a1b1e04d606db71dba485b6d2b2a0d07a836f66b1227a7bc8a545142572d3eb013536a6048e2b72225635a42ad796e7b4221195260c5a89

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13357331530747229
                                            Filesize

                                            1KB

                                            MD5

                                            08477da0f1b3402980a863f3500e9057

                                            SHA1

                                            2ced21a86b8a7a7eb3f1c3c5fbc278898edf0619

                                            SHA256

                                            57426281aed5e32044ce26a0911a560c00b2367f63d70f833a796a5b1a987b21

                                            SHA512

                                            1db8b4db9c9dcc309a753e106593c6ac3b2a281b34835e097199e5ff6ba4e5433db18c83eee917baaa48e287aad52752bcfa6beba802b43da028e383fb04311f

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357331531067229
                                            Filesize

                                            933B

                                            MD5

                                            e839a10fca889712feebb46ad3854318

                                            SHA1

                                            eebd267136bb419bc8a0de8aba26576caf97a5e0

                                            SHA256

                                            b9ce8ff2a7b9f8b1d67fd450af9c78f95496852a47aca8c21ba943769de41974

                                            SHA512

                                            b66f0ec0bdbceed0512ed4c9eafcc36126b5af4abdd04fe48cc8dc7e05ca1f1b3938137ea1023ae17454e29e06ef97956a2b9ced271ef2563913a4c038b756ae

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                                            Filesize

                                            350B

                                            MD5

                                            e3bbb18642d8dbe93af46aaef42b98ea

                                            SHA1

                                            deb021031a70f6e6338d294a06208b39fa9c2417

                                            SHA256

                                            ce7600fd30fc40dce4c424bfce06646667304538c42874385f453f4a830f0dc4

                                            SHA512

                                            b9fa0e128fcc8246efa0d22ca51709745b7b8e31f9b52ffa0fa4c60f4bd32592f97df134919de21f81ed29ff0ec6aa88968ba801cefa3f74842127d52af4be55

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                                            Filesize

                                            326B

                                            MD5

                                            0c5de0caedaa04e45b89d6bc8a5dae12

                                            SHA1

                                            282e4dd7be51de22f6e6b1169836d1f5bf184b00

                                            SHA256

                                            25e04e9837e5cc0bde2734240f4222792f1916f74003227e159f1b2e075141e4

                                            SHA512

                                            bf5ea4928f2b7a0a4930f906267abdc7ef1db2b77c2fdff14128e4f32719766875bbd3a0bf51f5c18fd55d0e34f2c64f2655fc110518fde4430bdde948d1b9ea

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            6752a1d65b201c13b62ea44016eb221f

                                            SHA1

                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                            SHA256

                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                            SHA512

                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
                                            Filesize

                                            139B

                                            MD5

                                            9c5ef30cc19321cc97627a367f601dbd

                                            SHA1

                                            7872acb991c7f100d3d1d0ccb94f1cd03b3c1c1d

                                            SHA256

                                            b16f489de8941973886b0142604bdd2bdc96bd0bf0a5d6cca96f4b6c96a23b09

                                            SHA512

                                            5ae54b8729bccb6587259242afb7e2e965e4da0b3bb2a64d43811869f45973e6421af21cf22d74b2ba3b815cc93d4116a18e5e204b1d3c8eaa99e8517220cab3

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
                                            Filesize

                                            50B

                                            MD5

                                            031d6d1e28fe41a9bdcbd8a21da92df1

                                            SHA1

                                            38cee81cb035a60a23d6e045e5d72116f2a58683

                                            SHA256

                                            b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

                                            SHA512

                                            e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
                                            Filesize

                                            206B

                                            MD5

                                            6f5deb01a798ca228d72141645e7c047

                                            SHA1

                                            3c3cf12d95e07c7e67182ee86b5817daaf2da6b8

                                            SHA256

                                            66950cfde0ba8429fd16a63bd02e09e3cbf615dcaa34628a2e854cab22848bdb

                                            SHA512

                                            ef7207a711ab35a0b30444d8cd1b2628115a89fcde79b90ee15fae73d4af1692559ec728f12059c116599b182e0a871a79d08f7d246e436beb0caa74b74508a2

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
                                            Filesize

                                            322B

                                            MD5

                                            941c9af8f2e80ce6ffaa5ce69fa6e2c6

                                            SHA1

                                            c03ab56381558dd8656f691f9d2d965246536c10

                                            SHA256

                                            d9cdae4bc3e0fc2d7b210cceae548d0274f339ba201d76defac6554f3d826d28

                                            SHA512

                                            ace8e0843c868429189db1942e7d382f198da4c7c43d56f1ddd9df30939d9e098573569f703e523a58b74ec8c85b752c28039da03a3464c933d3ab00103de185

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
                                            Filesize

                                            560B

                                            MD5

                                            c49983c0c01fb338ad3db971fb24b87a

                                            SHA1

                                            bb75ac3a57f32f06c57ca18a18485166f3ca4510

                                            SHA256

                                            fa8040287447ed8cc1f0b5f053effc5e4d4c9cae67d79c92c12a36fc92ef1d88

                                            SHA512

                                            282ee2e489efb1f8a967ceae856cf094e563ddf22a8b17cd17deb615269e30f3e8e960213928b5aff44e628e6258a878ab89e591fe88f8babda2d991787b47f4

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
                                            Filesize

                                            340B

                                            MD5

                                            1bb56f961fde0560cdf6d8a5e45303df

                                            SHA1

                                            71e5e415d526618407303b08350ca277f4ec0f0a

                                            SHA256

                                            4a70501fd9c5e6dea698c7ffcbdcb5ac463e7a23930cc903d2310bf111af4b0d

                                            SHA512

                                            858636f3a5d8fc916dbe52f7fa54b07e380307b3555606fa3c2e8c30569927c67ec49c26f56809c570e98702becc8c7f05205ef56c78cc6b9512634a1b92e1a4

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
                                            Filesize

                                            44KB

                                            MD5

                                            0d1570b41793aa89bc59d5f1347f7b62

                                            SHA1

                                            73795846623d43fcce4a24cabd4e49334690fb6b

                                            SHA256

                                            933c66cba5758992b887c2e127834c501caffd521a4669e093f83352e56497d8

                                            SHA512

                                            7610b876abff6450b241ae81273999f51b5967e1a486c9ef2ad6eddcad62d94fb8a1429edd56a48729902366b0235adf6ffbb32b45f049d89aef3647cc4585a7

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
                                            Filesize

                                            264KB

                                            MD5

                                            0cd25ef3b2657aab49166140471e63c4

                                            SHA1

                                            1f4f3bbcb36bf891a6bf4ed9f76f02cdddb0526b

                                            SHA256

                                            6cef701e62eb0f258209dd5955df0300fd834d61098cf5d92f368b4f1a9667d7

                                            SHA512

                                            7f273146850913bbc1c6e0cb1d9c0ac67beed15c05f65bea5dbcf3e26dafc331e62f6bb07033a7fea5a71d96aaf063fecaf726f28a75b737a40c6dcb1aa54bb6

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
                                            Filesize

                                            4.0MB

                                            MD5

                                            446bce5ba63a0a00bb79b6de9707cb70

                                            SHA1

                                            f6ac41ca0e219b9090ed807161ec304944d021f1

                                            SHA256

                                            c911974680aa4b324891dc734a657f3f345e67d837341335fd4caf224801a9b0

                                            SHA512

                                            7a6910d745b34c5ec8096256548eea222ac310259384cc8b08623d77a61165ceb2e774052602da43ce5cb2f918277d1fcaa660d34191a6bd923937138dfcfb5f

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            10KB

                                            MD5

                                            60be8f2cc59b704b3415f9adfb92e326

                                            SHA1

                                            768beab13b8eb1938cc77dfe35a8553dbafa613d

                                            SHA256

                                            231c1aa5d8df427323a21c5ed9500e75b390f4760801cd6a9818b13d5b6492a3

                                            SHA512

                                            478cd232382cc1d2ca03642e1af544076b0fef88c13c9c7e347676c1e045043214cdb0efe9d030677aa8d1eec952b56e21aff0e398f411f650eb3f2c270bd13e

                                            Download Submit
                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State~RFe58fb82.TMP
                                            Filesize

                                            10KB

                                            MD5

                                            9439cf375cfef3c1e78b8ae3d3fe0adc

                                            SHA1

                                            78b41d0cdf5f8138946f556facf38be7e091bf61

                                            SHA256

                                            39d706012aeb27049385cf42e04276a7f71be0aedc97cc07d807eecbe582cff9

                                            SHA512

                                            733a30edb653989c432212588fa0db810bbaaa5a97c97ce8407d1c053f1e7f6ce28b05a6864ee192e416d03695fab7931e8790ae2a060fac342c062e4683f10b

                                            Download Submit
                                          • C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
                                            Filesize

                                            170KB

                                            MD5

                                            a5a15ed9aed042f2c54d58076aac88c8

                                            SHA1

                                            1e33b343011b8d7cf489246b169327e5eb07190e

                                            SHA256

                                            d1c38b8a2c35057c3dde6e86de06e111fc45774d0809d171e887880b7b8ae2c5

                                            SHA512

                                            5d62f9780f95b510c738cd16ae8928a47ffafe2e9db69175bdee67c8984155235f70d492784ab69c159cca4ff6820c021ae97ca2d1cd1893fc5e8c8760a9cbb4

                                            Download Submit
                                          • \??\c:\users\admin\appdata\local\microsoft\edge\user data\crashpad\settings.dat
                                            Filesize

                                            384B

                                            MD5

                                            883a7ed954386b32f9d368d09bbd5323

                                            SHA1

                                            cd53f137d9cf5a4d62caa47d72be6bd1119fd321

                                            SHA256

                                            cfd59d2424f5978ea119a585cffead72b7d3f0e7842f4bb32a7d3cfa8ebe623f

                                            SHA512

                                            c71c2d3bccbc992f4a8d8d75ddd144e5619aa84cf6a7cb034918f8f8c99ea7fcaa17c56c49d51f8f1aceb8099b8501fd626438a4f79f4d5d64af05e5f5319aba

                                            Download Submit
                                          • \??\c:\users\admin\appdata\local\microsoft\edge\user data\default\Secure Preferences
                                            Filesize

                                            24KB

                                            MD5

                                            3adb3b22df3f705bff78a834793db053

                                            SHA1

                                            9709dfec4154c044dc6e0943af7121aad6df7c3c

                                            SHA256

                                            07d1fcb54af3641a8caebad3718ade8bc2092362661debc2480992f8419a62a0

                                            SHA512

                                            5dd524bdaa5c4b898187569ec4b9f7db1ff8da1b80771076d26716286b74f3ac86000dd34387e30e34592b79d2ee0d5be00a69b3480742c1f4d9bf50d3662a1f

                                            Download Submit
                                          • \??\pipe\LOCAL\crashpad_4148_RCKLAKVTZAPRPQNB
                                            MD5

                                            d41d8cd98f00b204e9800998ecf8427e

                                            SHA1

                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                            SHA256

                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                            SHA512

                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                            Download Submit