Overview

overview

3

Static

static

3

Patch-BBT.exe

windows7-x64

3

Patch-BBT.exe

windows10-2004-x64

3

Resubmissions

03/07/2024, 18:16

240703-wwggda1gmk 3

03/07/2024, 18:15

240703-wv5gta1gkp 3

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Patch-BBT.exe

  • Size

    2.4MB

  • MD5

    537cf278960705c0682c2a443bf235a4

  • SHA1

    3305446365a260f3d2e2d5437cccb6dff5816ed9

  • SHA256

    e2b3c3d7de982f2a7abbc34300cba1dea4d52af24e88b4d944ff938fbfa479c3

  • SHA512

    0fc0a73a29b6c2b10a654ce47130c703253d23ebeb3e12c24f30ff60ce367ed316d69d24daf1e72a53c8e1faa2e57beec515543b1849b4ccc49e1327db8e4848

  • SSDEEP

    49152:nB+Sz9p93mo5O3xT46FemiJPRQFoQ1vIn0OhmHhE9u8m+:n/j3Vg314fmisyQtIn0SmHh+uc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Patch-BBT.exe
    "C:\Users\Admin\AppData\Local\Temp\Patch-BBT.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4844
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://glasshousecommunit0.wixsite.com/blackboneteam
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4332
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9348d46f8,0x7ff9348d4708,0x7ff9348d4718
        3⤵
          PID:3852
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
          3⤵
            PID:1632
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:644
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
            3⤵
              PID:4024
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
              3⤵
                PID:3548
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                3⤵
                  PID:4468
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
                  3⤵
                    PID:5004
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4708
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
                    3⤵
                      PID:2200
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                      3⤵
                        PID:2492
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
                        3⤵
                          PID:2836
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
                          3⤵
                            PID:5312
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5364 /prefetch:8
                            3⤵
                              PID:4304
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5388 /prefetch:8
                              3⤵
                              • Modifies registry class
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3988
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                              3⤵
                                PID:2976
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
                                3⤵
                                  PID:5152
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
                                  3⤵
                                    PID:5540
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
                                    3⤵
                                      PID:5624
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
                                      3⤵
                                        PID:5908
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
                                        3⤵
                                          PID:4356
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
                                          3⤵
                                            PID:5512
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
                                            3⤵
                                              PID:2836
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
                                              3⤵
                                                PID:5528
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6327334272850670818,1817816215056984750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
                                                3⤵
                                                  PID:5596
                                            • C:\Program Files\VideoLAN\VLC\vlc.exe
                                              "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\DismountSync.mpv2"
                                              1⤵
                                              • Suspicious behavior: AddClipboardFormatListener
                                              • Suspicious behavior: GetForegroundWindowSpam
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SendNotifyMessage
                                              • Suspicious use of SetWindowsHookEx
                                              PID:3956
                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                              "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
                                              1⤵
                                              • Modifies Internet Explorer settings
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SetWindowsHookEx
                                              • Suspicious use of WriteProcessMemory
                                              PID:3772
                                              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3772 CREDAT:17410 /prefetch:2
                                                2⤵
                                                • Modifies Internet Explorer settings
                                                • Suspicious use of SetWindowsHookEx
                                                PID:4248
                                            • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                              "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "C:\Users\Admin\Desktop\SyncOut.dotx"
                                              1⤵
                                              • Checks processor information in registry
                                              • Enumerates system info in registry
                                              • Suspicious behavior: AddClipboardFormatListener
                                              • Suspicious use of SetWindowsHookEx
                                              PID:3444
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:812
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:3616

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                                                  Filesize

                                                  471B

                                                  MD5

                                                  63a2d2b4cdc269762fe4bdb8cdfde7f8

                                                  SHA1

                                                  5cce14e5285ce9844b164d37de9f4ad0acc7880f

                                                  SHA256

                                                  8e323e0354939fd301d8db011a0b007476c93e0e048100922e3e59e34b04f716

                                                  SHA512

                                                  db3b35b23c3088fdf8f5215d8f9149e717d871be0c7b69541aba232e6f829e18d9d074b53f173387985a3ba4df1c016ec5b75f4387d6123c6c1ba3113c43dec9

                                                  Download Submit

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                                                  Filesize

                                                  404B

                                                  MD5

                                                  89ed05cf47d81cc3a5d560c7f323c230

                                                  SHA1

                                                  e843e4a9379c665725573051d937401f3a2a665b

                                                  SHA256

                                                  0059042b7d9947b1c6c948c138628b7e94062dcd85d018a6635f29936907d6b4

                                                  SHA512

                                                  36036ea704eb640874025bb0d36599d39599d8392213df0d0bbddd0d2ef95faf2d38407aa6d6580295fc6058aaac73ecbc71ff01cc21e28e92340fe7c0f84a3c

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  c39b3aa574c0c938c80eb263bb450311

                                                  SHA1

                                                  f4d11275b63f4f906be7a55ec6ca050c62c18c88

                                                  SHA256

                                                  66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

                                                  SHA512

                                                  eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  dabfafd78687947a9de64dd5b776d25f

                                                  SHA1

                                                  16084c74980dbad713f9d332091985808b436dea

                                                  SHA256

                                                  c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

                                                  SHA512

                                                  dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  acf8a27beccfcd441e10a9c00eead265

                                                  SHA1

                                                  b18c00535a56506052ede7e0647644cf71556960

                                                  SHA256

                                                  ba799e0bf75a499552fcdd9b58a4e9d9724e2732fc18653704ca2ba63cf2bb03

                                                  SHA512

                                                  2765fbb167ef44ad46aa85bd60eae4746fc0d26db5e7f3ac1d8452bdb10c2ca3b4dd0c7b523a248405916eb34cf62fad57a84186f2349aa61d21d8b1dadf9c0e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  111B

                                                  MD5

                                                  285252a2f6327d41eab203dc2f402c67

                                                  SHA1

                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                  SHA256

                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                  SHA512

                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  55975c0bfaa649312997d441a0714b1c

                                                  SHA1

                                                  ecf6e425a6f1df2b4df4870af311ad035653913e

                                                  SHA256

                                                  cbc88cf33be84641f40f412ae94ce80507dddbf3ea6c1f4745934757d601db9e

                                                  SHA512

                                                  c30627c0bd8aaf5cf5816562a4414076a35ce8ff13173415763ce3bf5e06c02ba542592c7ee2433d53f7ee31bf64ba60d2748784ba47e43876c5673e42e0df84

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  5c69c33c5428daf734d9e1b7c9b91742

                                                  SHA1

                                                  f6c7b11661ac04931bbf0e8bdb80eb7d081ffce9

                                                  SHA256

                                                  909429bed4b357a1b22366a270ae3a67ed0232b17246d077b26ff6566b3ca9ce

                                                  SHA512

                                                  c470dc633df0ffad2738484273cb651fef90a6dd94c7af4b3efd543da74dad383ae1c4a5fc88e4dbf709ee4b95a6ec2ab2b4f2e054831fa79a4baa37b002a8e2

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  7KB

                                                  MD5

                                                  a887128b46c33d176f0a35475f86cebb

                                                  SHA1

                                                  93e675e582c7ed30a267981699c35a67359d736d

                                                  SHA256

                                                  8948d305ff9cc037210df064e7928c1fe1da6bdddd56e4ee65502fcfe8cc5200

                                                  SHA512

                                                  6c4e44578847dc426521adc5029c1cb96e552970c838c82ae563c99baff65059283755694418e9b4a11d1f537db2bc9b8fe13344572f4868c006db22ca1dc14d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  f182412ec2cd6e6648ddb33c6d44fee3

                                                  SHA1

                                                  de8a98d1df4747a9f777b2753e8550294f713982

                                                  SHA256

                                                  20cebb88cccbee97ecf88435f1d11a055da24fbc3210702e4789cbe2ca6fe258

                                                  SHA512

                                                  f86111f4e6c2afeffc83a84d4536883e9124314a0480d2393625bda115f17b690d754d43be28509c505737bdcc1391d6b828e0e111c0bc09b9dfb0fe7281f685

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  8ee6fe09130c4b3325ce31f34d694841

                                                  SHA1

                                                  b2364170c5fa73423e179dc5cd4e290f7d75d4a6

                                                  SHA256

                                                  c34798fde9546b263bd9feee8ab6e94d19b7f8f591d51d941b91864f5b3c7c62

                                                  SHA512

                                                  e2f3b4c5c34a01f5d54f6e2e86aab123be7e4d7b83a7fe71598d9790624d285b77e4d9d5c60d0c88b3e2ce3e67d3efe3245a1e50696e8cf1f96ddfecdb2dd162

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588e02.TMP
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  a7389897b00fbc12ae7ea2d3fbd11e6e

                                                  SHA1

                                                  2ec99d6020e4145d4ea1881cc580a47aaa04f9e6

                                                  SHA256

                                                  a86f84db43ac501d53e1849b7a222364fa90f761626e4c2684e08a0d4435b5ae

                                                  SHA512

                                                  9ad5c0f403038491cec7084331939921118136f52e0e2d89ce6fea8267942b94ee98c8f5ce622f900ca4186df4f67058e815a0f46a26b85c7d5c55420dd272cc

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  50248c3bf92a10fcfdac9c2f4a65a9dd

                                                  SHA1

                                                  2f29744d6688ef5dede1a978709e739075228272

                                                  SHA256

                                                  ae04802648f370ae5b202a2b5fd9dc16cd08aca6d16d9af58f765069d0c97a95

                                                  SHA512

                                                  e37c16bacdf22377a2be987c0f436826d533ed0e4e0e9bbbcb3984bbe9d0523959077a320db56ca3c78196a7cc3291a117d6472c4aebb6737811ee39af9d3474

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  29b783735cefb6628544382e0f0590e7

                                                  SHA1

                                                  c95ddf56b4d8f55498a957594bcffd0f3f3d9e41

                                                  SHA256

                                                  24bfc2b6684a6b4ed451be43e87e2729cc475eb610ec0867316d38a297410911

                                                  SHA512

                                                  002a09a4cbb7a5ef336085ece0b53a35dbe97a31e0eeed42b58687f24e5f101d2b916dd5e88a5941a198ea5cbf4f1647de3db81e7edbc31afdf2818e7de18166

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver53F7.tmp
                                                  Filesize

                                                  15KB

                                                  MD5

                                                  1a545d0052b581fbb2ab4c52133846bc

                                                  SHA1

                                                  62f3266a9b9925cd6d98658b92adec673cbe3dd3

                                                  SHA256

                                                  557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

                                                  SHA512

                                                  bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  916eb0308ebe88dfbeeb379c41146b6f

                                                  SHA1

                                                  9a75ed99e2d0c86207eaf197cd6e9d9e7bdf7646

                                                  SHA256

                                                  e9698dc4e7b99698b26bf993003d3318c06a46cb758686006bb255892ae2df2b

                                                  SHA512

                                                  6f8bac880e742a457436f8f54f0f6da9d9076b383ab5a00a7beac91160e72d81bd9b111a9f9b13a52d2e875d405f50a185a26d794a143260973c5d8134e7ac77

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  4396510018bb8f4687240a75af19db40

                                                  SHA1

                                                  62303128d935cbe075197b4a1ef885d95a3fad2a

                                                  SHA256

                                                  890009d015695e7acaf04e61ef69f79031ff2c9429cff364fda9aaff20ad72ad

                                                  SHA512

                                                  e0e2a1283280d7684ef91dad6b148ee3fcfe7598b852ad9ebb1822488c598e8cb42baf2e626de87f5722b3d04db6b088899078101e10590a5bbcc0c8407208f8

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\suggestions[1].en-US
                                                  Filesize

                                                  17KB

                                                  MD5

                                                  5a34cb996293fde2cb7a4ac89587393a

                                                  SHA1

                                                  3c96c993500690d1a77873cd62bc639b3a10653f

                                                  SHA256

                                                  c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                                  SHA512

                                                  e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                                  Download Submit

                                                • memory/3444-46-0x00007FF918E30000-0x00007FF918E40000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/3444-47-0x00007FF918E30000-0x00007FF918E40000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/3444-103-0x00007FF918E30000-0x00007FF918E40000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/3444-104-0x00007FF918E30000-0x00007FF918E40000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/3444-102-0x00007FF918E30000-0x00007FF918E40000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/3444-101-0x00007FF918E30000-0x00007FF918E40000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/3444-52-0x00007FF916DD0000-0x00007FF916DE0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/3444-51-0x00007FF916DD0000-0x00007FF916DE0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/3444-50-0x00007FF918E30000-0x00007FF918E40000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/3444-48-0x00007FF918E30000-0x00007FF918E40000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/3444-49-0x00007FF918E30000-0x00007FF918E40000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/3956-30-0x00007FF94A3C0000-0x00007FF94A3D8000-memory.dmp

                                                  Filesize

                                                  96KB

                                                  Download

                                                • memory/3956-34-0x00007FF938A70000-0x00007FF938A81000-memory.dmp

                                                  Filesize

                                                  68KB

                                                  Download

                                                • memory/3956-45-0x000001E9FDE10000-0x000001E9FF67F000-memory.dmp

                                                  Filesize

                                                  24.4MB

                                                  Download

                                                • memory/3956-39-0x00007FF937720000-0x00007FF9387D0000-memory.dmp

                                                  Filesize

                                                  16.7MB

                                                  Download

                                                • memory/3956-40-0x00007FF9376F0000-0x00007FF937711000-memory.dmp

                                                  Filesize

                                                  132KB

                                                  Download

                                                • memory/3956-77-0x00007FF937720000-0x00007FF9387D0000-memory.dmp

                                                  Filesize

                                                  16.7MB

                                                  Download

                                                • memory/3956-41-0x00007FF9376D0000-0x00007FF9376E8000-memory.dmp

                                                  Filesize

                                                  96KB

                                                  Download

                                                • memory/3956-42-0x00007FF9376B0000-0x00007FF9376C1000-memory.dmp

                                                  Filesize

                                                  68KB

                                                  Download

                                                • memory/3956-43-0x00007FF937690000-0x00007FF9376A1000-memory.dmp

                                                  Filesize

                                                  68KB

                                                  Download

                                                • memory/3956-44-0x00007FF937670000-0x00007FF937681000-memory.dmp

                                                  Filesize

                                                  68KB

                                                  Download

                                                • memory/3956-37-0x00007FF938820000-0x00007FF938A2B000-memory.dmp

                                                  Filesize

                                                  2.0MB

                                                  Download

                                                • memory/3956-38-0x00007FF9387D0000-0x00007FF938811000-memory.dmp

                                                  Filesize

                                                  260KB

                                                  Download

                                                • memory/3956-29-0x00007FF939250000-0x00007FF939506000-memory.dmp

                                                  Filesize

                                                  2.7MB

                                                  Download

                                                • memory/3956-32-0x00007FF93BC80000-0x00007FF93BC91000-memory.dmp

                                                  Filesize

                                                  68KB

                                                  Download

                                                • memory/3956-33-0x00007FF93B620000-0x00007FF93B637000-memory.dmp

                                                  Filesize

                                                  92KB

                                                  Download

                                                • memory/3956-28-0x00007FF949B40000-0x00007FF949B74000-memory.dmp

                                                  Filesize

                                                  208KB

                                                  Download

                                                • memory/3956-35-0x00007FF938A50000-0x00007FF938A6D000-memory.dmp

                                                  Filesize

                                                  116KB

                                                  Download

                                                • memory/3956-36-0x00007FF938A30000-0x00007FF938A41000-memory.dmp

                                                  Filesize

                                                  68KB

                                                  Download

                                                • memory/3956-31-0x00007FF93BCA0000-0x00007FF93BCB7000-memory.dmp

                                                  Filesize

                                                  92KB

                                                  Download

                                                • memory/3956-27-0x00007FF641100000-0x00007FF6411F8000-memory.dmp

                                                  Filesize

                                                  992KB

                                                  Download

                                                • memory/4844-0-0x0000000074D0E000-0x0000000074D0F000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/4844-9-0x0000000074D00000-0x00000000754B0000-memory.dmp

                                                  Filesize

                                                  7.7MB

                                                  Download

                                                • memory/4844-8-0x0000000074D0E000-0x0000000074D0F000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/4844-7-0x0000000074D00000-0x00000000754B0000-memory.dmp

                                                  Filesize

                                                  7.7MB

                                                  Download

                                                • memory/4844-6-0x0000000002A70000-0x0000000002A7A000-memory.dmp

                                                  Filesize

                                                  40KB

                                                  Download

                                                • memory/4844-5-0x0000000074D00000-0x00000000754B0000-memory.dmp

                                                  Filesize

                                                  7.7MB

                                                  Download

                                                • memory/4844-4-0x000000000AEB0000-0x000000000AF42000-memory.dmp

                                                  Filesize

                                                  584KB

                                                  Download

                                                • memory/4844-3-0x000000000B380000-0x000000000B924000-memory.dmp

                                                  Filesize

                                                  5.6MB

                                                  Download

                                                • memory/4844-2-0x0000000007530000-0x0000000007B86000-memory.dmp

                                                  Filesize

                                                  6.3MB

                                                  Download

                                                • memory/4844-1-0x00000000005B0000-0x0000000000814000-memory.dmp

                                                  Filesize

                                                  2.4MB

                                                  Download