Analysis Overview
SHA256
a3bf251467b84ebd22359e7b2c8b0d9c50fcbc035445116d596e063281872e1e
Threat Level: Known bad
The file VenomClient.exe was found to be: Known bad.
Malicious Activity Summary
ElysiumStealer
ElysiumStealer Support DLL
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Program crash
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-03-16 22:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-16 22:26
Reported
2023-03-16 22:56
Platform
win10v2004-20230220-en
Max time kernel
1757s
Max time network
1710s
Command Line
Signatures
ElysiumStealer
ElysiumStealer Support DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VenomClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VenomClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VenomClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VenomClient.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8f48b74a-73b9-4cbc-a2bd-dfff15032b65.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230316232643.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\VenomClient.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\VenomClient.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\VenomClient.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "8" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 = 78003100000000005456e2951100557365727300640009000400efbe874f7748705651bb2e000000c70500000000010000000000000000003a0000000000e04c4e0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\NodeSlot = "11" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\MRUListEx = ffffffff | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "10" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\NodeSlot = "12" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0 = 50003100000000005456d59e100041646d696e003c0009000400efbe5456e295705651bb2e00000084e1010000000100000000000000000000000000000000127e00410064006d0069006e00000014000000 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\MRUListEx = ffffffff | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295" | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\VenomClient.exe
"C:\Users\Admin\AppData\Local\Temp\VenomClient.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff986dc46f8,0x7ff986dc4708,0x7ff986dc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1288 -ip 1288
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 1084
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7ee505460,0x7ff7ee505470,0x7ff7ee505480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4468 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x484 0x3fc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,16550715327641917450,11449872179288183740,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3832 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\VenomClient.exe
"C:\Users\Admin\AppData\Local\Temp\VenomClient.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3644 -ip 3644
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 1056
C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper.exe
"C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper.exe"
C:\Users\Admin\AppData\Local\Temp\VenomClient.exe
"C:\Users\Admin\AppData\Local\Temp\VenomClient.exe"
C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe
"C:\Users\Admin\Downloads\ExtremeDumper\ExtremeDumper-x86.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Users\Admin\AppData\Local\Temp\VenomClient.exe
"C:\Users\Admin\AppData\Local\Temp\VenomClient.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1744 -ip 1744
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 1132
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff986dc46f8,0x7ff986dc4708,0x7ff986dc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8365540637008005045,4209033203535586897,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| NL | 8.238.179.126:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.176.139.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.146.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| DE | 104.126.36.122:443 | r.bing.com | tcp |
| DE | 104.126.36.99:443 | r.bing.com | tcp |
| DE | 104.126.36.122:443 | r.bing.com | tcp |
| DE | 104.126.36.99:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 122.36.126.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.36.126.104.in-addr.arpa | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IN | 20.190.145.142:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| IN | 20.207.73.82:443 | github.com | tcp |
| IN | 20.207.73.82:443 | github.com | tcp |
| US | 8.8.8.8:53 | 142.145.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 32.18.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.73.207.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| IN | 20.207.73.85:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.73.207.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 52.182.141.63:443 | tcp | |
| US | 8.8.8.8:53 | 97.238.32.23.in-addr.arpa | udp |
| NL | 8.238.179.126:80 | tcp | |
| NL | 8.238.179.126:80 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 131.253.33.203:80 | tcp | |
| US | 8.8.8.8:53 | 203.151.224.20.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | ufile.io | udp |
| US | 104.21.66.22:80 | ufile.io | tcp |
| US | 104.21.66.22:80 | ufile.io | tcp |
| US | 104.21.66.22:443 | ufile.io | tcp |
| US | 104.21.66.22:443 | ufile.io | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | client.crisp.chat | udp |
| US | 8.8.8.8:53 | image.crisp.chat | udp |
| US | 8.8.8.8:53 | settings.crisp.chat | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 104.18.29.91:443 | settings.crisp.chat | tcp |
| US | 104.18.28.91:443 | settings.crisp.chat | tcp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| US | 104.18.29.91:443 | settings.crisp.chat | tcp |
| NL | 142.250.179.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 22.66.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.29.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 104.18.29.91:443 | settings.crisp.chat | tcp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 104.18.29.91:443 | settings.crisp.chat | udp |
| US | 104.18.29.91:443 | settings.crisp.chat | udp |
| US | 8.8.8.8:53 | client.relay.crisp.chat | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | store-eu-hz-5.ufile.io | udp |
| DE | 5.9.136.216:443 | store-eu-hz-5.ufile.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.169:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 216.136.9.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.25.221.88.in-addr.arpa | udp |
| DE | 5.9.136.216:443 | store-eu-hz-5.ufile.io | tcp |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.195.152.in-addr.arpa | udp |
Files
memory/1288-133-0x0000000000790000-0x0000000000B50000-memory.dmp
memory/1288-135-0x0000000005410000-0x0000000005420000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aaeb1f5e097ab38083674077b84b8ed6 |
| SHA1 | 7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2 |
| SHA256 | 1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef |
| SHA512 | 130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda |
\??\pipe\LOCAL\crashpad_4400_IODAOAUXEGCCDOXT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll
| MD5 | 94173de2e35aa8d621fc1c4f54b2a082 |
| SHA1 | fbb2266ee47f88462560f0370edb329554cd5869 |
| SHA256 | 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f |
| SHA512 | cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1db53baf44edd6b1bc2b7576e2f01e12 |
| SHA1 | e35739fa87978775dcb3d8df5c8d2063631fa8df |
| SHA256 | 0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48 |
| SHA512 | 84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912 |
memory/1288-163-0x0000000005D20000-0x00000000062C4000-memory.dmp
memory/1288-164-0x0000000005770000-0x0000000005802000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 47e94a96372e6f095b8a3fd7edc48ec0 |
| SHA1 | 377b68f34e5964ca8be1b1b0c1507dd7f0e5f005 |
| SHA256 | 15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e |
| SHA512 | 5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88a89d53e7b0879412cc5fc2d9a7357c |
| SHA1 | 6529ae89ecdccdae7d62ee7acf94eced4e770ee3 |
| SHA256 | 46769f36e2451b76ce93bef9863877be7a81483fb82ec405a5272d7c79b6fb4b |
| SHA512 | ef1b45c8dbf8cf2cfc9c045d8e64eb931694c82d9be28d33ca9dd63ed335bfcfcdf01a14a82d892facc68e9c2cfbee0d0a360e08eaf7ff58c5aa5012eb17724c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
| MD5 | f82d676121371e0f2955f07879aa6800 |
| SHA1 | 0edbbe9a70c49be69516be4eec27249f67489762 |
| SHA256 | 6e73794c85ec23f31e512edd585f0d95b477ab9712143e9ad5171cc283e91e38 |
| SHA512 | a3d935d63dabe909fe8d714e27eb5298be05b377816ec986a7d2ead07ee78b8b77d2840d3ad5ba6d8952a70a519acb22b2aea695b3349f145b9778de4d5055d0 |
memory/1288-231-0x00000000056E0000-0x00000000056EA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 7fd9224e33854a1d8e5758d7b6fe22d9 |
| SHA1 | 2b4e8239b2a3fb143ea81a51c6433d6c208cada1 |
| SHA256 | a1453bb0d0b930db21911f95adac884d4935b754df6c2f94a0eac59f763a3f3f |
| SHA512 | 1fb09a663c73a1ee012798080d0030de855872645125cdb8567ca1498367ed31a120daadb93d94b4fb73e7c3bda063d8fef43b3cbd2dfa3f9ce1b048fb51fadd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ce930560548084e0107f62b4a10ac006 |
| SHA1 | 147ece15c6456ef66996005e6683fe3a22ca919b |
| SHA256 | 7296c53e886df1c0e108fd75cb8581740929a774656463f243de0ddbaa752166 |
| SHA512 | 4961174ba20ddcc40e137afbc29a2e128f26f856cad8acd94edad84d62df1bb495f1e6e25c1f871d2e2ea7e3618c25e4242d9206a2228e716e0429e8137827d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\58124877-1c1e-4942-b73d-ca826c50174a.tmp
| MD5 | 7ccd16eda6ec50a3582275862bacb402 |
| SHA1 | a1d9f564a1b7292f877c29facf27b652a6c68d14 |
| SHA256 | f961fc878aea6df134259f192f163ff8eeca2028cb53af017d910804cdf2641c |
| SHA512 | 92c94be6aeb34deb08dcd18e9aa47dc0cbef59b4b5160e8dbbc2a922d4cf6359d201b428e9f2bf1236b057f4977885887a440a3bf19411b823de62df7b3ba063 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 10c44a94af3993bb9e490d573180f471 |
| SHA1 | a8d063ee011a1b1374cca6f09c10c970bc91f655 |
| SHA256 | 2b6e4e8ea90c9be224c5950becab46447689246ae669e2f46c28d098f6c32f98 |
| SHA512 | 9f16697167570adac0fc96896ed0f223be65c5ea7883af6676a89ca55db328b20c8b4aefe066e09559952dd830e5aa71fc3d994568a53cce9fe9821e003f34ec |
C:\Users\Admin\Downloads\ExtremeDumper.zip
| MD5 | 5a175dbbdd3ef221fc1cc8cda9988c33 |
| SHA1 | 5cc3f21a81438d8d24a82e3218541a00e51c6978 |
| SHA256 | fbffedf2a9420be03538f04bd80a69e35503f8d8395da76a9ac2518a65e1facc |
| SHA512 | b6cf84830ff72a84d333850b88e981d4e7f7a68334546978169aec992ea7fa13f4a1839039aea2d18a7c8ff9164bf174719184a92ad5567cff048c2fbf2f8367 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d0cd8168881a24042703109b263ef5a |
| SHA1 | cc3059783cde33d0601615c0160bdfa747db7b67 |
| SHA256 | 2e2471ff1c556e460bc39742331e1fd3bc4cd873cdd6d6f6ca7c9115551aaf0a |
| SHA512 | 882b5813df2fbe9ef4390f8f03bdd263b4f2728b874eb8eb2858afc0db38e20568d1e888e8596917e755cb8adad9725e984d07d361057b831782ff7707635ff4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe56e12d.TMP
| MD5 | 16f45db5e980d787250551381a9efe21 |
| SHA1 | b567fe4e708061cb4a10c986625cef26193382c2 |
| SHA256 | 72e0625724f84e6d2e86bd16f32fedd219867e21a0818e9673a9769bc040c0ac |
| SHA512 | 251adb572d4d0fd66104bd1268ab31e1de99bd834d050d4237b389fb480da1995d4cfe223f1d05215ebe0a96467f71dcb05c92f01ce2978519eaa2126da72a42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bf3f0040a7e0fc46d057466ca875d0fd |
| SHA1 | 155cc7683c24ecc9b37ca243e3299328ecad568a |
| SHA256 | 0537d77d55907927d498f126ebcba9a6c10b94984efcf6a50b16378a406dc19c |
| SHA512 | 2c16a0a8e06ce3e9429877b4faae748869ba39cac9ae0078a034a5e1e314191940a41a3c17cdaa5b039c791f2af8a6e4f6422ad71fe97db6f1dcb31a56cc24f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0f864e63f43175d3fa44d596f9e8d9e1 |
| SHA1 | af92bde7028bf71ad4de9ec78a8284cc8c7844e0 |
| SHA256 | 6b224bdf9b8fc802b804043b9535c059840be1c22dcffeb540ab7d094ba880ab |
| SHA512 | 77e723ce1517c5ad78f5307e36b4fffd3b5110a8b4eea93da5f69ae57ec1830f4d59f37a1be47596c014ef53c0b0ba7f232122c4553ea0a0f08c48860fea6d34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7535129299d5f2d85ab0c757cbf54364 |
| SHA1 | cf8f0d641f078c8019a953b83b0253c555f4946e |
| SHA256 | b4c962dab49631bc1accf1e35ccef6c943f499193342a9569ba21e0e11f1572a |
| SHA512 | e8987a5698b63a3fd2795ceb50e996f6478f3e591cb7995c3e93ff838e458175c0d05443b0797c22a3f5aadcae5890f883949cda358be9e5fd4affae339c76c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 45aafa455fcbef5aac69d5c32f1ada6d |
| SHA1 | 5c1b3cc569f1b4ff5621f168e8bd1eab9efc08c7 |
| SHA256 | 04384d6b9f9b721781e6a8ac036f0d928b89b61d563e07e00710ab05d09ce02a |
| SHA512 | 15cfee38128b6e016ee101717ce27f8005413dbeed8cf9af161fc8d3bdfb5e1f95611ff64febec38f7a5a9dc145fddd19cefc36b632f4f23d7bc7d486c34dff6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/3644-653-0x0000000005380000-0x0000000005390000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll
| MD5 | 94173de2e35aa8d621fc1c4f54b2a082 |
| SHA1 | fbb2266ee47f88462560f0370edb329554cd5869 |
| SHA256 | 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f |
| SHA512 | cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798 |
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll
| MD5 | 94173de2e35aa8d621fc1c4f54b2a082 |
| SHA1 | fbb2266ee47f88462560f0370edb329554cd5869 |
| SHA256 | 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f |
| SHA512 | cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798 |
memory/2908-656-0x0000020D82B40000-0x0000020D82CEE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\CFA0B0B143E4C50194769B9A2552FFEF\64\extremedumper.loaderhook.dll
| MD5 | 2e40ed16499ba8ff681b9bfe8263cef8 |
| SHA1 | f89f7d11dc028bb3fa1437b0d0de1affec35f8a1 |
| SHA256 | 3577492fff8cd1dfdfae86f74e3d77a1aa672b49d18838355ce2a5bf86363f47 |
| SHA512 | 2f47d4a9f7ec6a7f7eaf605e571c85ba16b4421df9a15c801502af6488287f9ed6c5e7f3c2b29ae2b4f6169252d9ac9a7b91bc666557fa1501347b7de36493a1 |
memory/2908-661-0x0000020D830A0000-0x0000020D830B0000-memory.dmp
memory/2908-662-0x0000020D830A0000-0x0000020D830B0000-memory.dmp
memory/2908-663-0x0000020D830A0000-0x0000020D830B0000-memory.dmp
memory/2908-664-0x0000020D830A0000-0x0000020D830B0000-memory.dmp
memory/2908-666-0x0000020D830A0000-0x0000020D830B0000-memory.dmp
memory/2908-665-0x0000020D830A0000-0x0000020D830B0000-memory.dmp
memory/4216-668-0x00000000001F0000-0x0000000000336000-memory.dmp
memory/4216-669-0x0000000004D60000-0x0000000004F0E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\CFA0B0B143E4C50194769B9A2552FFEF\32\extremedumper.loaderhook.dll
| MD5 | 666bb02763fe5ceb4fff36db4d5cefad |
| SHA1 | 674045a63f4e7bec9312043a77e0f47b7009acb7 |
| SHA256 | 8b8c972255f75488d0b562df4df6a281d52911e39ceeb43e05801b4658ff358d |
| SHA512 | 484acddf07c4e5cca74cb728da4b34cfaa8df2b68f04880dfdef70ec708bc687976702a18703a814aa812f6e1312a45e7ee7ee7ec51dc365268208afb20f9127 |
memory/4216-675-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/4216-676-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/4216-677-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/4216-678-0x0000000004D50000-0x0000000004D60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\CFA0B0B143E4C50194769B9A2552FFEF\32\extremedumper.loaderhook.dll
| MD5 | 666bb02763fe5ceb4fff36db4d5cefad |
| SHA1 | 674045a63f4e7bec9312043a77e0f47b7009acb7 |
| SHA256 | 8b8c972255f75488d0b562df4df6a281d52911e39ceeb43e05801b4658ff358d |
| SHA512 | 484acddf07c4e5cca74cb728da4b34cfaa8df2b68f04880dfdef70ec708bc687976702a18703a814aa812f6e1312a45e7ee7ee7ec51dc365268208afb20f9127 |
C:\Users\Admin\AppData\Local\Temp\Costura\CFA0B0B143E4C50194769B9A2552FFEF\32\extremedumper.loaderhook.dll
| MD5 | 666bb02763fe5ceb4fff36db4d5cefad |
| SHA1 | 674045a63f4e7bec9312043a77e0f47b7009acb7 |
| SHA256 | 8b8c972255f75488d0b562df4df6a281d52911e39ceeb43e05801b4658ff358d |
| SHA512 | 484acddf07c4e5cca74cb728da4b34cfaa8df2b68f04880dfdef70ec708bc687976702a18703a814aa812f6e1312a45e7ee7ee7ec51dc365268208afb20f9127 |
memory/1744-681-0x000000006D430000-0x000000006D440000-memory.dmp
memory/1744-682-0x00000000007B0000-0x0000000000B70000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll
| MD5 | 94173de2e35aa8d621fc1c4f54b2a082 |
| SHA1 | fbb2266ee47f88462560f0370edb329554cd5869 |
| SHA256 | 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f |
| SHA512 | cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a28d9715d8005616a585fc23e5704949 |
| SHA1 | 94d5f2220be1d0bcfd784d1f68ede7f92dfd0885 |
| SHA256 | 6f97b6e419bd4b021c8cc3e4bf297f5453730243341b5457b5b11bbd96825057 |
| SHA512 | d956989edebdda2bce25a8bf58b5e5286c7a2505fa55a0ad66bf0451529fad4d4e843108497a81df7d0eab218572eebc9f139546375a1ecc60f8473713a8be46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a28d9715d8005616a585fc23e5704949 |
| SHA1 | 94d5f2220be1d0bcfd784d1f68ede7f92dfd0885 |
| SHA256 | 6f97b6e419bd4b021c8cc3e4bf297f5453730243341b5457b5b11bbd96825057 |
| SHA512 | d956989edebdda2bce25a8bf58b5e5286c7a2505fa55a0ad66bf0451529fad4d4e843108497a81df7d0eab218572eebc9f139546375a1ecc60f8473713a8be46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0f864e63f43175d3fa44d596f9e8d9e1 |
| SHA1 | af92bde7028bf71ad4de9ec78a8284cc8c7844e0 |
| SHA256 | 6b224bdf9b8fc802b804043b9535c059840be1c22dcffeb540ab7d094ba880ab |
| SHA512 | 77e723ce1517c5ad78f5307e36b4fffd3b5110a8b4eea93da5f69ae57ec1830f4d59f37a1be47596c014ef53c0b0ba7f232122c4553ea0a0f08c48860fea6d34 |
\??\pipe\LOCAL\crashpad_5788_DKANJTIBVHOJEJPI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 8ae76c428ac9eed4f94308413c6870a3 |
| SHA1 | 119ef7c7972c14f9f2fe1e653cb415e969b55c73 |
| SHA256 | 84d7fb6b3b3b84e19d21093afd60751ed4cf4524a6b3431c422921b17ec1d665 |
| SHA512 | 7d95e47508a01f48ccd69bc5cd0f3c5ec35cf7271cd09e7e9d691ab71878ad3945184bda83f73106eb045d0fb04f70e7deaed6ff7731816e240b524eda6d1328 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | b9b16fdb188f9d546199bfd6be6a6462 |
| SHA1 | 141062468bbe1db47cc35b0738003d666eac7731 |
| SHA256 | cb52c48e442fea11b1debecf8611a664cf6a9c9ab5764d165ae8be93940087dd |
| SHA512 | d80493798ed4dc592891d80eab0c8e0ce33ac7402793078ac3848edc81e1cf603a971265310d6e2609ef5baa105812c73039df82b72dd3b9afcaa3d5746a10ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | 02bb816582ef5f33a44ce6c203a9ff85 |
| SHA1 | 0df747230c85496e86bc6452d9388bfffb3358f0 |
| SHA256 | 8455ea3ef5dac12cf9a78da52048f103a73a2d7b980632320c5be40b4bc5b85b |
| SHA512 | 7d38deb67df7ad3a8731048ad2c52f6b1acabe09b48b5e16f22a0787ff1d630c0c617832416650a3e4c2657c025af7f97658742a8eaa2581f3024c8882434dbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
| MD5 | f44dc73f9788d3313e3e25140002587c |
| SHA1 | 5aec4edc356bc673cba64ff31148b934a41d44c4 |
| SHA256 | 2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983 |
| SHA512 | e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 5b12591da612cabe0044c35dc5721c05 |
| SHA1 | dc1bfa8ee24f03235bcdff3bcad357ffb10f0d2e |
| SHA256 | 89302fca22e5c7502ccd596acf0c2700495742980bbe0de4916edcc9a2ad1f92 |
| SHA512 | b9ee7c0dd43723fc1cff4412dfa238fa4f6ac8ff9953c95445bc5638c24477d5971e18714badb5a4f3aa4b058d79d472c07b8a8434e5c919dc9e46e5a9409c6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bf3f0040a7e0fc46d057466ca875d0fd |
| SHA1 | 155cc7683c24ecc9b37ca243e3299328ecad568a |
| SHA256 | 0537d77d55907927d498f126ebcba9a6c10b94984efcf6a50b16378a406dc19c |
| SHA512 | 2c16a0a8e06ce3e9429877b4faae748869ba39cac9ae0078a034a5e1e314191940a41a3c17cdaa5b039c791f2af8a6e4f6422ad71fe97db6f1dcb31a56cc24f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | ab863439c9f8478dc396057d885ed26a |
| SHA1 | 233de80912615fe2b317c6c52dc3191ec3fdac81 |
| SHA256 | e2b716ab6087cf49da5c527eedb651d5091cdb5bee86c346e66f49af8a171531 |
| SHA512 | 10b7154fdb9d75103e73e72be18d00b8a9127a2e7d9d67460711ecb5e812632dca95bab205080e8b2e17860d8480b1f269b96192d9410060c1264234cf2e1c32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 021a4529a5dd4cc0f05d8eb3455d93b4 |
| SHA1 | 12e8eb26409141bd89e8bba162838dc6becce030 |
| SHA256 | f64730ab0eb97e395227e3242d94f84940df1eb8bb6d75e3842227bfa3a95b49 |
| SHA512 | cd1ca904b595298d22fe8ee0b5bfbd1ede33dd2601dc812f5b5d1c13e32794ae6a9c58129222634f92197d14b2976b3999bc977059144d6cfea42b1c833b1579 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
| MD5 | 55b557554d73713921f7f7b4f4cab963 |
| SHA1 | 1f7ab6194035dca65b9454fcae8783ab46d2a9b0 |
| SHA256 | 19fb29a051096b81925e7e9e861fb0d37977d1979cd4105b3e06ae2d323ef486 |
| SHA512 | e21933e1197bf3d31ba4d9734db3382b5d1dbf7aba223efe92fb88c582fa026d9bc28f5aca3fb4da80b13070ea056fb6e2f7905bb243c235029a1e8647b0c138 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 15d3b51293cbe20e099ffe9f3a77f2ae |
| SHA1 | 5b9c2cf3ee2ae84d5726e7c032224ac14a1ba057 |
| SHA256 | fe4c9ab4cf5594746978bb0901463d0aa85a8d35e8f7905f1b783ca38816e48b |
| SHA512 | 91a3bf747ace75f854126b79a5839c34580103b8711c13490814615405c64ada74757447edcb9e5b335d09a99b8a5afbf8c9ef72d9ae38a54567b109cb1512c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 82abe0aefbb80e06ae11e563c769643f |
| SHA1 | 38348bcf5330c219ac50d92bcb0ce0c3ab2c78ae |
| SHA256 | 5345d0e54547ac532dbb15d7e0acaf2e15927cc05831f8346e7dbf5dd8a4954b |
| SHA512 | effe20c995c1e3a8394cf40ecf73b0f18220d889f79902129e2a2e0fe94ac5f7d0987cecee14711abf8ffa1c84a51129b9d48544ddffe416d5f007f098447566 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
| MD5 | 17779f0b68536f2a5cb2c00b0da5e212 |
| SHA1 | 9a0c6f83ac4737dcaf6fb2f61e94e7b99960ae5a |
| SHA256 | 6ef0504f0bba4ae05a915bc03934ffde155c8df7542f3c0116e29732760e6c65 |
| SHA512 | 7175af10a1a0c777f0f1d5d86de7bd7bf7f774f54870560feffb7737b4a9a058fb637057685783bdb40edff2c792c77c6419d61ee8472c70854414ab5f0bbc2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 44ffd6a26421bc9345af47b2c48906ff |
| SHA1 | 5a972bac730006182b99296566a4e4a768964e02 |
| SHA256 | 6b90ae7a9c1fd0927502fdf6954b7840399d607e29ab6456ab63bb421baf97c7 |
| SHA512 | 6395af0e6d618b5dcbe11c24b81ebf51c68dd4901f2bb02435b014f24c0a2f3afc6d75fbff37b6d77fa1226cf8a1fa897355334d637471cbf047bfc07aac3a2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 825165d7d840b1d956491fe9adc04284 |
| SHA1 | e0dadc69a911e8ed4f8650fbe414729b77129637 |
| SHA256 | 528c97a15072486f4aacafbff3545cf6b9cb117030d3d459e85746b188df78ea |
| SHA512 | 6ad1af3ab82ef4b77d6d85ade13b204eb0b9f605a0f013cace53457ccaf3ffa11c871e65c8ef31ce9d51d94ebfc5a81d25ff74c8731f7e4901e6221a83434c78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 3b8e822d0b343d5b1342adbee0da6ce5 |
| SHA1 | 6164bc56510ea7f234c5c811b0ef8c0ac7b19c27 |
| SHA256 | 2c5edee8e14ed86c3e529fd5d111150eb2290b92076972db96b825eb4f910d47 |
| SHA512 | 244f815ecb82dfddcef8027f6e76d263279bb4f794a07f42215581d152611264d19dac8cd850727554bf7029a23f404f86b684d010cc0c76d137855757b864e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13323482812751255
| MD5 | e7e7f8e4f725eaadf094ee0356cea61c |
| SHA1 | 454ea537314e9426cc0c37ee58bd81efa2bbe03d |
| SHA256 | 52f986cc307a99161b103b86632ff0f393ed79e9a59bdb94f5bc779424369cd2 |
| SHA512 | 06fa969f3d5738cc6595769b175586502d818922c11c83f5697936b74cf388a11f4e67f78d25674d7e16be66e4bca8c8f913923e0830d93e79577654e81f37ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 9ae0829b765d2b56756e11c16d3eb1ad |
| SHA1 | 7f5474d92e0beaae7d6fcb61a1f3b35e9e6dd3f6 |
| SHA256 | a7e2e762ae2abc6f8d34a317df5f05d868a77046e58277b80999885424ce7213 |
| SHA512 | 3c69749bfd8620e9de62e62508c4ca1d67264f6d80420cd22e26726459fe3889f3cc536da2a89ccb8ba7763e694390c95ee69c28b05e4f446b668f5ec811d5c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 38a8a48f277d49b97a49313a17d20d41 |
| SHA1 | f0e10f2f24ddb77c07d9ce2ba695dbda6ce2cbf1 |
| SHA256 | 697869e841498e915eb4801713db6d60812fb514ad86154ded14995a7630bd44 |
| SHA512 | 4e3f5170a7e4621d6076ba0f54f629d2bf1872788a98ef3cc842a350f28df8a97998c0b52618d623d10715f924c807d8091e42232664da33cced2afe3354034c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 197c1a52a2e7e41cc124fa4831df798a |
| SHA1 | 04ac8f0354c7ed3f8219849616121b3f73f79af5 |
| SHA256 | 416942d0e12abb3b2dc688bd7a02d5242c366fbeadfd03d88ba5bfeb023630ef |
| SHA512 | 08f79aa63eeeafc6d21b21dcecee44885ee23c7776f6fc03971aa983d628bd35529e11dc3525743fe7bedfcdab80cad37d16ac7e4975a3d53c21badb24c7fc77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 9b30d4b2718ded913eb45c567ea53490 |
| SHA1 | 77ffea919c7869de38001ebec275f7d6e576225f |
| SHA256 | 88b797ad810ceaa4177352d77fbdbf54309664e9acb1fa67a8b026763d4acfe4 |
| SHA512 | 9e9d4d1601fbd3ba8c511f4bfb09e65c0ef664f7c61173f0d7c462ad9dba18daa25b59b72a91e2cbacb96931d70d7e702605cdfa5d51b79230b3427fefaed52d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7535129299d5f2d85ab0c757cbf54364 |
| SHA1 | cf8f0d641f078c8019a953b83b0253c555f4946e |
| SHA256 | b4c962dab49631bc1accf1e35ccef6c943f499193342a9569ba21e0e11f1572a |
| SHA512 | e8987a5698b63a3fd2795ceb50e996f6478f3e591cb7995c3e93ff838e458175c0d05443b0797c22a3f5aadcae5890f883949cda358be9e5fd4affae339c76c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | b3a2524f73b869b2a06334d76e2ac7a2 |
| SHA1 | 71136ffd8347c13eb1a6bbe0438134bee380d063 |
| SHA256 | ffd481bda0f1b58618a624d2c11e0b3e5ccb88d55202f5a81ba794debb1c71cc |
| SHA512 | f3dcf2365b3629944137f69e08e4618a1db59dece1e237c56a198825d784580742438987dc8e12da52d2ac1f0d3548fefe27d8e9bee91c16099fd0e5d2a9eeb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 514ca6f1a0077a017d4f9b542e825b02 |
| SHA1 | 3cfde44e8cceaea88d646c7b075df34125b0efc5 |
| SHA256 | d0bfeab2014cc9ea62328a1033ef59dc9ab9eba0d11ee248d612c9582615c28d |
| SHA512 | ab5c0962b735aaa8439a5dbb273cc7b8484071eb1d75ea34bad00df8dd3ad96bee97291ee6e30ba27d0343d516ecd974b28302e1e075df8f2d680c63067d24a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 236e76ecf093aed98776816acdd00eca |
| SHA1 | 07e2759c4a07ffb4d638ad2773421f28d7603733 |
| SHA256 | d09cd62f8cd755e82a251fe3c637f49cea29fcf0642b043b996c42bd36fc1264 |
| SHA512 | 84cae786668b108cf56e2295db8fbc35e31c0b24ce206ffbe3fc9c8a7453a25a11827f52cdacbd1837014cc9c3df6264316ab1222f631c6ceae2df5c1f51fb40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e489b82b-bcc2-4311-a79f-de1e33e4fcb6.tmp
| MD5 | 2b3376af44b2c01b08495b79509714ec |
| SHA1 | fb966acb73a7367cae31a189de01d2db5ec808e7 |
| SHA256 | 41e637e88f6adf71bb8f3d2c82b7fd7173d53f4005ecaeb545a13e3b0226730b |
| SHA512 | acd76b6ee3c7e4b707c6055f9c7eaab4d44ede6dd1d0009fc9322a0ffc6afce28259863b3324ed579a6d7a3617e9dae490a8ab6450830e20dd5f5b252f155d30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 205f5156fe99188582567591b5f5e00c |
| SHA1 | 3109415fb7fd2905b60627ce0c7b7922dad3cc5e |
| SHA256 | 66cb6af387cc13b5a30c27fdb6a89d4d3ce13e1c32ca2fe08f63360516a6c62e |
| SHA512 | 48604f576cb2f5a9d93dec266951721971881d2d14801bd7a5dec24902e4e1f149fda60aee0c4a70239f866df8a5ce2b273aa0311213e085b94cff08e6bf4637 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a108a765e0b4f4ca7f4084afd8c9f09b |
| SHA1 | 57f5dd312b01dc2b712d9358f000c112ae12b825 |
| SHA256 | b20db1fafe6057758717625a92a60453764b70d5fdf841daaf02a52ed94e1586 |
| SHA512 | ad374cc24278ff5905a7361b557056de7d8986716e512b6474febf28fb37ffcf0005c2f0e658d0fe22e19746c2281c57b41c68e5e340935737ed93989fa6981d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9966ace27c55b68733bbc5356f265c2a |
| SHA1 | 1a5be7072876f1c80536c3a922e0ef7b03f3f91a |
| SHA256 | 8f446ded6c59e5dbf63d6d7500dda1c52ef628449a703d9741acb6e20af4a09e |
| SHA512 | 8bdc350b7bc9fa5471cefb1d38b04f35852909bf298af57e4080631233a12c1b46dc9c5d8b8bd6aa00edf041acc30f2a0d37dcc12efc04bb7857b3fd76a6550d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 57e95f145be13aa771236e17f6977511 |
| SHA1 | 5250a1e15032603f09a168254b051082462429fe |
| SHA256 | 7d12d800c9c5c0c2837c87f976a84fc1cece3147a7a77bb09f9e8af7e32f8703 |
| SHA512 | afbc334a5556326284a786f287576ce0195a48caffa7a8111482f21a32613e18bcb88cdab65bb6a6ddccd3def20dc03969752730c64a20fbd55616502bb783ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | df3c426de9f44c469a9c4bc3788016a4 |
| SHA1 | d9e73576ea06ec1980ecc922fe1a7b04ff76d258 |
| SHA256 | 848daf5498d29c7cb0ea342a95276d0e72f093e0169395ba89de7d524012b01f |
| SHA512 | d86a1a90420e3d197bd67fa6054f53bde4b7804e127181645d9cb347429a1dc7f764068a0cf94ddfc14e7cd77a0f71c4b4cc29146e68e882b5c84e1bc32e14ac |