Analysis Overview
Threat Level: Known bad
The file http://vx-underground.org was found to be: Known bad.
Malicious Activity Summary
Rule to detect Lockbit 3.0 ransomware Windows payload
Lockbit
Renames multiple (561) files with added filename extension
Renames multiple (637) files with added filename extension
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Drops desktop.ini file(s)
Looks up external IP address via web service
Drops file in System32 directory
Sets desktop wallpaper using registry
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Program crash
Modifies Control Panel
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Opens file in notepad (likely ransom note)
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-25 08:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-25 08:12
Reported
2024-02-25 08:32
Platform
win10v2004-20240221-en
Max time kernel
1199s
Max time network
1188s
Command Line
Signatures
Lockbit
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Renames multiple (561) files with added filename extension
Renames multiple (637) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation | C:\ProgramData\6B7.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation | C:\ProgramData\2AD6.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation | C:\ProgramData\23A7.tmp | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\desktop.ini | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-3844919115-497234255-166257750-1000\desktop.ini | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\desktop.ini | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\desktop.ini | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\spool\PRINTERS\00002.SPL | C:\Windows\splwow64.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PPdpt1mw49k1ov2f1jeooc25njd.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\00003.SPL | C:\Windows\splwow64.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\00004.SPL | C:\Windows\splwow64.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PPukpddcrq0dqlysovxjxlnlc8b.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PPb2uk0m76ju1zihk_guaglvpjb.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PPita_yrjn8fy6lky8sh0qxa5zc.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PP6ugrla7wlqvgo83gcplsh_61d.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PPuqu9f2bb606advvery6xa5apc.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PPip5np19yruvaj22vfoindcvpc.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\WallPaper | C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\EFH4UcdOY.bmp" | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\EFH4UcdOY.bmp" | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\WallPaper | C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\WallPaper | C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop | C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\WallpaperStyle = "10" | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop | C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop | C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\o8RCWFYi1\DefaultIcon\ = "C:\\ProgramData\\o8RCWFYi1.ico" | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EFH4UcdOY\DefaultIcon | C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\php_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.EFH4UcdOY\ = "EFH4UcdOY" | C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.o8RCWFYi1 | C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\rlumdaMwk | C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 68003100000000004a536b2a100041422d5354457e310000500009000400efbe59586542595867422e0000003631020000000b00000000000000000000000000000080969800410062002d0053007400650061006c00650072002d006d00610069006e00000018000000 | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\o8RCWFYi1\DefaultIcon | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\o8RCWFYi1 | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\.php\ = "php_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\php_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.o8RCWFYi1 | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\rlumdaMwk\DefaultIcon | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EFH4UcdOY | C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\php_auto_file\shell\edit | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.o8RCWFYi1\ = "o8RCWFYi1" | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\o8RCWFYi1 | C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vx-underground.org
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83da246f8,0x7ff83da24708,0x7ff83da24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Redline Stealer Builder (Modified Variant).7z"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Redline Stealer Builder (Modified Variant).7z"
C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe
"C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\e7f47c9af37745979dca57eb69a0b271 /t 2340 /p 2236
C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe
"C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\aaa5d21bd61a43eaa0f4afc902f6d255 /t 2996 /p 3680
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff83da246f8,0x7ff83da24708,0x7ff83da24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\AbStealer Builder.7z"
C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe
"C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\Ab-Stealer-main\README.md"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\Ab-Stealer-main\README.md
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.0.1446688204\1590511720" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51f3c625-da3a-4f55-86cf-36e8648efa7c} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 1980 24baa8bb058 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.1.2020766755\1748920148" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b408b203-687e-4caf-9b7c-bbce325bab7a} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 2404 24b96d6e458 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.2.1449854736\704250067" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 3000 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09befd9b-2e8a-4ab0-a607-90569795dbb3} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 3120 24bae9f6358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.3.533642762\250066677" -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d0e6d55-56cc-4907-a461-2e0ba4536ca0} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 3604 24b96d66458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.4.1856123250\1166029075" -childID 3 -isForBrowser -prefsHandle 4664 -prefMapHandle 4668 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08bf55e9-db1c-4cf8-b0fc-94af2ea73a5f} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 4680 24bb0b69458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.5.474739138\1941162341" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4872 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd48a8c4-3fb0-431f-b34e-a1617a21780a} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 4848 24bb0b86558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.6.1080596259\239965105" -childID 5 -isForBrowser -prefsHandle 4208 -prefMapHandle 4904 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5cd88c3-6738-43f1-8eb8-100e0519aa7d} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 5012 24bae9a8558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.7.1048259449\1236727215" -childID 6 -isForBrowser -prefsHandle 5712 -prefMapHandle 5676 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a46f82b4-bf03-4464-802a-37aeb4c5418a} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 5720 24baa80cf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.8.1880255555\862971098" -childID 7 -isForBrowser -prefsHandle 4308 -prefMapHandle 4780 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e2e49cd-672a-42f7-b721-c407bfee0e0a} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 1700 24bafe72058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.9.868103427\393477446" -childID 8 -isForBrowser -prefsHandle 4976 -prefMapHandle 5112 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dcfea11-e739-4fd2-9c0e-f70c4985edcc} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 5000 24bb0b6b858 tab
C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe
"C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe"
C:\Users\Admin\Desktop\asd.exe
"C:\Users\Admin\Desktop\asd.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\img\AbBuild v.1.0.rar"
C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\img\AbBuild v.1.0\AbBuild v.1.0.exe
"C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\img\AbBuild v.1.0\AbBuild v.1.0.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\index.php
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\login.php
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\Panel.php
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff83da246f8,0x7ff83da24708,0x7ff83da24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Lockbit 3 Builder.7z"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\LBLeak\Build.bat"
C:\Users\Admin\Desktop\LBLeak\keygen.exe
keygen -path C:\Users\Admin\Desktop\LBLeak\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type dec -privkey C:\Users\Admin\Desktop\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32.dll
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
C:\Users\Admin\Desktop\LBLeak\builder.exe
"C:\Users\Admin\Desktop\LBLeak\builder.exe"
C:\Users\Admin\Desktop\LBLeak\builder.exe
"C:\Users\Admin\Desktop\LBLeak\builder.exe"
C:\Users\Admin\Desktop\LBLeak\keygen.exe
"C:\Users\Admin\Desktop\LBLeak\keygen.exe"
C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"
C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\Password_exe.txt.o8RCWFYi1
C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 264
C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe"
C:\ProgramData\6B7.tmp
"C:\ProgramData\6B7.tmp"
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{FD0E374D-F69B-401C-80E3-CD18EF9B24BA}.xps" 133533231373230000
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\6B7.tmp >> NUL
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\DECRYPTION_ID.txt
C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\Password_exe.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\Password_dll.txt
C:\Users\Admin\Desktop\LBLeak\builder.exe
"C:\Users\Admin\Desktop\LBLeak\builder.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\LBLeak\Build.bat"
C:\Users\Admin\Desktop\LBLeak\keygen.exe
keygen -path C:\Users\Admin\Desktop\LBLeak\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type dec -privkey C:\Users\Admin\Desktop\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32.dll
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\EFH4UcdOY.README.txt
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{A2170DDA-6553-4461-9845-5938EC6F138D}.xps" 133533231991350000
C:\ProgramData\2AD6.tmp
"C:\ProgramData\2AD6.tmp"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\2AD6.tmp >> NUL
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6948 -ip 6948
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 264
C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\Password_dll.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\Password_exe.txt
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe
LB3_pass.exe -pass 870a83b8672a360b910cfe90faff550f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\LBLeak\Build.bat"
C:\Users\Admin\Desktop\LBLeak\keygen.exe
keygen -path C:\Users\Admin\Desktop\LBLeak\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type dec -privkey C:\Users\Admin\Desktop\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32.dll
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\Desktop\LBLeak\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe
LB3_pass.exe -pass 870a83b8672a360b910cfe90faff550f
C:\ProgramData\23A7.tmp
"C:\ProgramData\23A7.tmp"
C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\23A7.tmp >> NUL
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{BE675AE3-9E69-48B1-B56B-5FCFEF315833}.xps" 133533233465640000
C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\EFH4UcdOY.README.txt
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff83da246f8,0x7ff83da24708,0x7ff83da24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5320 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | vx-underground.org | udp |
| US | 104.18.7.192:80 | vx-underground.org | tcp |
| US | 104.18.7.192:80 | vx-underground.org | tcp |
| US | 104.18.7.192:443 | vx-underground.org | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.7.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 104.18.7.192:443 | vx-underground.org | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | samples.vx-underground.org | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.242.123.52.in-addr.arpa | udp |
| GB | 92.123.128.181:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 181.128.123.92.in-addr.arpa | udp |
| GB | 92.123.128.181:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | vx-underground.org | udp |
| US | 104.18.7.192:443 | vx-underground.org | tcp |
| US | 104.18.7.192:443 | vx-underground.org | tcp |
| N/A | 127.0.0.1:52353 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 54.218.225.239:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 239.225.218.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:52359 | tcp | |
| US | 8.8.8.8:53 | i.ibb.co | udp |
| FR | 162.19.58.160:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | i.ibb.co | udp |
| US | 8.8.8.8:53 | i.ibb.co | udp |
| US | 8.8.8.8:53 | 160.58.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | simgbb.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 104.21.4.104:443 | simgbb.com | tcp |
| US | 8.8.8.8:53 | simgbb.com | udp |
| US | 8.8.8.8:53 | simgbb.com | udp |
| US | 8.8.8.8:53 | 104.4.21.104.in-addr.arpa | udp |
| US | 104.21.4.104:443 | simgbb.com | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.201.110:80 | google.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 92.123.128.169:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 169.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vx-underground.org | udp |
| US | 104.18.6.192:443 | vx-underground.org | tcp |
| US | 8.8.8.8:53 | 192.6.18.104.in-addr.arpa | udp |
| US | 104.18.6.192:443 | vx-underground.org | tcp |
| US | 8.8.8.8:53 | samples.vx-underground.org | udp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.73.50.20.in-addr.arpa | udp |
| GB | 92.123.128.161:443 | www.bing.com | udp |
| GB | 92.123.128.161:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 161.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lockbitapt.uz | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | lockbitapt.uz | udp |
| US | 8.8.8.8:53 | lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly | udp |
| US | 209.141.39.59:80 | lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly | tcp |
| US | 209.141.39.59:80 | lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly | tcp |
| US | 209.141.39.59:80 | lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly | tcp |
| US | 8.8.8.8:53 | 59.39.141.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion.ly | udp |
| US | 209.141.39.59:80 | lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion.ly | tcp |
| US | 209.141.39.59:80 | lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion.ly | tcp |
| US | 8.8.8.8:53 | lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly | udp |
| US | 209.141.39.59:80 | lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly | tcp |
| US | 209.141.39.59:80 | lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly | tcp |
| US | 209.141.39.59:80 | lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly | tcp |
| US | 8.8.8.8:53 | onion.ly | udp |
| US | 209.141.39.59:80 | onion.ly | tcp |
| US | 209.141.39.59:80 | onion.ly | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | simplesharebuttons.com | udp |
| US | 162.243.82.235:443 | simplesharebuttons.com | tcp |
| US | 162.243.82.235:443 | simplesharebuttons.com | tcp |
| US | 162.243.82.235:443 | simplesharebuttons.com | tcp |
| US | 162.243.82.235:443 | simplesharebuttons.com | tcp |
| US | 8.8.8.8:53 | darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion.ly | udp |
| US | 8.8.8.8:53 | it7otdanqu7ktntxzm427cba6i53w6wlanlh23v5i3siqmos47pzhvyd.onion.ly | udp |
| US | 8.8.8.8:53 | papyrefb3jewa7fdbakdomx2pj576w7u25fk3kjk6gyyuofz5awcu4id.onion.ly | udp |
| US | 8.8.8.8:53 | raptora2y6r3bxmjcd3xglr3tcakc6ezq3omyzbnvwahhpi27l3w4yad.onion.ly | udp |
| US | 8.8.8.8:53 | reddit.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | vkontakte.ru | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.tor2web.org | udp |
| US | 8.8.8.8:53 | www.torproject.org | udp |
| US | 8.8.8.8:53 | zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion.ly | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.82.243.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly | udp |
| US | 209.141.39.59:80 | lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly | tcp |
| US | 209.141.39.59:80 | lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly | tcp |
| US | 209.141.39.59:80 | lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly | tcp |
| US | 209.141.39.59:80 | lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6fbbaffc5a50295d007ab405b0885ab5 |
| SHA1 | 518e87df81db1dded184c3e4e3f129cca15baba1 |
| SHA256 | b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6 |
| SHA512 | 011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b |
\??\pipe\LOCAL\crashpad_4628_WOXATMKWQGOSUEAH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 360dd5debf8bf7b89c4d88d29e38446c |
| SHA1 | 65afff8c78aeb12c577a523cb77cd58d401b0f82 |
| SHA256 | 3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef |
| SHA512 | 0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8bed3253d25eb224d00e88052403a14 |
| SHA1 | 7dee1c35d05083890f1fdb978fd52a75a191d1cb |
| SHA256 | dd1a784d4618d9d3b73d0c7061e8e23cfda0c45d965ebf1f925542abc768587a |
| SHA512 | 7cd04aab4af6476fd35209745f05e1a4c0ea22e5b3537f2b28c11580b78f514cda16fd7a79674ae5adc4c4f2076bbb002c70f718b1a6c88222c350251e4fef92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 363b852a2019ac44e0c209ad9f2992a0 |
| SHA1 | fa253693df757183903581c82872f583adc54e6b |
| SHA256 | eff932a1759bbf870eeeddcf5100fd2b2e3b440d687388686a2e1f7797c2278c |
| SHA512 | 65830319a4c99ff85388f6795d7bb10062bb5c413c8ff95442929d4b29ca4154963ea29052a622da97fef556a74dfceec3aecd844339592b67bbc1bee5d13f97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d2d1a780e3b06d24a0084bff1b46a7f |
| SHA1 | 7927bb7fd55c1ed3c67fb8dacfccd042932d2266 |
| SHA256 | b7fa419cb9dfdd7812dce376f382d5adb16ed997ff6c948a02292286d7e87ee5 |
| SHA512 | 76481062739faf92a976370d7ed44169fcd4403efcac08b6342d2b106caeb4c2db565753107d2642afec49d81a90dc0cc76e8a2e08775bc2c5634399d627e132 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2722e39db3eb3dc5431963cdee7171aa |
| SHA1 | b2d0da6965b275c569f493bc778a035f78dabcd2 |
| SHA256 | be3f7118c89b57725ea6f9815ad0b54e3d5534a8b1b7711b2f133528e69ebdb6 |
| SHA512 | cb5b89ad936312a921eacc850404d5a8d69ad4c84c69e78f1546801c398b7c15302e7c6682f42ceca7fc2bf7fe0dc1608cd909d569b226ef4949cf8d0692bd07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3195367cbe610e3da6541bd589ec9aa6 |
| SHA1 | 9c44bfb7e979a4a349369beae9a17afe68c55d2b |
| SHA256 | 4576a061aadd309315e962b058613729efd2c47542416d85ae93be7c233dfaa0 |
| SHA512 | bfc8c2011dfa7aa37e4ff27f74b3e51a70ac5e9029deff61958e70b8abe457069c826936832d35b560d71fa8eeb49af93b9c8886e2114fca25a6d3978c0c56ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 91d86cb594665980d2bad021d0e0a3c7 |
| SHA1 | c96a2fc7e9d8a712fe740d1e66550122281695a7 |
| SHA256 | 2f5a6d0d598cc105ee487391f3bb5a65adc60b819648804cd8855dc4eb666cea |
| SHA512 | 5897fee800133a8832e288979a4a13b61e329811e03a4d978bd50f98f4a39bf0400e1f708e2b497230ff463c1a10b848f46284599d7a64b98ace47d0ba30613b |
C:\Users\Admin\Downloads\Redline Stealer Builder (Modified Variant).7z
| MD5 | f0ce60b7fa43a580e6bc2ceb1b4677e8 |
| SHA1 | 14614ec143f792e22ad192c214ce4e7ecc97eef5 |
| SHA256 | ec7e312cc3794b8a5a9838a48bce5102d4b88b09b80b524dc7ca3bb164a9e352 |
| SHA512 | 5e8013bec72c1640837736f6c77cca3fcb4923f4c43b7931a86ee01d18ef05406a50a5d8a4ad35afafa48e9bedafe0abaa6fdbe54f6e3f89b7a16c4bb6b96b58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 382c9a3eb874d0aa7ec4322d5db2b98d |
| SHA1 | 6d2244ea5b2b8b484fa99db5ba89ad2e71552a31 |
| SHA256 | fbe6bd6ae1e1e80eb687f51cf9b6029a8f900df617da90965a7d11b60c6500a3 |
| SHA512 | 44e5226478e7dfb5ee442cd500b06592a192656feea8c63cc3564b481b330c1cdb04230820f6b12cf8c24f99731f489e1813d3ac3139d61ebc56b31335ee92ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 49ed3d10a7172e15b0a5c32b764eedab |
| SHA1 | fc6147f89cba9aec285809012bcb02679e1b88ac |
| SHA256 | a3fd52ef9898afb958a71388558424b4ba7fc8bfa95d9186767bb4657695df4a |
| SHA512 | 064ae13832887923737bd6078931b92c8780f0078a10ae1c6ada496abfd01087f7ac5dd9f9783ae1f760598438ea70b50fc087397423ec33a334a42acb048af1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25b56d3af472473f550fd3b303bc75bc |
| SHA1 | 6ef2c1c4f7ad45c921e090b9b5ff7c04da176d4e |
| SHA256 | b84174b311f9129a11d693335a16f94b34c7a0bc3dac0dd293b03cac3e3582f0 |
| SHA512 | bae146b322f56ddd3a811f0d8c06ade4ddb1ed82b1a8c0788b26c4b2588ef621c3eac078c962c19171887a22b11f2f56653c6784ff81b41908f9b4d17bdcfd73 |
C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe
| MD5 | c45dd3b001aac16046e56cc0bed3c77c |
| SHA1 | bd295f2699d32902a71b0480e0dc9b82ba6ea155 |
| SHA256 | d3ccc70fe10b2804c6d7978579645b0a04a0f7ad1f15776aefadc3f635156520 |
| SHA512 | bfdaf14c0f953a68948c6114014a3dfae12a6d3237b815ad2df08f48ffd90602b712d6131aab24c7c0a5ad49007ef958004291b68fe7140dc4cc8fb4fe94f9b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | a6b40b9a18b7db4d4f107d040dc9a0c1 |
| SHA1 | 800f3710a72c56f7491fd695a656ccc9a09e1dd9 |
| SHA256 | 266da85bf6c21e4562e5abe58e7217ab034ee8d4cf07a57dae6382999be8b557 |
| SHA512 | 3c1e9ff9ebd514e152bcffa90ac02e47b8403694e7f0f2503f873d56cd33dbd94a7b7d4a47776da7e5e66ed745827dd9c1d7b27f987065086b5f13f995bcbcc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 314834a2c10d79fb797bb67b4b9d9b26 |
| SHA1 | 428de6e316ef8d09516bd4025c0d1515c2ae51c0 |
| SHA256 | 2438b42c4fe4010690fd24f5ccf5e58cb107c719a58de370e7caeb873765e064 |
| SHA512 | 04ee9ac06bbfb81d87a4e5aeb569d90af15225c7901a1d08af57a6a129331f61d23961586918c9f9dbc44d356ab7b6f9a579f339e221a80f633ca162d146ed24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | f8065a67e7e7b5de8831bdf593fd1f92 |
| SHA1 | a8bbcc6834487f6e70ca73a8e3d75a76c04e1f97 |
| SHA256 | 20ccbe37894ef7437e57512d6b5658e73962cf017eb155ac7f1775883dd6f862 |
| SHA512 | 9aeae7845abb3ae347dd05e1e5d4e0da0e27d0896cb9a7ef120dfabda3d7492bc668b4cbe0314a278c29614787f1afe6def7b0bb19950e66bb8d7f41440a642f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 5b5c06542e384cc6b293d11860874ae3 |
| SHA1 | cbf40ac75d3d843d4ecf760d4d6bddf7d66c8e2a |
| SHA256 | fc3927092ae90473c5d346598f39d6a6b1c26e8d69df997fbd39fe043f7bbf1c |
| SHA512 | 76a4bb8895cfc8359724944df208b0a1128a16762a394ed40d0f69fa6f6783d1dcf9fade2fbfdf389598a55c863faea79a0f19b9123496c450891128a8886d37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353322355197119
| MD5 | b6ea68c1e065b98bf78570f6340a212d |
| SHA1 | 64bd62a50a4155b04e0bcddcc5c5e9512caa6ca7 |
| SHA256 | 89843d37e34a1068aec416bd3f5ed9151e65985992fa12a744ed294edcb5f4af |
| SHA512 | 26ca94fc170a50e064979b068cf9253c38e3766637608256bca6fe7d9157b60ac022733310e6c6eb6d092ffc391ef9ab435784b8e16029a30688d5cb6d90ed67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 9b634e811c8e92c59f6e14910290c0c4 |
| SHA1 | 0955a54a61050129e90358d3342eb294b23fcebc |
| SHA256 | 5a084a47b2b43ded2d2c23637de27163f71fa846efb9c3b552c01d54274a6715 |
| SHA512 | ccbc54d2cce1cb77226b0ff9dc77feddf5fd1bfe80fb5c64d957d2f94f185c65f105d4d9d5b4614d077b223dca56aa26a37d49b0a56a8b931842f77ec1d97ef0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 536c8ee952c61d9623ae91343bf4e514 |
| SHA1 | 5a43882c037abd84a039c55df2e4466a7d94ed73 |
| SHA256 | 36dccb2845e77a0f39cb3a0c94493895a650cbf4306ad505fb233ef8b99f1495 |
| SHA512 | 754f4732d334b5388cf2ace54152be097a62b28455d076e6aae3ed59d7c4128f39d1eaacf5f0ab25eb8f388e58c2c5b709c846fd369924d87e92c39d97e73eba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 0211bb99a4630e5ed6c92f22eba3a590 |
| SHA1 | 1a9dabcd4627c670f1269cad3a09ffed2888f92d |
| SHA256 | dc4a43d422a0b68ab99425104034e0d54a5f1965f61497d806f39dc31df6bfa2 |
| SHA512 | 5896d9f29b6bfd3e29a63138ca6621898a873c805de236a4b1a8bee148f64400ad6da367981e25731372918ad4ca50ffa5b4db7213ce4b499ac5d3b57dd47af9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | f76b98d7b768981e8a75c0ab148bc9f6 |
| SHA1 | e81e52123da75ba882b91a19dbb9534739720ece |
| SHA256 | 0df2972deb65eddab0b622b228625bc17324367b316ac93f70ab308d9020ac6a |
| SHA512 | 7acb8a61c1d59a2703831689fb4d0bf3ed28ca1f9bbff1f564da6686afe6ef72dd3602f32988929fabffbcb5a8d8143dec8cd08a7af64f3aba3e86d8b622e703 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 9847259efb57c363dbc8c86c180b3ec5 |
| SHA1 | 2edcc4f5b9f84baa3fac18cf5b7167b739268405 |
| SHA256 | 02b9f3d3478315215ade5b8167b1d2e368f12d868b24a0f45b3ca80445c90099 |
| SHA512 | 6f7a8bcebf5d09f964757c28ce2fd44607045df5e448a1b845975a948544920f7cbfad5f7fbe502d594a8107750a5fddeeecb72712cbe038f3b1808bd5ddd0c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 8b333d89ab92a626d47126cafc81716e |
| SHA1 | b7710568591906ff196d99f53f237b8f88deed0a |
| SHA256 | c8e98d683973d01f68c66438c9083a9d2ff6f745a5e32fe01433d992c73271e8 |
| SHA512 | 3f0e66c1a6e0db126093aec4e664c8c04b622e49fea011a124b22284ce45106188386ae8af952ae2c7a7d9e8219ee5352250ed9b1a04c49f4e340b9c3d87e84d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 723e57efd69bc525c7fb728b87ace12c |
| SHA1 | 8d8d156abdf7224e3e20936404f3932938a6523b |
| SHA256 | e44bc092e8fd328029bb70055cb5d558b813e32093f4c65450791afaea527b20 |
| SHA512 | 2f87576691fb94bd6c2ee736793b6b17856b37679c9c05fca7343587744f4a58bfcaceeb02b90ba303f08b18feeb1c80e7068511c0aef6d0d1404c69257f101c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c1c37eebf0b157f7082d146a8ba5e83b |
| SHA1 | 3bdc3e3bf900690698d2485689fc9f2c59380482 |
| SHA256 | 4955a726b8cb96bd9262c06eb6db9845241d65711937118f905e0e0fb9270413 |
| SHA512 | d79e5dc8944ee2ea127fe02bc38487549ff1007e9f8d70f133cd15e4c62166799ada8b0bd8120e2692f695f5abe44d938fa143e2ee93fc4bf912ce984aba1c6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | ccd15e640202acdcf67917cca0e5e718 |
| SHA1 | 967771403403120296385063797b7bf0a83aa730 |
| SHA256 | 0724450735e8e7f0f0294a5154c11e506e0756584061166a146e963be6611f56 |
| SHA512 | 97c2f1a1bcde36449f6dc7c28831ee3972348e38883788cac3aed54872f79c24b091bb3723ceae30d4445921ccfb0d5bb7d5455b9b84b6cb3b3a1b54b8efebd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 170b8ceea207e4fc9dc338c60f369fb8 |
| SHA1 | 37a49a6389f4a602040d1cf99d21c3bc51e2a5db |
| SHA256 | 4b0b2223be5e54f5b8aebebe5af0a378a61d24580c2a99abd8d0ed4ebab4d677 |
| SHA512 | f3bd59ee5d2a24c29d52f8a2c6aae34fa56d6c61298718466fcc56595d688f5b7fc8e291ab232feac348f4456af863fcf0ccd17b4769beae74e1ed91ef4a3d49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | c9d04f5697f75b3f30c36ec7691b8389 |
| SHA1 | e138d6afeb8e88df02d0487470621478dca7cce9 |
| SHA256 | 8e6931d82090fcfa59d0ebd4f65a4db318f3374e8d0cfb8eaea2fa069623285d |
| SHA512 | df64fb50eaba0220dcd9f116a6d2e11ca1432e7d10815473e2a733958f6585ef3c3a1bf9cf07cb64c9c15abaa36f16edf49063cdefc45d54103c463254a703ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 4cca63b6cdffe3d01f818cedb2fbeb72 |
| SHA1 | 6fbb2624f05d4e5e5f838bad6b0a2b287294e0af |
| SHA256 | 15d4a7dc6fdb6859c049d463d3115314fcf67d4e124a1847ff88a8370a09ce94 |
| SHA512 | d9c28139ebe06d6e22387562680506efd1b5bdf0fd7633263456a731c48ffeb46843df51d116a9bbf6ce03caaee9626c3864d912fe0291f654aefea62618ed23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 7a6c15d456fae3fba52494b8ca688ff1 |
| SHA1 | cd0c964edb8663e044ad79e349f7bda9f1c1f510 |
| SHA256 | c3aabde6ccb979b80b8a82b24c190b3461661356d15826f09897c90824dabf81 |
| SHA512 | 28e5ace42996aad3e69725f4c6f30a1d271f555b523bb0c7c84139f4cec7f8d12d17663e52b96bf5e4f43329b18018371b45fb40729dee2413f42209055c1c4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 979e456ef9c6002cd7f8f82652157502 |
| SHA1 | f2be47351c0080d8f8111a69a0d1e6be8be54dfa |
| SHA256 | 663cc5e76a17df1dc5339c21efd5b64b0faee586ee5fc4aa0c47184d6ad9fc7d |
| SHA512 | db1ddc3245edd22ddf5869240100c54d1868855a262bf317655e0014bfdfab2f6a0969173a95894609765820efa7729f73202d0defa17bf5e9a7360eb35fdd59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 4ebb99d99be56e1989dcb4d1b8b415b1 |
| SHA1 | e435de21854b053b4f7bc25461def3b2d4725440 |
| SHA256 | d9764e5ce3643f4d9136a52bfbaae090291c2286d9ed3f799aaec1bd60f58e36 |
| SHA512 | 1a79f213e208f23f3bcd8f3a5bd30407da254c761bc29f147f7611b2e8661325723fabe74bcdcc623a0b5dc47e469030de1a5dc0338fc1c4c199e580811b9687 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 090c1c8a83d366a46d25e7ac9f43b2d3 |
| SHA1 | 3d5175cd7d9ac0632e874905aa0a72cd8161d7a8 |
| SHA256 | dab0a5e1516a496a7e7124b03e466abe6405fb99c3ca5ef3bceccfd1e4349a70 |
| SHA512 | a87493eefe6b8b80a3f9fe14ed1b5655c8d4f296e6f80ebcfd1c50c721d1ddf9ab658f04f651538f325873e49d598ed3c15301613f93af45b116e76b13eb3101 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | ce27bc9f663d135f7b80f646c861321e |
| SHA1 | 91b6abb61807205952a23ec9e479f4677d444f10 |
| SHA256 | cfae2de0427784dbb1eae8da4968e399101b514b4a78c9d950b3527b9a07b895 |
| SHA512 | ea2f252d9c98d339f67ebf35bf349d8938a918a8bbb2f2493cf9065519c34eff29e55d0668efdf23098e98170ce38f62f4e85fbe0cb570557f4cf02a307946ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | e87b490d6226190c8568be0284f2fbee |
| SHA1 | 2fe2e4f2d2a4610aec4a77b1e7f228e059139a5c |
| SHA256 | da8f4b2a555a9489409229f9f05d5c73e6bafb89a7c1c6eb60b81207de42f7d8 |
| SHA512 | 0e7485050c1853107b28f44ed0d405de9147c5d9ffd557214f36dc9a93e6b25e9f8d76f2321548b33c4bb94a9c73d33dc9c358c40ff854fbb21c20021214169e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 7f29f1a6e27720b22da4c4804a4f2875 |
| SHA1 | 4274094f733609284c1ec5f53ca03be5568743b5 |
| SHA256 | be0f685b8ab5c2a2295aa91a300816c3f377675b3632de42987482aa9e811a41 |
| SHA512 | 0ec6e267eeb848a92c603b8863b50bdd7cfa5385bc592bb30e0df87fc59a8bfe0e50546108f1fde8da8cf3b3da35420cb20845de02ae6b26bc98daf4cbb770d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 46e59a64d56bdbf92796ee31f82b7282 |
| SHA1 | ff39da0d15b23e9b39eb0a06b3012eefdae838d6 |
| SHA256 | 5e5f3dc86b88875ac4326956e879693bd060b5d039e91e6e12a893f839b1c02d |
| SHA512 | b0ef04dfb1231754d87d13477fe914a5afb01059023140a380989863c5b9deb7ae89d92196aac12327b7c6ae501f8c7dd71bdd546bde835c53c568b2afd58143 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d00c5ce3d53885119e3e9b0d1f27f741 |
| SHA1 | 2615d7910dfc3bb365fa7c259727dba9a97fd9c4 |
| SHA256 | a2bd06528f04d4cdfd3903afd677dc71f1bcd801f61569bf3706426b92cdbc27 |
| SHA512 | 0d525479803f0f53ca298f2d22f7b00ad73a904405de6d937591c9941d963b08a346754599b1d7b3783060a377069209285127fef4e2193e673a8a233f535d8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | aed7a9210314c76c7f8acffd8304683e |
| SHA1 | cd1372af027028beea38ff7bbe150f1f9cb8fb24 |
| SHA256 | ae3109d0bcb40d90b49bf514aacdbf30df819ea5647904540f1c63c4ae85ae80 |
| SHA512 | 1883a51b4dc59512b71db3ad5c8bdcc2a6b50df990d1a57076adaf0d59800e42759863bb66693ed6d91a45f670aac0118fd8dba804f2eeced64c92a81381a2ac |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 7b914d1396944d64bdf4ffdb7d84a590 |
| SHA1 | b41f5b267d643444da6653bb6d0a9be01508a85f |
| SHA256 | 8cfcc27bc68b79864e71bfd28e0f5f7dfbe91a0b08a1c69294b5c38a39883b9f |
| SHA512 | 4a6271df832e9ed4e782e70db7a0352c4997739d575f92a776fb617bcf8827c3abf149779fb4f25cd37acaa2d2b5f4fe7f63a3a174e857ee25e156731c35523e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | d719fcbf755ef34d1b6d6f2bfe229e5c |
| SHA1 | 1b73e7b712033dd58f5514055ba6c67b5ca7aef7 |
| SHA256 | bda104ad4d155b1afe3265344019707e9928fdd68a5a5b5376d72475a7b550b0 |
| SHA512 | 4395b3e4f6a7f638f2dbcf7ffb91a079709ad26b2267753aa7df8fb58e7af704a533f74cb3383614543889beab8c094edc9e9b6eb42ce3d2c0e84ddcb75279c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 5dd87753c6daca1fd8d57570d6b80d52 |
| SHA1 | dc0007e7328321c8cbb2a59811ad74ed1cabbbe4 |
| SHA256 | cfc8e89fd84e9d8a01a6242c4bb96019097c880b4e7db23529557619cd2bd18e |
| SHA512 | 7908c1f1756ed4c69fc0ef17d7d56a2cfc5526ee7247365307e7c69515765325efccc46c82927236432fc8995553c1bbef6ded35f29fe12f91427f2d373ace78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353322354754119
| MD5 | 3484f413b4a1aa346274e96496e6fc44 |
| SHA1 | 085efa8d89a534fe8b43f393c526d62a8b143c26 |
| SHA256 | d2ddc95e9e02a398a2fb751c2574ee6b126524c3b89f8a5062459b3cec67d2fb |
| SHA512 | 876cc78f90cbc4ef8a1c2e80bb4336f32762c760b17f1435c89a9fc1d947e209b954401ab5e98785ea73d667bb88c2e3d334d9c5a5ab154c26f33495bbc9435a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 284ff8723bff20a4e4be9faac7110e5f |
| SHA1 | 33f112048c9df4f5de03cd1914db460f5c2b427d |
| SHA256 | 664887aaad54f3b9f54708282c3a7f8d2c8ed5b481ec1184b50f616a87112212 |
| SHA512 | 81f42f1d8628632bd7f1f0bad3a3016c06b44c2a67d433e0cb4045ab56508c81129ac20061f0b7255258eaf12b0ad33a59514e04bb4e0beef758c6edee7d6579 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a6066384134e552_0
| MD5 | 2788b0911411cbe24a19031b6a2d89f4 |
| SHA1 | 29f8cee95a164a56bdf828bba9ca427fe3871297 |
| SHA256 | 209cc2172b98fc12f84744be8fa3c32528e9bd4199029251df0fe6b446a9885d |
| SHA512 | 6964d0a6c76326cf4369318f08093769dec98f0bd9227c445e018822b83a4efed6a1dfd323e93fca7e798884660e0a80747bd438807ba9dc6119d6e799ec7509 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 65df57b2419a13c5461b80e9671b50e1 |
| SHA1 | 6e1964f780095e52757cbe0c44e3bf8f9ecc6eff |
| SHA256 | 0a2f751504c4aece09520750e9844fcc3ab33c7a00938fbf543d4db8ba14934e |
| SHA512 | 00e8e25f4b85462dbb5e75cab589e0095906ad94f9921b01e1a3b0c9f623fa82074c3451c2d38adfb4b92aa1c1eb0b9c66a9915a9db357511c37dcd49c0072c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89cde42b714f976c011e339b56a2a808 |
| SHA1 | 440bf90ae28c7ceb55d1b455cd249f82acb6c00b |
| SHA256 | accf2a3f137bafdc54d1edf09b6606c9094f9a98d18971229ec7c056491acf61 |
| SHA512 | e29e4012f390a6bb39de88ff846297ed01d4ff83d2980569d46698cf22fd59c28f212378a3c08a2fa9728956b2ad7f82207e2bec8ab2b96c7fe38de662bd99d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\Downloads\AbStealer Builder.7z
| MD5 | edd911eb6f5a540b93a1fbc3fa5972bd |
| SHA1 | 722802ebb60acf876d723e10423a432bc1a2d216 |
| SHA256 | b9d5b9e6591f359bac9f4983a4feeb555d3d59f94ba22f6fa5874424ef6a4790 |
| SHA512 | d61137ac50806a8925f043d196b2e750b07d7bec59f4871b860731cfe4f24dc1a1aa39347711581a32937f481be81f7ab3768f876f6d488ea449e390d1d35b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5e5de35325e974e36ba41c3d5aad904 |
| SHA1 | d7afc23350ad1566db1b1d4929cd9a3b38064206 |
| SHA256 | 46dcd9988b39ed242d6fff2569c274cf33f1f5da0c1715f721c2a00f2924573e |
| SHA512 | 2e974abf7d2d61edf43554fb25e97f58996a212e84647ee42800a647be65f548245db24eb2709f16f13eb9912324236e7f01db00a15974b0d5ab679815bc6fb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6d4c6413d2946b0becdd23a6406a96f2 |
| SHA1 | 4696da9918af076ff6b11b493b664ae0817dd9b2 |
| SHA256 | 44f7ce12726ce1640a504043198887c0e20a67e873010036ec906bc5a994a4f8 |
| SHA512 | bc0ee5961ee9c0e84fad80525490062ea14d80e6fdf33faa73af8984f141772c6c1a01a2dfd3206bce55741a133d2978706023ce1de79605613265d52eee2419 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3df4601175458fc90c45607e6c5d7354 |
| SHA1 | 4bc4e2826d77ebfd34075d7afe7d4351e4db3993 |
| SHA256 | aebd60b786b1fd071f43938291e5399af2e8fa4fd31803c588e5ced22810fa0a |
| SHA512 | c127f23fb1abcf5c40c415275f9782101e6ce2892d50ffdeca6e43150ed7943167318ccf445079d401033124811964382016e7f0d610122f02e31ea64e977e69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 82d902abb3d2e3e8873fafbb8765e8dc |
| SHA1 | 3301c421970859074dc7402611e6042b56259d82 |
| SHA256 | f1119382f7bcaf4955d9453e48ccb624b0e98c2d0b7823df448ab70a5ef1cbf8 |
| SHA512 | 71be9dca6b683406890ebd47b6d3ea1234f00601c537e9ea459899b598098cdf5688179b01645b10c1cfd311456456456d4326c29f6a5a6237d4e2a190856b9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf28817e84c405d26c1edcef87c85bf0 |
| SHA1 | d8528abf808ad44d5a4acd67428caabc8565d4d7 |
| SHA256 | 7766f6f0517685179bd3a6c2f92dad5aaaf5f157d8641dc69fbb4f7bf64bf7f9 |
| SHA512 | d28e83d569c6058adacf69ea9323bb5b72d46ce86a73299b18dbd4e429bf10995e23b923daae772d676be372b7ff215d0ab664e18f620ebf6ed3a0ccd5e9fb8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8344cbbf37fd98b267a26eed174441f0 |
| SHA1 | 1f8a0be3e20d4182609be25a2add9d2d2dcc5e2b |
| SHA256 | 394a4c8daf2d5887ee607a909eb0e35ccf852178e9d2a438e74138491013d448 |
| SHA512 | c628e7b61adaff995a3b991ba06c53ae485cc9dae5d1cbda0613f591aa5336aef723991cede88cec941f65c15d166507015b37d5188a57853c8af9b4f7211e46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 67124ea9953d00c4d82e05e996085243 |
| SHA1 | 08c6066e94ad9938591fb63f64de366611f0571a |
| SHA256 | 7828b708739107248f2568675d1feef6e2043639a7aba30699fa92e31b836f3a |
| SHA512 | 3f9830f174193a80830f46f2cc5785d5e0082833d9ee878cb089717d4c92a54482189bbb6f401220280997d13f1dbd39db2d5ec4b4b02a52832a29e935b15039 |
memory/4568-568-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/4568-570-0x000000001BA60000-0x000000001BB06000-memory.dmp
memory/4568-569-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/4568-571-0x0000000001240000-0x0000000001250000-memory.dmp
memory/4568-572-0x000000001C030000-0x000000001C4FE000-memory.dmp
memory/4568-573-0x000000001C610000-0x000000001C6AC000-memory.dmp
memory/4568-574-0x0000000001640000-0x0000000001648000-memory.dmp
memory/4568-575-0x000000001C8C0000-0x000000001C90C000-memory.dmp
memory/4568-576-0x0000000001240000-0x0000000001250000-memory.dmp
memory/4568-577-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/4568-579-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 37998035b43049833b2ae537957babd9 |
| SHA1 | 1e2e5c99c6055572222a9c5acc966478eb6532fd |
| SHA256 | db4847ae0171d8c0ccd2c31b1283c2e3d361ff1fd5ac41edf7a8e2e284d2874b |
| SHA512 | 1c77d5fdeeada9194bb48434a5c52a84db90a93f450f328d5d1f31b909232bc5ed3b0f6b23e57953d4aa6029c89396510b6651e885466c2635cf27a0715a2a5c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\pending_pings\68f02cda-d0a4-4a2d-8056-bc31936a3ba7
| MD5 | 429b7818744ed86bb8974f5713bbd152 |
| SHA1 | 95bddbbead82e2253242192d5f62f2bbff5b7e34 |
| SHA256 | 7f6b05e7413df06adc09e289564defc63d776b82d6e3a8f615566b42c53c4a8e |
| SHA512 | e0be6cebf4daca640e84e25f92bb07568be4d7af2682d307b654dd5bef2b65da25cb85624fe58e5c7c7c80684a35d99f558b886a7ca93f6653d779935a6b7de8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\pending_pings\a01038f9-d159-4b67-bc70-7810c843a54d
| MD5 | f9d8f71087efd6ef82f45d5b0e31eccf |
| SHA1 | 06b20c941e6a97b832f810132bcc5f5f3a2468d5 |
| SHA256 | 16dcb6a6d2a5035fde6378706defd394bdc08d8fc9654e6a50f95ba1471709df |
| SHA512 | d0ae4464ba95d15302226833e49eda4cc73e8131f7f8963cf4334989f9c4311b1db3bd07a7bd26cd7b346d9b22b9b853074a37429305aa4a210fced4960f02f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js
| MD5 | 9efbc71fc48850f46b34158f54056ab4 |
| SHA1 | f4f498e501030e2170c5b3a88d32f09442b13f9d |
| SHA256 | c30e2f19d1ddcf67a4918e4e1eea85f3b7cfd7ecd52454c8626760539fbbf81a |
| SHA512 | 7e955dc44b67d2ed4cf4ebb2bc9c2fdc19fde980196ce5f11d9980b78aeddbd8b3abcda4b3ac5647c63627f356017f596d56eb9564289e90452df260257c214a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 31d972e8886be4b394d1b7e4e96fc7ec |
| SHA1 | f094c366dcf96b240cdeba70cbe30602e805e45c |
| SHA256 | 4d1fe06e55695e2810c7fad2ce24354a90e35a2e6261545c711d1501fb8cd4fd |
| SHA512 | 41bd6742663b861f33dc098763b89367855fc70fef10539b7c6562512d99b8770a1babc6ed9c2eafff5dd1a44e9857ef65ce492506a1eb25be7e0bd615580d7e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c07609aa6af9f5160ddc711edeb47c98 |
| SHA1 | b3ff474f6f81561ac6384d4e3457f75ba22a30c6 |
| SHA256 | 283e4b3219209acc2168ae0d368db1c5827668e85ab89587ed0da13706060120 |
| SHA512 | 53dbe0ce62e653c445a89f90a09960989629f244c9f6528aac6b955eb75bee876914674bdd4fc9119ad9d7a31e4f4f047879b7e80c8249cf3531e6287c365911 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs.js
| MD5 | 3adef8b95fd219bb25b809eabebf7ef0 |
| SHA1 | e07f19ff4fc53211c05f888eaa6d2f8c5f613f79 |
| SHA256 | 2788db2b3e361621ac2ca2c6c04bce25dd62eec9236cd8436ae53e5508d8a74e |
| SHA512 | b1304b5eff4b0c6122d916667a2c2b214c977cd6affb90167ae55503b2713aa7c5fb09e93837d5b6dec4d362c17c008c7d9feaf245e07929f8481c58ef535fea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js
| MD5 | bf7e6eed3e0b0e3400338f7009655ba5 |
| SHA1 | 50c9a4f06e7cdeaa94ad09034a0728c5c7d91b1a |
| SHA256 | f2cb23863afe3665a4f74ab511c06d49fd0c90cb9575d559b01722d0fdfff715 |
| SHA512 | 6b2fa658c53e245e499db3a9628af2bce0080d056a332c8da385bda4e3b05c054f2c9c9a0b783a0b51e917078bfd5b0edcf7833ea3a3a61e409414ec6f3d7f8d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore.jsonlz4
| MD5 | 8bac35d422cf5f088e9f213093ad408a |
| SHA1 | 2cfbdc76fba112031dc55097ef2a80fe8c085d46 |
| SHA256 | 1e1ddf4bbe095a179908c965fcddd27f779911a57c3aa09cc4e21263004e3a26 |
| SHA512 | 300a78dc7434691fbc98f6f3a20f331f563a18d2cab31b8410fc746730e446973e7ea2feb810f8f969ae9ea53f0eba75338784bbf917286a57d45e8056744f18 |
memory/3488-798-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/3488-799-0x0000000001510000-0x0000000001520000-memory.dmp
memory/3488-800-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/3488-801-0x0000000001510000-0x0000000001520000-memory.dmp
memory/3488-802-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/3488-803-0x0000000001510000-0x0000000001520000-memory.dmp
memory/3488-804-0x0000000001510000-0x0000000001520000-memory.dmp
memory/3488-805-0x00000000011A0000-0x00000000011F2000-memory.dmp
C:\Users\Admin\Desktop\Ab-Stealer-main\Mono.Cecil.dll
| MD5 | 851ec9d84343fbd089520d420348a902 |
| SHA1 | f8e2a80130058e4db3cf569cf4297d07d05c93e0 |
| SHA256 | cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9 |
| SHA512 | 5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1 |
memory/3488-811-0x0000000001510000-0x0000000001520000-memory.dmp
memory/3488-812-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/3220-813-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/3220-814-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/3220-815-0x0000000001150000-0x0000000001160000-memory.dmp
memory/3220-816-0x0000000001150000-0x0000000001160000-memory.dmp
memory/3220-817-0x0000000001150000-0x0000000001160000-memory.dmp
memory/3220-818-0x0000000001150000-0x0000000001160000-memory.dmp
memory/3220-820-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/4972-821-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/4972-822-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
memory/4972-823-0x0000000000BB0000-0x0000000000BC0000-memory.dmp
memory/4972-824-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9459d61b-406f-41cc-9bfc-c01a06834d2c.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce6e9ca59e5bb679fabf9e00d12ab34e |
| SHA1 | 126a3e00212a4297007a2937104a7e1e2f870866 |
| SHA256 | 155c88a8a9b842b5849ac7f5c78eb37c1d38746324a7c35947787dfc3c8ae1bf |
| SHA512 | b976a0fb35b6892abd53caca1c83600307df5ca283717f55002daa6a9a87e6545a0ee2f1f9b46e0694f4c8b9e98c14985314d61c277e731e061f5cc87b0c2add |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 04286854d29672850fe6083a0dcc644c |
| SHA1 | 9630860a8aa2b626c8944e273208bac6ac7a698a |
| SHA256 | 649dbfe8d7d8a7352973f51baabf57005572a0ccec96f2f44f6174b9aa8396db |
| SHA512 | 87f5b06bddfc5bb4c30f2356ee836e8cf4ced177dd7f4e5e6c49cd63ab579615419593f9697f5324e6c9edf3c54e09c962381c53eade158a6c6a90db8c91b7b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | de7839756d129fddbc0f8ded0bfd0811 |
| SHA1 | a983d997b1a7fb6637c9afa7dc594f17ca90e22c |
| SHA256 | 3712d63af173891b76064e86d52b5a1ac3b47a99e57329ab89e4f707b5bc0ed1 |
| SHA512 | 33df166b7d0b0bb5ace83d380926b0ffdcbeee69a61261567e4bdcd0bb377b3d9cb83e342d9f9c58897a2c4603350c9b65298e3c61e8cf582cbaa84e71212d18 |
C:\Users\Admin\Downloads\Lockbit 3 Builder.7z
| MD5 | c9c2f3805f0012628e9d62e8f75af4dd |
| SHA1 | b6269b1fc8813b93c11ec6066dc33d9f99f2e431 |
| SHA256 | b2c3beda4b000a3d9af0a457d6d942ec81696f3ed485f7cf723b18008a5f3d10 |
| SHA512 | ed4cb425807bbef4da92fe9e17b78746e096612e6006521279162379b2fc65f8dec7647e9c5403c6a74e6eb9b61dce7ca1c74c65d77aafbd0719be79cb1d70ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a207964449a75190fd1a6e37a3fa88cb |
| SHA1 | 40e01fe7a3418f3af84c33397dcf5291dea6ff81 |
| SHA256 | e17729ea5e50c325231ecedd46b34faaa6c3ecd37dad189af7abedf6cc4c7cbd |
| SHA512 | 5b39ab4a4928bcd57294c524475a455de982dd4ee252a1e24e8cf45ee77cd7e478a45373cbbd2324dd96210f272743ddccaf34d1a7a3396e6a66d2fe8a1e9d7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 56a0603f6fa4706b9b84c976f78cea1d |
| SHA1 | 683587685348497c31a83917cbf655bf1be6c3ce |
| SHA256 | 8281c3bdb1a5073f3fc3cdc88c4c4adab7edd7a88fa4a9e74b71aaeb2e0d47df |
| SHA512 | f1458a72e74416952360f4aaa8f793631f5ba8ad7c41dd83e9fed678b8996c45655a465ad5b66cd67ceb2588a4bff5a0b840348de32e72eff7f7268aac94f4bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b331ad9865fd237323daa71f4b63a67 |
| SHA1 | ac5ed03777ce619fb7e1abcbb79085b56b88e408 |
| SHA256 | d20219cb6e500fa9e583dff1e0b0c3a9de8eb2c51eee555936c4ce1b49f42a8d |
| SHA512 | 03b18284fd65e567d7cdb965f30c336ef6aa5bb3b0b6f3a71a31693cc8c8308afd910d056e9e8d3c5da1a26ce6f35dacfbe69660a4252d343005cb5f02f84399 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | af922f9fc645f3bb6cf42a70f54a8f0d |
| SHA1 | e22bc0751f1299d72dcdacf589f0c48034e99064 |
| SHA256 | ce797229ff3b74bce6c68b533923d9b9cbd50770c7cf4b3376b3d3ee863a4ff3 |
| SHA512 | b9a128bb147898f230277376b94b94d8a65ef36753b7f75ab560d1d14d64a25afb76755526d7f0722f2db02ad9b91cd95d4d6e2bc4b6ded3d63b7bc41eeefe7f |
memory/2012-1029-0x00000000030E0000-0x00000000030F0000-memory.dmp
memory/2012-1028-0x00000000030E0000-0x00000000030F0000-memory.dmp
memory/2012-1030-0x00000000030E0000-0x00000000030F0000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\DDDDDDDDDDD
| MD5 | a912c644ac8dc3e6c728f2ac9b1099b0 |
| SHA1 | 8a47f0cdb21d9214846cebe7ea2ea62bb600958c |
| SHA256 | 1c397022d384625de33c3a677d77d6466a6681618e062bb7f8c20e02e70898ef |
| SHA512 | 89688cd4bbe6d7890f2f7afa603ffe13ec991f21985f175d4f5c92381807ad37a4d7ba88971165f81c677d40644cde6d1155e0aa3f4d32e71506a8f6c2fbf122 |
F:\$RECYCLE.BIN\S-1-5-21-3844919115-497234255-166257750-1000\DDDDDDDDDDD
| MD5 | a22f2cfad76f1c50541a1e056801563e |
| SHA1 | e7bf72748258e192345e86a6408edc034fa6930f |
| SHA256 | 108d57f40547e011a7c9f3d9b8bf0def9c5316d849ad6d10ef4f9f051a3afdb5 |
| SHA512 | 015eea816aaeb699da2d750a636649ea0b8054e6db1dfd732e808a2ac9593fb9a0df4acdacc06a363c63e5d1486b4f159866c72d7b82474671823efcb4c2f684 |
C:\o8RCWFYi1.README.txt
| MD5 | 862e8f06052112c0f4bee42343bfc83f |
| SHA1 | 08662d26bbe99b77d9e1b6b050248eea0331c126 |
| SHA256 | 78737f0b1a387858063b50471caed2e54e640050aa53682dd1deeb184c2f0c7b |
| SHA512 | 1cdf100388adea2a12a66de67d9e8f436d05a8569458c45ed49e84589eb870fde603290f404aa06424ff0d985c49e76be5951f058a9d98d4437a59561fef51b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionCheckpoints.json
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529799898763234.txt
| MD5 | eb98e105944659178c79eba4deaf1d35 |
| SHA1 | cb6828da56a1b0556f57e690826b080675561180 |
| SHA256 | b03328ca70a37b824b83a1fa20332d8a9f0c31ec90aa1c84430b1bdd6b48db71 |
| SHA512 | 20a0be9f7f1dcc9554453b761e9bb7ad6e7a0806e3e321d7a8b9677a2e2cfdc29c1a136275f9a4a1f2f1ad976d254d3f9ce7c790e51d85b38ddd3499b16b311d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat
| MD5 | a8308d2f3dde0745e8b678bf69a2ecd0 |
| SHA1 | c0ee6155b9b6913c69678f323e2eabfd377c479a |
| SHA256 | 7fbb3e503ed8a4a8e5d5fab601883cbb31d2e06d6b598460e570fb7a763ee555 |
| SHA512 | 9a86d28d40efc655390fea3b78396415ea1b915a1a0ec49bd67073825cfea1a8d94723277186e791614804a5ea2c12f97ac31fad2bf0d91e8e035bde2d026893 |
C:\Users\Admin\AppData\Local\Temp\wctC1CA.tmp
| MD5 | e516a60bc980095e8d156b1a99ab5eee |
| SHA1 | 238e243ffc12d4e012fd020c9822703109b987f6 |
| SHA256 | 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7 |
| SHA512 | 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
| MD5 | d48a4f62be2c96a1720b8cabfbafe630 |
| SHA1 | 778ced8c6c173973086fcf4c588310e3c856450e |
| SHA256 | 826143fdd619c3dccf4b3c0f6c5b9f2050984aeb08ca2ba7b6173463e25c4b32 |
| SHA512 | b90d4620e84d4cd4abd51bef5eebb79debb9767dc140b53ffcd903b9944e3269727c46ae46976c1733352a739dc82fd522547849721f4069c71075e980d85edc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\xulstore.json
| MD5 | 05e1ddb4298be4c948c3ae839859c3e9 |
| SHA1 | ea9195602eeed8d06644026809e07b3ad29335e5 |
| SHA256 | 1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be |
| SHA512 | 3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\targeting.snapshot.json
| MD5 | 8c1d2e427fac0a23a28630c55bf4e726 |
| SHA1 | ff037e18b9ad395514d053efeafd9bba77aac31f |
| SHA256 | 20dcbeb7d696e6287cd53c74a4b8e5964186130d60b6bc618084d96fb3f485c3 |
| SHA512 | 63ccd1127c8852f71e6595856c5940380dabe361c8d560407753cb6b0c6744f344b7f0f68f1e2e2fc2a02866012c2ddb585817130669a932cea5670ae08feb2b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\addonStartup.json.lz4
| MD5 | 19e63ce45053dbe37f089dce99a7c290 |
| SHA1 | 17b13f72cf9146c5ceac35ae541333f2ecad079d |
| SHA256 | 5260fa2d0cf0236bd96c06915bed0b67878f6210074e2a7f62110258edf47996 |
| SHA512 | 9e1ed321605a8fa0b46d469188233a30d56a3814a065aafd22bfa35952276ed4a761c0a1e5552f00184fe7773a54c730c28ab33d916d16324872299555b1126a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529810771623370.txt
| MD5 | 18cad904b085f352c61146cf9428f107 |
| SHA1 | baf47b4a7c4cd10e108dbe7ee9b651b494543432 |
| SHA256 | e81f357ebb0a6ba735845282014278bd5e78f5a5c309eaeff8da29f6b784b8cc |
| SHA512 | 553b8e58ca3e85255b17255e959a865780b5b4a55dd90bc453fc1429b9c6dc4c957997d7b7d094b0c4a2e579a646326b362a50770d5f27fd9ce62d2b0837c6e0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529854140532159.txt
| MD5 | b98cdb070ea557f909749f0582056331 |
| SHA1 | e9f70e380ce8853264fdb4ff302c98d9809eb0e8 |
| SHA256 | d8a6d9b4d632ce889c8147253c581995909bd39831cf09cfdf0589bfd559bf64 |
| SHA512 | d5b7a4f3003f2f7f481e52116e6031d6e03e47353e963d334c3815b97d09e7e1ee0e390034a6dfa638eae2b43b1d349d7e48ae16447ca85cf027feb09b628925 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0c1fc36f-c8ae-4097-be2c-84d86cd2d5a8}\0.2.filtertrie.intermediate.txt
| MD5 | c204e9faaf8565ad333828beff2d786e |
| SHA1 | 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1 |
| SHA256 | d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f |
| SHA512 | e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0c1fc36f-c8ae-4097-be2c-84d86cd2d5a8}\0.1.filtertrie.intermediate.txt
| MD5 | 34bd1dfb9f72cf4f86e6df6da0a9e49a |
| SHA1 | 5f96d66f33c81c0b10df2128d3860e3cb7e89563 |
| SHA256 | 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c |
| SHA512 | e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}
| MD5 | 8aaad0f4eb7d3c65f81c6e6b496ba889 |
| SHA1 | 231237a501b9433c292991e4ec200b25c1589050 |
| SHA256 | 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1 |
| SHA512 | 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc
| MD5 | eab75a01498a0489b0c35e8b7d0036e5 |
| SHA1 | fd80fe2630e0443d1a1cef2bdb21257f3a162f86 |
| SHA256 | fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47 |
| SHA512 | 2ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45 |
memory/2012-4508-0x00000000030E0000-0x00000000030F0000-memory.dmp
memory/2012-4509-0x00000000030E0000-0x00000000030F0000-memory.dmp
memory/2012-4510-0x00000000030E0000-0x00000000030F0000-memory.dmp
memory/5300-4511-0x0000000000400000-0x0000000000429000-memory.dmp
memory/5300-4512-0x0000000000400000-0x0000000000429000-memory.dmp
memory/5844-4513-0x0000000002870000-0x0000000002880000-memory.dmp
memory/5844-4514-0x0000000002870000-0x0000000002880000-memory.dmp
memory/3456-4518-0x000000007FE40000-0x000000007FE41000-memory.dmp
memory/3456-4519-0x00000000024C0000-0x00000000024D0000-memory.dmp
memory/3456-4520-0x000000007FE20000-0x000000007FE21000-memory.dmp
memory/3456-4521-0x000000007FDC0000-0x000000007FDC1000-memory.dmp
memory/3456-4522-0x000000007FDA0000-0x000000007FDA1000-memory.dmp
C:\Users\Admin\Desktop\LBLeak\Build\DDDDDDD
| MD5 | 6d42f2156b9150bee125f208dea7fabb |
| SHA1 | 6b87ad8d75f63c206c73fbfb8e4dd05cad814668 |
| SHA256 | 0c4511a10c48af8c4e775e95439bcf08bc8d616d9e8339f7c33d03f71276dfcb |
| SHA512 | f0df32db443885d8677cc8ead8c8f4317e5dd2ce7d97f9f2121e9c7ce0ec67d025587e9b8b4d6ec12cbae3a4f98c86a6f9d4a1d151949612f50f9eb57247f0ba |
memory/3456-4552-0x000000007FDE0000-0x000000007FDE1000-memory.dmp
memory/3456-4553-0x000000007FE00000-0x000000007FE01000-memory.dmp
memory/6124-4563-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/6124-4566-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4565-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/6124-4567-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/6124-4568-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4564-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/6124-4569-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/6124-4570-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4571-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4573-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4572-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4574-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4575-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4576-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4577-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4578-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4579-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4580-0x00007FF819640000-0x00007FF819650000-memory.dmp
memory/6124-4581-0x00007FF819640000-0x00007FF819650000-memory.dmp
memory/6124-4598-0x00007FF85B740000-0x00007FF85B80D000-memory.dmp
memory/6124-4602-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/6124-4603-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/6124-4605-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4607-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp
memory/6124-4606-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/6124-4604-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
C:\EFH4UcdOY.README.txt
| MD5 | f22677504ac0ca8127c36256e9a0ae0f |
| SHA1 | 01347a69007611fac1599db270b5f21dd5b25253 |
| SHA256 | 2e76513ca1782410fed4247782291d88c64beef2cd9d0e016073db92b231ab1e |
| SHA512 | ecd11951d98fccf184e2147664102ac47efb3b88cb8bcb474a69d86a68950121645e72d51f258169bb648b82e42c5eb819cef4c68f0b363da65a13cc90114eb6 |
C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\DDDDDDDDDDD
| MD5 | 106341b7bd038d81e1ca725fd1eac12f |
| SHA1 | 07d9c6b9207eb9c987e38fa8514378dff4e44bc3 |
| SHA256 | 7b67968b0d27cfbf5a883e948cff89154008784beb9762c7e2e0588cb766fefe |
| SHA512 | afe8f6c10f9afef61033791b5579e289558e052db61296442ca0b5ea0c1e2078322e41868529b51ff9d63602833f8873c77095494fa9b2f624aeb051c19a9ec0 |
memory/7816-7448-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/7816-7452-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/7816-7456-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/7816-7450-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/7816-7459-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
C:\Users\Admin\Desktop\LBLeak\Build\DDDDDDD
| MD5 | 68ec667cd588f096071625c345b4045d |
| SHA1 | d4c727f3616fcacac450f0c1e3a906250034b7f7 |
| SHA256 | faa5680774abb0dacee2250a1e96fe43b6bee77aa5d6b0aaf9c3dd9826ecb62d |
| SHA512 | 83d84cc4456685d6616371480c1796c271aecdc22dd95a60a17da98500e0d200dcc05e90b78dd227a03bd809b22e41faf36e693e67ced2a6c279edc1501fdbb6 |
C:\Users\Admin\AppData\Local\Temp\{14170798-B1F5-452B-A113-F6B70E383714}
| MD5 | 146071e29e575b342e126ea095d2febb |
| SHA1 | f5706d465aaa5007be226cb3fc0e3714ccd7a834 |
| SHA256 | 084dab338ba7ec6e35c9c99c734e4a40a0952aab35eb78484a6f1d0d7c821cf6 |
| SHA512 | f870f4a40257cfc01b39b7fccd8ff678dc9fd1e271aba23a81182731276d789b6cbe44bc0b63c36937bf82971abcb873cb2f393e3e6c5decea2b7e20b312570b |
C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2
| MD5 | 2f39d25544f684c268097ed542df4568 |
| SHA1 | 96256b5c6fdf0855db496416fc4d224ae0b95849 |
| SHA256 | 688aba9e384f760c5241d7cb5ece871bc8ec040157b2ebba94db03cde19f5b6c |
| SHA512 | c4e94a3adb9e80cb156ab3de7eac3d4f3098adee322f8a481807fb28cc4a54264eee3db1791eeb528b191681e8193a0537cbe6721328837e85b577f5d9e87277 |
memory/7816-7532-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/7816-7533-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/7816-7535-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/7816-7534-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
C:\vcredist2010_x86.log.html
| MD5 | eaab024d74a3ef83a7f544195ae32f3b |
| SHA1 | 83b6234b685f0592db69a651751591fce3aaa35a |
| SHA256 | 4014b196dd1494108f016a5473160cf5eb64375af0f0ed968a96f216eeda160c |
| SHA512 | bf29f3a7f3ea539b20ca67873e0fe15a2808c5fe5bf71d4a2e17deedb49e0e0f3ce13289327a6c06ee4a66c4548e12c6bc9d363bb6b7c5a3226d390466519442 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{51325390-AE6A-68FC-A315-0950CC83A166}
| MD5 | 8ab0ccfe101f2a223bf9fc11f910ec64 |
| SHA1 | 86a7cf51b399bb786896fb77f59ee8b4844f5afe |
| SHA256 | 8cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a |
| SHA512 | b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_NEWS_txt
| MD5 | 968e7d1aa993ef1052b35a95c51946d5 |
| SHA1 | c67817521eb4f70d692d3d29b32676b1871e3d40 |
| SHA256 | 719fb4e7016e1c4fff64166a8809a6ffe5d16ba0a40e4e8593ba7f664337e239 |
| SHA512 | 3382a01b518c38859c1ffc8799aacb941fd7bedd2cecaab4fc8e7fe8e44aeb6acf3997b844b9b5d8ddf4e72331e33972606cab1e9d8b527bf80ef7a9a0136022 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0ccfeb2d-f122-4245-b2bb-d3eb04c63d87}\Apps.index
| MD5 | a7efd1447fa1364fb90d780e32849647 |
| SHA1 | 6d2d5fa810d5f8c5b874e19d5e1b46003a72b38d |
| SHA256 | bcb02d60d6868b6b042a9eea9997bcd02fa96d5f5c30747fc6e63960f0f39f40 |
| SHA512 | baf618c9772f642fc969639ad0a09ac96f8b13ae6fbf78c14c784ab93d968bdfe68c9e915a679d8df0bbef3cc749bc59e6c0e22b634ed1bdc63c84ce43a1cc6d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529798325981989.txt
| MD5 | 35de3831d0658d68d28e1adabe5d640e |
| SHA1 | 8878a010f1993815fca5863a67173566e0c41afe |
| SHA256 | 03bdfbcc28f9cebde2697e9363024f32285c2b44eed697884604db318deffb27 |
| SHA512 | b4a4cd1b17be39f40ab2f73ea0696f1ddb22846ae92fdc86af2ddcf5f6243a858e9978657e3aaa7a69ac86669956ad0d4c5a724c061f6d965e062d269c350e72 |
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USStmp.jtx
| MD5 | d1dd210d6b1312cb342b56d02bd5e651 |
| SHA1 | 1e5f8def40bb0cb0f7156b9c2bab9efb49cfb699 |
| SHA256 | bbd05cf6097ac9b1f89ea29d2542c1b7b67ee46848393895f5a9e43fa1f621e5 |
| SHA512 | 37a33d86aa47380aa21b17b41dfc8d04f464de7e71820900397436d0916e91b353f184cefe0ad16ae7902f0128aae786d78f14b58beee0c46d583cf1bfd557b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\B58E1BA6717AA5C5619108940EDCD152ACADB3DB
| MD5 | 443ec628e02f1abd410262451fbccaa4 |
| SHA1 | b295f37e59f1fe52f783c5e2f6ef68603da61843 |
| SHA256 | b15823bb4d931cbb160c338db001894178dcbcfc36258b31d29ca99365d86a2b |
| SHA512 | 6136c9e267276c2a3414f9fa7bfd30a8fff292fcf533b70869951785b2eaf47eb1a3419bc86e3c21cd6113c8c077236dfbd7f5306cb23b2349cbf64b8078a2d2 |
C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\DDDDDDDDDDD
| MD5 | fac8b45bdd046743d68ea3a8d82aa93a |
| SHA1 | 376ceb487a716d6e94103aef805fe7d30fe2b7e7 |
| SHA256 | 41ff2fad10b206b6bace13b99d82b74f247ef023348acdc5986b0fd880621f6b |
| SHA512 | e66ecc72f169526c2be0ca3b2dec88f679f240031d98ae2bb43fde35579809b074a1a4e16f6d01d8dae634126155f48fdf245a233be42b2821d88f5b4f9a6545 |
C:\rlumdaMwk.README.txt
| MD5 | 9c7f805f720fb4c96375c2b1a160b513 |
| SHA1 | 141a691c9de20623655ada928ab8cfaeb430e0cf |
| SHA256 | df1cf3b78984c09687b92450b40b2fca661990ce87256bbfeec96f573b1270a9 |
| SHA512 | 32c97513060a861863db5a6d349289f59fc0003236480aec7aa88e94ef97276692f90517bb96e4c8dcdd3cc8f4fd5ac73e402fb8593e1285c2c162e7c95a713c |
memory/7828-10993-0x0000023F55170000-0x0000023F55190000-memory.dmp
memory/7828-10995-0x0000023F55130000-0x0000023F55150000-memory.dmp
memory/7828-10997-0x0000023F55740000-0x0000023F55760000-memory.dmp
C:\EFH4UcdOY.README.txt
| MD5 | 3249e1cebd4d28c2b5c539855469d5fe |
| SHA1 | b55b34c4db504d2d92d402b4fed43352e0dfb261 |
| SHA256 | 916d2b2ea09f1668844502e2ab224f8ccaddd0da80ec98b7c6938f724769ac6a |
| SHA512 | 2237425a758c83b6f5c1f8a21a123160330bcae7931ef0c6c5199bc35bfe18c44aa19fccbb6a0df86518f355f54df12fd3903457d1f55aee6b66d0ace586d394 |
C:\ProgramData\EFH4UcdOY.ico
| MD5 | 88d9337c4c9cfe2d9aff8a2c718ec76b |
| SHA1 | ce9f87183a1148816a1f777ba60a08ef5ca0d203 |
| SHA256 | 95e059ef72686460884b9aea5c292c22917f75d56fe737d43be440f82034f438 |
| SHA512 | abafea8ca4e85f47befb5aa3efee9eee699ea87786faff39ee712ae498438d19a06bb31289643b620cb8203555ea4e2b546ef2f10d3f0087733bc0ceaccbeafd |
C:\ProgramData\23A7.tmp
| MD5 | 294e9f64cb1642dd89229fff0592856b |
| SHA1 | 97b148c27f3da29ba7b18d6aee8a0db9102f47c9 |
| SHA256 | 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2 |
| SHA512 | b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf |
C:\Users\Admin\Desktop\LBLeak\Build\DDDDDDDDDDDD
| MD5 | fcc3cda9d71f7af55e09acfe32c1f21a |
| SHA1 | ac576ebb6b518048047dbbed9bc0bc48e53d75ac |
| SHA256 | 932a1432bb0e7aeafc0271d053e603d7834e0d342e6ede320913b23bd3cffa6a |
| SHA512 | a3794a1adb5ecdaa29d08ed1e558bbc3b708932f92ae839d1c59b96219e064cb172b8abe8fee9796d10f1ac1618794a0b2e949b56ecd941748662ef8f75a9555 |
memory/8680-12407-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/8680-12410-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/8680-12412-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/8680-12414-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/8680-12417-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Quick Notes.one
| MD5 | de0400e12ebebee404d9fd67b7631d5f |
| SHA1 | bb06dca7196abb0d87201d356a473755c897f74b |
| SHA256 | a69e54294aab285d2581b1a826f2158d8e1215834d5ed176b71a9e7c9b28b761 |
| SHA512 | 7e0eaecd23a1d6d871a9adf34e99f6d0007176231af236df3c6f13e49696f72ab0d4b52813644e7c1ca8c81e92235f92f4c83b78a75ef0be526514b86c750023 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{af16a8ab-b71c-4550-9c43-ff37b77165de}\0.0.filtertrie.intermediate.txt
| MD5 | 1218ebe70d824d15d5aa68a5a9541061 |
| SHA1 | dcf1eb20e350be0ca52750c2556b11451b03b4f1 |
| SHA256 | 7248cbb608da104f578ff7d67d94798cb30448a324a7f34025010d21ff832dfc |
| SHA512 | 41f47e1cd0daff4e2588a1da62bd3b88407c76b907513f42b1e51a24b76700645ce7bd338004944a1206d16d1c78f7731c9fb23e004d069cd6d2100ed61355e2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe
| MD5 | 6f0d8710c462b5955d9d16745bdb1bfd |
| SHA1 | ed0545934a28799ef27dddcc0439d05dc40c47ac |
| SHA256 | 342f29784a85f25ec119d85e39267ec57a4c803fbc099f6c5ceb7761f8896cfd |
| SHA512 | 404085314a3cf37e8e66aecd314d63ea9711d05c1ecb714d531126e61b7bb9929e59e4a42cb736ddade1ac416d76477881d18b428bfd603fede3e9eeb7b6f8cb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD
| MD5 | 02c62d8bbcde30c7db965f367010b71c |
| SHA1 | 26db188d2d16307ec98dd6a157d7e2a8afad5337 |
| SHA256 | 0f42b2ee5976283ffc9c5d418e7dbdf5aa10d1e73ae818e09dcae51e0684e38d |
| SHA512 | 46ea4999cd6c4249c5145d08c22bb901f84fbdadb23cf7bfae5ef12b42e8a83796188ce21457851e4cc7df6c100fb3091acc1c03bbe59afa90e5c833b9912ac2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_narrator_exe
| MD5 | 057f55bdbb2f9bca4313e9ff62def669 |
| SHA1 | 844420fd18e37edfc9794a12fdc5cb1193e6f296 |
| SHA256 | 190973460b7b1e1fab6daf993087338adabf6889bf0caaa811bbbbf65595ee0f |
| SHA512 | 716420794e44a08db0933e98825643345f316c966bd6b0431e4f3187f8a486ae0e69c320683693a2f9ac6e5bf8ed6f951cbb650ac49002ab4d8c8d7f1ceb6397 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe
| MD5 | ad66d697441556552982c0a827402ab2 |
| SHA1 | b42bdea626a087858c06592c765920b3e4f2086e |
| SHA256 | 73c232acc9c055bd44836ba54fa521cc0a4f8b721da312b49dde928209fd26d6 |
| SHA512 | 1fa50bac06bf78331fcf2c1c978838a95827808d73d10acd8a1ff76ac8584074da87b9977f16557095b20573ed6a39fecfdb50f403e792a4155878c9f3a3247e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8AA47365-B2B3-1961-69EB-F866E376B12F}
| MD5 | 9f1ff11e31c55a87372e85612ca3c290 |
| SHA1 | c94dc58d7e8f070d3eeff5bc8ecb3a2d7008323d |
| SHA256 | 0c650065d284a6a0f6a17ce2250214b40219b7082e940689a2cd2948162fd893 |
| SHA512 | dd490e167b4455aace73dda6d9ec6b90aee5e5994701c249a44d316b17c3f8a8f5e776e9ecb6d751dfbed8e74743a3f13d95edbbf3b09998e148bfcba1ef721f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{b4234e88-9e3b-4876-b954-cad5a09cbaff}\Apps.ft
| MD5 | a2bdb51b1b1ea8360bc64530ab16d7cc |
| SHA1 | 95b7724c7506e17a6cfb38a29d5cac95f0ae14e6 |
| SHA256 | 59d9a0ad8f3a55b1f83aea35ee590e2ef70f06939eb7beb8f77af9c40ce2ca84 |
| SHA512 | dee7aacd0e11d2595d7bc32dcb21fe78afd8f2f3f88f6a5142f14e22de60c1117906b72d6ace9bad8ccb035575b9ff3136a5a8729919a8cee13142c40559e5ba |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{b4234e88-9e3b-4876-b954-cad5a09cbaff}\0.0.filtertrie.intermediate.txt
| MD5 | bb7640183196f554caf076ff2ca0e12c |
| SHA1 | ccc92a16fda19e15631083fd81b02f0ea6e732ed |
| SHA256 | 80b1c12d18e49cf0ebfa4b380028b6f9e1791f4800a6bfb657e140714c3e8f3d |
| SHA512 | 1e2ab4baac6458e7149f6bc8a1a649a1e8d7edf41309e0b1a8cbc8f2b392cc8e3ab8dc77de98763ab3879c86dbe6a6207dabf3284c1b7799428a10d2fae612a1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{af16a8ab-b71c-4550-9c43-ff37b77165de}\Settings.index
| MD5 | 6e89eeec56ec057baf9787072f3aa4ee |
| SHA1 | 65dfa210105a981a8da3dea1008e1d0eeaf337af |
| SHA256 | aa140df41bf17e2ffb03a8934f9e8675a7ccfe23fa07cc39a35685ec1ca07807 |
| SHA512 | 8c71fccd24e8b340f479deebd3b05aec440774041d44183532436f905acc0133ee4660d66c042a333d411202011d7d5e5b7b9740af2b505af55b9ed2d4d67488 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{af16a8ab-b71c-4550-9c43-ff37b77165de}\Settings.ft
| MD5 | 05cca5ef9d491f3640d1db368768e43f |
| SHA1 | 3ed5bd4fe776ec61964b2a2ad33105d22f2d33ed |
| SHA256 | 0dcbbab78cad414ce9ebc49f7643835fc414e934b45909d667a3bdf0061e8af4 |
| SHA512 | 082a7e969a919dd503b0e2853e3ab2d1a4f029115bbaf373fe1c796bc667c8e47d5c0e850636c1331ab978436d7047343396294fdd8537750fa02469a10bff92 |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\OneNote.CampaignStates.json
| MD5 | f1b59332b953b3c99b3c95a44249c0d2 |
| SHA1 | 1b16a2ca32bf8481e18ff8b7365229b598908991 |
| SHA256 | 138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c |
| SHA512 | 3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4 |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\OneNote.SurveyEventActivityStats.json
| MD5 | 6ca4960355e4951c72aa5f6364e459d5 |
| SHA1 | 2fd90b4ec32804dff7a41b6e63c8b0a40b592113 |
| SHA256 | 88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3 |
| SHA512 | 8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d |
memory/6692-12782-0x00000189CC040000-0x00000189CC060000-memory.dmp
memory/6692-12785-0x00000189CC000000-0x00000189CC020000-memory.dmp
memory/6692-12787-0x00000189CC4B0000-0x00000189CC4D0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\KFS6UHMN\microsoft.windows[1].xml
| MD5 | 9916c189745c594aabb7b27107136762 |
| SHA1 | 39dae460defaa34ddb58f256c55854d0b75c09ea |
| SHA256 | 2c8f11f2385e1dafe71764cdf3364d927522d7c38b98650493b7be3ea2470006 |
| SHA512 | 417e32b93cb6b73c04bcf9987e1a28393ae203fa5a42c2862b22494e637476ce21b1ff65b69774595129c133d2b7e8a1f44d013594b9f8f83aac13c824f202b7 |
memory/8680-12800-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/8680-12802-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/8680-12801-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/8680-12803-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp
memory/7324-12811-0x000001B645AC0000-0x000001B645AE0000-memory.dmp
memory/7324-12815-0x000001B645A80000-0x000001B645AA0000-memory.dmp
memory/7324-12818-0x000001B645E90000-0x000001B645EB0000-memory.dmp
memory/6744-12833-0x00000158F5A40000-0x00000158F5A60000-memory.dmp
memory/6744-12838-0x00000158F5EA0000-0x00000158F5EC0000-memory.dmp
memory/6744-12836-0x00000158F5A00000-0x00000158F5A20000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f618bad8355d2f3f95413d339bb9b281 |
| SHA1 | 69feb1b97f67ed2165487fbfb04522ab24bbca0e |
| SHA256 | e29b868f9ee332632111c177be8741b339d9554596c384538a115ef06711c28d |
| SHA512 | c61ebff3c39a25e9eea9403b07e60e16ee53e01032027b2ccfce40f40b9af9d1cd06ae95091046c2a2c8ded6d8c672773e54073189efacf9caa27866b30e8d3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bafbf5ec8dcfa4d625c73a531b2191dd |
| SHA1 | a4d4de7016b19932d90e6fcec777ae7dacc6c68c |
| SHA256 | 73f6219b7daaef8fbfdddec9056fa23867e3378d220fab6532766b5658922e8f |
| SHA512 | 6b7e55fcd76f192b6ac01c2e94d04babe86fe4bbcd72a865eb16de4deafad816c440935822b3b51bd122c0c6b64511368ff51f3bb65ae7637c9ceb120437ccee |
memory/6120-12866-0x000001B5799F0000-0x000001B579A10000-memory.dmp
memory/6120-12869-0x000001B5799B0000-0x000001B5799D0000-memory.dmp
memory/6120-12871-0x000001B579DC0000-0x000001B579DE0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b490731fc5f698cb77a24f9ce8df60fa |
| SHA1 | 5f2aefd19a9636eb687cba1487a100f4a535a694 |
| SHA256 | 47cf518735b0a57664827e32303921e7d5d0440dca51d6f09897ee9b6242bc1e |
| SHA512 | 9087fefb3910fbbe056565a5cf786248a2245ba03ce95f443dfd345727bfdfe85af6756b8ee1d136c2bb4f71058a2c7e02871ce7b2df6cb3602e1c3bc07f1551 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5b323ce6ff532582c85f790d643f71f |
| SHA1 | f036609722ed48fad00e7f8dc3a974d0ee8e405d |
| SHA256 | 68225664ec2aec8b6e67eadbef713796614e53521adf8b0d8722de03a3e4b853 |
| SHA512 | d9c6eb16f875dd1bf3c976a2a9ae35783009d49e8c3ac88c960ea7f41fa22be5881120b944683211a759ae51f4de5d9d41c1880d1f31fb2d4997ed4508846143 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5854927c5c5ab6c5471a5c5ece729d79 |
| SHA1 | 88bc3f40e3c82694b2fe5e31096c30eabea1ecae |
| SHA256 | 7709549a395b3ad6114fc38bf76c0834b3036872c02cf7e28d8287f13bb826ac |
| SHA512 | af892dee2519ff86e457b9c5c4ed68ab97d73c2d37dd0b6e1e4debc6a1d1548612d23f765d7d12e602d07fdd9749ef97c9cbf64a3ebc7240e0ae7fe496ffc65f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d772d56b0ee167c407c5f230ef0d5a9 |
| SHA1 | ee3d762f72dad544768365b9fcc68f724526e4f2 |
| SHA256 | 88089ec5b2bcc343b1e0aa455e5397897cb21323b1aaca1f494431c45ba3de8b |
| SHA512 | d8f26f30264b35370fb991032af8561d14cae346e54bdf6576753de1e6cc8585976b8f07339bc5b8d92b475c5ed6a8058497287eb802ee140b924691fa85654c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1493d6b5e55d169a628798864415f44a |
| SHA1 | 57aa1e712f588b5023702cc2f2ef8b2202554446 |
| SHA256 | ccc106589c85a34c0ddf2b7e7f08c20992139b96d945a6a7f1985ed93700be83 |
| SHA512 | ecd3e092611e9180970b31aa644d4c243ba3e891d771d426de1bc9e6b9197f68f278bf972d6f0ae0234c053e3b0c2a5400563ef7ba855cdcc49ad89e78f81663 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 81f57f21aa35cd6ebce0c24d141cab42 |
| SHA1 | fa4407162d50879695a80a3c6956db7d63158d13 |
| SHA256 | ced92155857be4ce29f2f94cb8e42dd76f130a3351096dd199aaf684e61e35e5 |
| SHA512 | 2b46015284691d8407bfd33898d05e507e35f9f4c25099b867d8a02f2fb4fc30dbf51cb9f4e2f6214f8f9a2ee44d815ae697b0f98b79adc2ec18c4f4161ac73b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | abf4bef6a03fc10ebce2f4ea4bd86980 |
| SHA1 | f651ef018e7b9c4dc8efee85152a7b7ac3334499 |
| SHA256 | 91273483a083b1e4c5292b57c29bd52a9f59bddfa210dad5166e0c54be9d64e2 |
| SHA512 | 322e940d1cbbeac23b7012c631ef684ad47388a2e1991738d1fd294508a691c54f30c8b1ba9ec0714f614255acb7132ea64b65c2d3de173227ddd9bd55cce26b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c77b787ab654f4db4a710ccb8a9c355 |
| SHA1 | f88fedbe65c5cc812c6344a47b5e6188ec95bbe7 |
| SHA256 | dcc557383be01a81da3b4b818c9470a7eedc375a12b5e99e5e54a03766f6791e |
| SHA512 | 53f0ed44329e5af7e1e8302a048403697be60a0e1c8089f0925d5c05e7653a9d70dba0eae41d03f962c0b8e9e7678673c3fd471e5f3e0c3034832cf3ee6427e6 |