Analysis Overview
Threat Level: Known bad
The file https://mloadrelktrrtkldswcewe.top/dwnload/cheat.php?KIDDIONSMODMENU was found to be: Known bad.
Malicious Activity Summary
Stealc
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:17
Reported
2024-06-03 07:20
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
202s
Command Line
Signatures
Stealc
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\INSTALLER\VDDWBFMIVE.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4160 set thread context of 5708 | N/A | C:\INSTALLER\VDDWBFMIVE.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mloadrelktrrtkldswcewe.top/dwnload/cheat.php?KIDDIONSMODMENU
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe90224718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,6540244367426047797,9092371533462125366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\X Mtk Installer.exe
"C:\Users\Admin\Desktop\X Mtk Installer.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:
C:\INSTALLER\VDDWBFMIVE.exe
C:\INSTALLER\VDDWBFMIVE.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=UZfBnXM8WuY
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe902246f8,0x7ffe90224708,0x7ffe90224718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,4547021793157552174,16746815732846497962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,4547021793157552174,16746815732846497962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4547021793157552174,16746815732846497962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4547021793157552174,16746815732846497962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,4547021793157552174,16746815732846497962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3440 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4547021793157552174,16746815732846497962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4547021793157552174,16746815732846497962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mloadrelktrrtkldswcewe.top | udp |
| US | 104.21.51.254:443 | mloadrelktrrtkldswcewe.top | tcp |
| US | 8.8.8.8:53 | 254.51.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | antymalwarecheckgood.top | udp |
| US | 104.21.24.165:443 | antymalwarecheckgood.top | tcp |
| US | 8.8.8.8:53 | wondershare-filmora.top | udp |
| US | 104.21.30.177:443 | wondershare-filmora.top | tcp |
| RU | 147.45.47.150:80 | 147.45.47.150 | tcp |
| US | 8.8.8.8:53 | 165.24.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.30.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.47.45.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nzs.googlevideo.com | udp |
| GB | 74.125.175.70:443 | rr1---sn-aigl6nzs.googlevideo.com | tcp |
| GB | 74.125.175.70:443 | rr1---sn-aigl6nzs.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.175.125.74.in-addr.arpa | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | rr4---sn-aigl6ney.googlevideo.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 173.194.183.169:443 | rr4---sn-aigl6ney.googlevideo.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4044_MRCCIBCFNDOMTJBV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8c8ff51561bc191fdfc63b61e8dd0dd |
| SHA1 | ef7052346ccbd6e9b31150e03f5eb6f87e4356eb |
| SHA256 | a599ce20906ef440a8593e3c94e32179d0583e8202de86abf53d82684c1879f5 |
| SHA512 | f80dd47daf539301444555dffe44086dc07deced208a3a57df0ad501421b8f58a2d2a002e52f3fc7f4a3998c5b3db74d1e8a69a043bb3536945276d3f09c0316 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8cfcd8bae7fbcaf052ee46b94720b1a3 |
| SHA1 | 9279a2a3f202a3f3e57853fe073b86dd831444ae |
| SHA256 | 94e422be779209b25fee94c9db2122dd50dd82a7e66400840d4cf668a182dfd5 |
| SHA512 | ce17610b2e8dc466cbdbd650137226fb8d23a85476c247af68823f1643792c8eaf7c288d9ebac990dc945cbf0ad7f37bc51a5773dd63c567e75152ca972d5254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f73b034bafbd98423e4d338b8fda2822 |
| SHA1 | 3372951a6f888c4383abf93e88df81cfffc1e49d |
| SHA256 | 99652cc13c8cfae248f1f3c4f5a60d13019464b9dd79fb259b5fe90f9a8844bb |
| SHA512 | a80ab7a5e4ab7fe38d44b629eb2474aa65440a6f8b0e2d033416efd11dec316651a3ebf86d594456828fd1dc8a01c2380cbe75c91de6309372fb38789ef5fedd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e4260facc0167cf78dab5893ce028a73 |
| SHA1 | b0b046deb309fd1a3ea11ee17db88bc93e9a56ad |
| SHA256 | 6ff6181b5f220a55f942061983e6048baea3793c487f65079069deafd9e59a23 |
| SHA512 | 26ef2a860512f5a6d46061c22a99f756bdc6c54592d4f383a8f63209cd5aab7508d58628a221812de04ea48b4fa5fb4d04c0965724f1b103aed650369d4af808 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6763cd23337918425a47ec3b642b2679 |
| SHA1 | d936a59c6cd0937bb441304561c411386af828c6 |
| SHA256 | f17649acc34f41830630e9a26fa31e07385ea29931c6e1576576a8c1c8d1ed09 |
| SHA512 | a84d998921719cd69309c7292de5b60c98d91082fd960a00e3d3f0f9d52377f7c78862d93f0329748d95de6176acc5323c4b54e8ccce1552dad0558288b393d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42c61a5d153a4d08fe0d1ac7ba4704a0 |
| SHA1 | 54e140d31f67b1bea3122c6f787e29ea89b61250 |
| SHA256 | c8a409841e517e9e9dc47f03a7eda420915e6d9cfe30e63319be2a7711811ce3 |
| SHA512 | 63b38d088eb79b485cebdf962af6d8b4b5b502e08630f3daaaae85dbaf6657e21756cf89e45c42dc0cb5670f839bdff6d5d9584f5fcc018a34879354ba62d8a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | aae5b6b3ef4aae0018795f9707890cf6 |
| SHA1 | d819ca6ced43f0b2db3e501e0720f77958fc67a3 |
| SHA256 | 5f277f1d97e5b936e8e5b03b00d66c4bdccdb1c7e3eea46a505386cda8bc9fd0 |
| SHA512 | fc3af9c7442ab4b9df69b2a8aa36a991dc275e0da6ab6402c7265fe1c92f80c698b1d668c3ad1befbd17b774c6f335dd6096eb6e0262c3623d7ffc8e483647fc |
C:\Users\Admin\Desktop\data\program.JPG
| MD5 | 72539be8458a303a2486bb8e83b9e77f |
| SHA1 | 855125bd900e84907148202ecac8e3019b47cf23 |
| SHA256 | 22a57c8a0a88105f0e8bdba7d260fa5648cfd99778e787b53f4fce2e24d195a1 |
| SHA512 | 283c89f13640e7c3616afa1b9673bdc5790f4ca8905256f85b268b38c97275616d3ffbb008a7872f12e66bbfd488a45c9b58ade4568baf2c8dffb3cd306a2643 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fru3sg1e.vjj.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5284-181-0x000001EA36B70000-0x000001EA36B92000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6d42b6da621e8df5674e26b799c8e2aa |
| SHA1 | ab3ce1327ea1eeedb987ec823d5e0cb146bafa48 |
| SHA256 | 5ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c |
| SHA512 | 53faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29 |
C:\INSTALLER\VDDWBFMIVE.exe
| MD5 | 66d2e8e0fbc5b35bb09587834841f50e |
| SHA1 | 3f4e760fb82c5e07ab9293273c24dd960fd55ef8 |
| SHA256 | c2dd30a33e7631b1d32f8a8864c9fa7e45c16657a9593ea42c109cc34f208871 |
| SHA512 | 842a459c6fd5e648defb37a282180d16c460c8fcadca25c056258039bd4e197cfedc9eb57a487ed154505e7da34ab1724253ec157e8deef9a5ebc65c4c500264 |
memory/4160-207-0x0000000000370000-0x0000000000371000-memory.dmp
memory/4160-209-0x0000000000370000-0x0000000000371000-memory.dmp
memory/5708-208-0x0000000000400000-0x000000000063B000-memory.dmp
memory/5708-210-0x0000000000400000-0x000000000063B000-memory.dmp
memory/5272-211-0x0000000000610000-0x0000000000D77000-memory.dmp
memory/5708-212-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | ce12ca260760cc0e0220c08f8b8728e7 |
| SHA1 | 8e1192d6bfb90e22bb25c4d14be1fbb200070ad3 |
| SHA256 | a7781b94b88809eb7aa1d072cb659a24c29183c95112d803fc7570ff9cf9c5b6 |
| SHA512 | 7144c13c60cde44ef92f719f1d3571e7ae9fa79aa0c4dc49ad98c6133edf31ccc4322aedb55f56795d238dfa4e43c1fe4b759b94edfda074a4fc564e2dafdd1d |
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/5272-296-0x0000000000610000-0x0000000000D77000-memory.dmp
memory/5272-297-0x0000000000610000-0x0000000000D77000-memory.dmp
memory/5272-298-0x0000000000610000-0x0000000000D77000-memory.dmp
memory/5272-299-0x0000000000610000-0x0000000000D77000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7ad009e5f99bc614faa3d51239a43f78 |
| SHA1 | 6fb6ba23b4fe5fc5b201c5568abd05aba70a017c |
| SHA256 | da2a6cb3d25fcd1811779c683b29e28eb112d5662eae1711e5f3db49afab3ef7 |
| SHA512 | 68877a9cb2d3e38f9df885cc732f3f34ccba5e30b29d1a65f4ec4eb24bb4b324d3a944f17658b65245d16fb9ba1af6e479ece8a3616214f66fb286f1ad629e0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | f5dbfe9a636d5327963a1f0e463d232c |
| SHA1 | af0eb3765adcdcf7efb104588cfadaf78468ff9e |
| SHA256 | 990d7e79ff8304d7466d7254334789b24361daccb182cbedb3dd6a2bf87a3197 |
| SHA512 | f14106254741970277bc3744e4fe9bd1299f16ee7484cab642544784df452c7f1bf607f4fb6811d9786fda1c7ac404a7e14b89dbc901e7e8284ae88c711dd444 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361872633337101
| MD5 | d3d484fbb401cc7f0bb07ce64c1026f4 |
| SHA1 | 37f708db6c1bd9939fbf11fc6a7eeb7376615ea7 |
| SHA256 | 85b26446ce85e288b01a99ca02e4f8948f19c78547c3730bfc7d64f1d4249ee9 |
| SHA512 | 23ed2d6792e7f53f1a938aa88715148dbeb7d73188566fb2abb0bc42d265ee3f826d55b79a5d40dbee5d72a001d2cba30f3db4f1439d0f7ae0ef5fcb30e5a0c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | dec206c2ab56c8dbb089de1bc420dd4e |
| SHA1 | 9a1d92750bef787afba3a299784e5197a996cc9b |
| SHA256 | b2057ea3d7000016c51eb9161e61c04830c8f0caeefd6681b4c01b050a439c04 |
| SHA512 | 1bcd61e21ddd87531ad4327a8e6bb02409806761725008adb17cc4bf9dccbc9d890c438cb1ec7a2d38d66fb9585d640002a9a8fc62cd2c24d3c5d4b8f00320af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d04f89048108a89bc12f983020cf061b |
| SHA1 | 8fa780952bdf4f8b840175fe5ca6a57da8b55669 |
| SHA256 | 08b6101b3a83d7d557967fc06d464dba1e81ca167cd7011b8342bf7364b65bca |
| SHA512 | 4f396c5c1f46c0e9dcf068292e39c49e9d238829805b5d2ed27e827f258140b7ddd13cca6520d0fc29c6d6402362196896831d217764acec0f02129c388de444 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 2177b21663f743fd627ad87fe3b49a34 |
| SHA1 | adcb1705d22633510db55bbf977c519b1f1ad200 |
| SHA256 | c23a90e3c7a51c6d32c0f66a840adf278d1be05e4ca165ab5224d478e8617d10 |
| SHA512 | af9ee5d3cbe3722355929cf1cc83bcdf46d23b7f04a262bfffb06ee5baec1c1ca0bc0d4866f81c489a43fd0a9c847bf33c2dfc197c869b34a59543c841a3e7c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 6153ae3a389cfba4b2fe34025943ec59 |
| SHA1 | c5762dbae34261a19ec867ffea81551757373785 |
| SHA256 | 93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61 |
| SHA512 | f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 485ac71a412cd1ec2c0edc3cd7e2b903 |
| SHA1 | d6383414cea98912ec5bc166e898072c5d6d1b44 |
| SHA256 | 7b68e30f2634e37409ceb25fd06e152a81b4770d0c87b614df6f434b2375c14f |
| SHA512 | 9906dd0e065ab412ee3cd7f20b8c9b58e2b86c259253d8f55f83e2e8f0ff5ad0c844c2633f43469da9969924274fb8ebe451aef80924d79fb7673dbb43ac6435 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 507e44b14dc6b9c4b5feb828da9d4a71 |
| SHA1 | 78d383759398a1ca21bc973be3e52a648b530211 |
| SHA256 | 45567d5f40d7e993f72fff2e0ba1b2915aff701e621d12b9b835ade7fb6334cc |
| SHA512 | 2a218b948d4229f47ded58eca422b0b598402d0dffb6636230a20138fd9d64b65d4a64aac40e5cb7b0d239be8b7b02b4ed3d6650710609b8eaf1ca763dee54f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 9b44e734ac394941b984d120eea09062 |
| SHA1 | db8ca114cf70f32aa7b8e04ec4d2028911476797 |
| SHA256 | 43c14898c6fa97107837e0acc23040e7f2103477bdbddc38dd5f4d7bb76e02b7 |
| SHA512 | c77a5e9f4707529fbcd986484db5a5adf641f089b056c7e82d1870ca33418aab01b1b9a24046bdaeb7e0095656270013bd42f679f0a9a8210f951ccb3b2efbca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40ad34354f145fcab838fe79fab87065 |
| SHA1 | bbf2fe503bc6b8ae2e707bbe8afcb9d899226505 |
| SHA256 | 353b2a1fe1b6a388fb1b24f12eb0c18249bea6481c48b5149d077142dfb88143 |
| SHA512 | 2034a7eb097f66c6baabca73e47810babe8a84ea47fbaffe21cce86a9f7022cc2cbaf3ad131a6f1a5fe74ec909da79ed209435e838e3e4eb768260a290c89e02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 861f7455dab16bb8643355921c202a98 |
| SHA1 | e522b64cec1c98b058d54e410a7db60be3d720fb |
| SHA256 | 13d5e852d4641a8e52b136f44bdf79b49eb7a35ac1066ea6ea5a9d2c81129302 |
| SHA512 | d024d4ad5a9530f029172903b5a1a9776e44a25cdb194a36f0a898c4772c88abf8872e74dc2ba268b491e25ca5cbfcee9b17bd632cef3f6f353e339e69d510b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 754926a4674fbe17e93a0ae5178ce836 |
| SHA1 | a9fe6a6e53b4d5db2d8ae15a60d4bd46ac968b2d |
| SHA256 | 99f5e23fd5a49a2a7d6c9c3a47ef4858111e2f445f11b707a639e46ec0a04322 |
| SHA512 | b18d0fa8b52f8dfad2f31b83f463e945f35d238a7a1bc81280d266f8756e995f240f77dd487b6f516715240e7bcc9d57bc6af116348e2de764bb1715cf7eb142 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | f63d018e1668e7bafd6eb674b464880a |
| SHA1 | 810503e1a8943bb4c0c1d0b238b841f1561e33d0 |
| SHA256 | c7b52ae12cd3d7cc0d2c1d5ca4a534a9da76416b1126b96b94fd6b6018552652 |
| SHA512 | df08ed7b6d6a6ca57312dadfa84a166fe85fdc837ed439cadd78484aeff998b7fd5295291774bf673d1d1ee267be43dfce664a3b0a6e93196675cee87ff66db3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 8550cb9dab95ca6e5780b418f7b84088 |
| SHA1 | 209bdd976fea4253ce1c4ebff6ba48cb8fac29e6 |
| SHA256 | e48c537491e71c1a0b710e70c27ef0c09603292ebb235548172deb7bc692bb0f |
| SHA512 | 2dd643c78af3ab850edd34db230f39821623fb8f849efdfe44125f151e75597d3a2914f3ac6e50f6c546712a46502d992ae79006a1bf0fe0176bd220744b3c78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 335f62917bcab7a9785214089d5b5ad2 |
| SHA1 | 65453f4ede488e9b58dc16ab2ae87ebd889b41bd |
| SHA256 | 70415abc631394b442340991a26c8ee2eaedc08d8af54d7a421c534b8a8fe31d |
| SHA512 | 0d9971989c68f124eeb41d9fb2bca767bf838f13e30486bb99752ffd30f71a63509e9c5ba8e04b220c4c0cd829e732ce4995d67cc60066036ebb60611830c3cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 67392cfe7dd8ba951ffb407e8c6117ca |
| SHA1 | 010b2ccb5d1696df8b412fcef37dd4166a1e1b8d |
| SHA256 | 79f097d38bfafd611164d3525d055e10799eba99a9d44003e203b0148e6c35d8 |
| SHA512 | e072b7791b0bce124fead7f0594b9fffb1680f4edf6894c5181fc10938da79e3dddd9353395a2ab340c201ece3099fbaeb683486ae1ae6d1af7fd120771cbfb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | d5993cc4ea72b6868cbef2449a79347c |
| SHA1 | 4056a06b64b26c15dbbdb3273a4190362adfb74c |
| SHA256 | 6c37cc011f19b742f0d587eea0ebd2caab0f5213183c00edf0c08cd1234bb154 |
| SHA512 | d9fec863cc296d2cae0adafd89aea034d210cc0eb2c8620d3869b03af36ca0f856ca003d7cdd73749c2fcd2d523b8356f52ee2c0a6f14634a2f2ee591bbf3127 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 812b68ab40aec3f0e89fcc6a87bde975 |
| SHA1 | 2c04fa8d0a0bdc1a3252cb69cb02031277fd436c |
| SHA256 | 5fcada95e4e09c1df8795c8dcf8f5c236d1fa9b02eae32cfb1abffc3b9edeb00 |
| SHA512 | e7eef9fa44153083e169f26cd0ce9cdb21998e443ed828f4fa9de4bc9bcc9f08f6335e4f091a0a022101067e45572bf004aa06ec0a5c65f2c5a1e9c393842c52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 2c15080f84e6318f4581386be7d045dc |
| SHA1 | 29671101027de1ef10fa052fdb9ddb5c48d77aba |
| SHA256 | 84f635d74316f4f71f89f31e222851f29fbcc0f53310f55e70da41cb550cbe31 |
| SHA512 | e9f3cc9ad35a8ef1c1cbbb8c0806827ffeb8dfae40c4145d4695c1796263587d16475c3e4efa8f904cd53370b2dab0ff78713dd7f254d56a8cdb0298f1ff9579 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 5e51525a9d6820b7d0d5e3aa2e0c40f9 |
| SHA1 | 51fbc51d9903c5a886773267699168fd983c442a |
| SHA256 | b81604f2bae8010c23e2ec8a1d2eab1cf26c98569ac09be08328050ddc95925f |
| SHA512 | 44d53bffbcd921b1d565ecbfb24399aaf6f4ec880dd10e115ea98e5539a6da312ee7aef525b408c860285c6efda0f18363805c0d6ec165544a71d2f72eade4b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 79f3428ddf09d3594790cf34f211a9d0 |
| SHA1 | 03432a63ef5d06ff7225ff1d2cc14003f9ccf5cc |
| SHA256 | 06d633ce789174c106fedcffa1017ca9fd2bd420ccda4fe5b75f6ebfe89b0183 |
| SHA512 | 493998846c3f3463b5aeb06688b4b61d6016306290757fb7b512d2cc421f3816f1eddb4c2d1763093e4a1671dc9099e2bcf18276455f8e01fe805d53d2db92d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 093e2083750e521a4e6ffa1475f4a53f |
| SHA1 | 467bb0c2c79838f14c2c653df11000d07ccdd90d |
| SHA256 | 47d58a5b6545692805a8c9e218d238e1498530660d6dcc2df97aebe7a4d77271 |
| SHA512 | 39f0e92957ac0f5ed0ee9ab2cc925de7c79f769fffc5f4bafca2de0e05ba211995be29199ac3227367bd9feeccf7c63ac1dc43f997ec5a5744d5f755d1c7aa6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 532eec79750d2f516cdc01250b48bb30 |
| SHA1 | f585343da757b3d389f9f3451555f02d3be98558 |
| SHA256 | f9fc2533b71c3c86398b2e34616afefc708d09768891619477a3de87b52f0c2e |
| SHA512 | 7478aff84490da78401be3076861eaffb242dcda48802fb4b799130eafb824fcc93691d5c649ef19f3e5ee5709b96bc3bdb931da65a78485c421c7acb426a31c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13361872633078101
| MD5 | d0dd0d65f7071701a995403c3623efc5 |
| SHA1 | dbb9c5276ef8011f94412d1bfe8ec8f8f1524331 |
| SHA256 | fc2626d60ac0118c14377a22278c54136973d898db769b3cf23c1638d5290297 |
| SHA512 | f1becd28398662a3ec1e9a8e3b3b8e30c6c25558451cafcd2bb7f213a05fbd0ee83fa16a9b9eaf7a0efa22f6a29d03cd865ec6c4aea2454609de26346695ab03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal
| MD5 | 10c3de68a67288cbf5a2c2d092aaf874 |
| SHA1 | 7c86ca631baab93aeb45c9ca40b7c39e539d9e83 |
| SHA256 | 97ac4ea5a4c1324028e01b60e3c4e7aac7880f041f40d25697a1011d3cfb4603 |
| SHA512 | 8092f420eff7dc5ff593d18cd0ab28c9a4efaae34333ff0420c334b5ec18494d634c966abd89f6cb69baae5f7c53a7cc86efc9d7a89471f562fdf67386907ad4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e8c8c4fb2ca750330d92badf40362cfc |
| SHA1 | 8badbf9162965ac00bc138b6158bd24bd4f999d1 |
| SHA256 | 760b3ede17cc9f1957d0af3ecaa4b3efcd1f0c6ebab82a47567c6c00e1c282a6 |
| SHA512 | c9a486663c29543dfffbafa2d436bb3e9fda0c8111e373ae18c88f03e99b7691a967f07596ad1c2fd8fe1308212b30860361eac9b180ec0c885a7892889cede5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a391f02c74bc62898a23c51bc80c7d0a |
| SHA1 | c21984a3f2b2cddfe9aaff6a7414c33f1d1e8682 |
| SHA256 | ed03e5524044a65a549313ad5abe28c405a9f4c45971c8dbf54810eedcd048b4 |
| SHA512 | 7d38a2d9540f73b1c292733ee35811c89714ea0afe8d6eb5b37dcccdda1a2001f90fecf48f31afca522de2df8adcd9fdc7212449b9b68da20de7054747d1f3a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 9204768915e31c7071a57007ac44a38a |
| SHA1 | b9fb2334f71335ccd4b0c348096d2d6038ddc4d3 |
| SHA256 | 234b5e526a989ec1ab3a7873ca21acf2d6d4dbbfb17475c243ce7d7236ca6fa2 |
| SHA512 | 0c5b5aabc104a62a97e14882a2e3ac950202b9f334eb94677d74c5012e3ab079809c00b2d631ef9e40597df218565e8f5bfda6ace55c554381dc999086da1316 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b244.TMP
| MD5 | d2acda657f0697de298580db62c38b6b |
| SHA1 | bef5f1a7a8e40f6d0543a746f5d5247c63f5b6fd |
| SHA256 | 28132edcb89ae3289f17587f4086bb7b3e2bf4b0b104ef535997c1fb2188c1cf |
| SHA512 | 46a62a4c404a757c473c0f4eb7ce9f3642724bc400f74f73388e255332c3a40083aea15df7633c7e098b01448ec69ac78747d3341363361a7fe947cb6acdbe8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 918c83d4d95b8f2b103926384435b222 |
| SHA1 | 4c6832a40e3d96b8314af30effc9812a90692559 |
| SHA256 | 90912b2919688817dd7a6bf9dd8c7547f00454041b6f7f79c8396bb483ff73eb |
| SHA512 | 1e911dae7d82cbc1cab0e6f78131ea558d713fa6c875c4fe41c7a5b1bfb40915651840f1072e70f16c75066432bdc831bdf7f59eb1f87f5d9bd1a213bf6ad243 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c66ae757c42568c9a0922079833babb5 |
| SHA1 | e00a4ee4c170e932b2ee0c48bad043a46b195975 |
| SHA256 | 8569cc68b42da0434f786ab078f4890f26d19ae36fed8e4fce219e00c458a258 |
| SHA512 | d734793f25131bfb4fab61f990125891bb70f2777e18f128d90d6aca5c631f70ce3583d757d369c4ffd0117acee4ad7e8a48185ad3280629cde22124e1a2ccc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | e09f61118b4be1386d24242390fb563f |
| SHA1 | ab5fb1c699c36b4510743fa24f0b06dc70ab8397 |
| SHA256 | 99c931f38383eb00b3322318221f1f28e4272264eaac7da21afacf5cb4eda814 |
| SHA512 | ea751bfaa5cf483325bead5716ac726716089c6d7966f7da32c8bc4559d7e898f50b8ab7a6f936968981f18dc6aa987594c4dcdf8d6ea6de11bea57a278eb0f1 |