silverrat | 39d7726467f9ecdf9eac4e61ca9db7c8e302f2fe9b1c953cac8cd2db7e4a94e4

Resubmissions

27/06/2024, 17:02

240627-vj6eastapj 10

27/06/2024, 16:59

240627-vhd9esshrn 7

Analysis

max time kernel
149s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240508-en
submitted
27/06/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SilverRat.exe
Size

40KB
MD5

e7cd0b7ac87904d319d01a6adabf71f4
SHA1

750432be8e562cdc98babb73bc9261c81fa9a802
SHA256

39d7726467f9ecdf9eac4e61ca9db7c8e302f2fe9b1c953cac8cd2db7e4a94e4
SHA512

5c8f2705c3dfe2e82c343956119d9931e69309807496fbd42b917dc7a161ecf896fec8e9a2db8fdddffa1803bedadbe8157293a322cf81ce5caba3e7c695ae8d
SSDEEP

768:4eCVJXgYwbRWfbG7vQocrZ4RUu9l5BTx/B6SIGgQkxUx6f:4e049cd4Gu9DofGghxUx6f

Score

10^/10

silverrat discovery spyware stealer trojan

Malware Config

Extracted

Family

silverrat

Version

1.0.0.0

y-blair.gl.at.ply.gg:37392

Mutex

SilverMutex_RCLzDEVlhY

Attributes

certificate
MIIE4DCCAsigAwIBAgIQAKQYOfZd86J2BfNjhG4CWTANBgkqhkiG9w0BAQ0FADARMQ8wDQYDVQQDDAZTaWx2ZXIwIBcNMjIwODI2MTkwMTA4WhgPOTk5OTEyMzEyMzU5NTlaMBExDzANBgNVBAMMBlNpbHZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPbpOWfhZTuOfEaqqImTTe5dNHAAry7/mf00DCoI4lPZfypsc1tYraxSPFeayGu09a3qdhkWKSVIgwnu2n4GLQNOCY9fh/1oyrX4Iir3BIkYeU7pKTWgjhUlAmFAUAaNr0ca23Ku2kN79jrDzRznOgE2DEW4p7OiM4Mb097ma9lzu7MyssHbY4VCteAhj9HZiplqBxaC1vXDmzxqG+gUZ1aLcyG7ssdkOjtWVBgT3gD/gOl7KchRzCFB1egDC/vD9WZCG35U3Ngi+IkTznoXR1R06cq4v0UnGjE37R2vcB21qb0ZYNiZJXZHv5i9+R7xoPeNoLda5PqnfGGbhPvNEdD56mdcOKlzGIuyemLkUo8texdpiBWKbtc3JZf5VsKxjJtHDK3xW6gDGI+PAirzGkFPmwcf8WgsblvzLg8OZpVxVs8rmKWoi6qIrf4CXnyl73J4lgzW+ir7PjANAQXwLNGdNnvdMeLeo/muGQPdeNpr6OczGGnkWA4qniHeL51/Gx0a8A+jP9zKiyu+qHcsP2IotgWDH/KlzJVr7IAum+DV92uV8poTDcUNcHaKvhHA65KmEtsvLbK6lFZcAMC0eWC0VgpW44T1/16rOaaky5mP6rTMc3nSyOl/lU/XgAgGGQPe22bRLWYzd3WVeEpI1WnHYXS+tL9IOe4kJP+pYsWDAgMBAAGjMjAwMB0GA1UdDgQWBBR32TJj2LeUx9L+RcSOvmFV6VJq6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQA+qucSOi7ov7Q1FmAjMf925KuvKuCNwJiu3Sqo3FDGVAD1fAwAi2FdyuXEO2VIUPZCkalFcBna5rqyrc6tcS4T0IL2TsYLrsuGir7PWP7CAcft1urYS1HpNpHxeH/nixwnQaQs/MuRmdm2TeCj6G21P5BTW55U5y9sMPSYwhbD2N7XLgnSQd5Y+80TR7FUiye/k3D37fI9PRhSQGbfYFRQQTmxj84dPTnY5CVgaY9d8fNiFZkyjaZdf+mibK0xQTf+xLVVj+toDNCkc1F462TdmFhCrHd4PoMo0yLDNv4SC6NLRq4haWDRtORw6gd5GYIoCQ3m3oQvNlNxXhhIjsOyxkxOrkCD0c+57PIc7EmKXieJa/XxnkcIVxO8dvTY/vijuz/VaZYl/lPu9ckuqgJ1wRvvsHl70Trv4Mn4X5uCIqRFFlK/mSOZbLIguGkDN3QIZABvej89vlZMhrVfZOG2oawe23FskHjv7thF/WzOXtWw6RUVC1V+hCwbuxFNUjZmmOTUwdXHnus7I2AuiG6Jz1+y9aYiXBcVTdSljxjHRRmiRaAnY94h58vN8NJ4hKL2GVCo6LxkpuplmcntJN0cKraKTPxSXcCRrqWxX9qoIbfvBcUU4vH1jPJCCLNCuDyD3lgQkpPVvq0EMU1a2HFGgMEQMjpYpb38rcadDhT5ag==
decrypted_key
-|S.S.S|-
discord
https://discord.com/api/webhooks/1254164826926747739/Wuo-k9D7pwiyZbxrzS41vUDbPJQQ2yncHAAPPuV17CVO498rGg2p_J8YBllYR4nATQRm
key
yy6zDjAUmbB09pKvo5Hhug==
key_x509
QXhSRUFZWUhubUxucHlkQnpUdmxFZVZSRm9ERFNS
payload_url
https://g.top4top.io/p_2522c7w8u1.png
reconnect_delay
4
server_signature
P2FNd7DrnKIsvFGLnuhb3WYnLG5hZSrpwZT3lAbQtDa5e/ooerFskhX1g5/OkvpA2CVqm/2SvCZ0Og4tuT0PhZJC80zF0Wgs6xQtxORbepTHevv/5jiC05IcCs+ssEYFxVKlv6LGsHae05uYKlsbfHXedCaKPhaZ6D6faLVODS751R4ffGr19Av1C5B76ock4Cu6EcpiQ7YeDT1zxiQ0EvoB44WqC0+09oHLikoEPAcvKKogk+/WHKayE7UbI+U8wIVhaht3Pe18NxzSWwU/ZlO368aALU+yTm1EUQIlEba5Nn+GGTl0YbTiv9rz8sqhXL6qyqf6GnQ8EVM2hfN05D5etNhRhRE5GfhDIucF6/PP6fDoaCQc35AnD2vOWQlSrVcKomMKqS766vAAr/sOQGSgacLDqfq9tmsMky5P/N92o+wFCAaqk7J/WYrEKxmWahRMg7Cs8/nTfhLcVIB36Ii6rt0/bYfZNvu/BLuvXVupLuiLoTgg6sGRMrI2l4tjpdYnLY0CilAcd+yP/Wy2T3+bBoVlWcGQ9ZIaAtLUsvWXhjY51U4al8+QBdczFiUKXSKA1WZ/6D+JxMwWsGxIssePT1pzUjDijoJbZg2LiA/sM0aDhHL4v9M+3D664GnsS0Ia1goOt+yh6clITI7LM8xFkqZOYOx5PSZRzvEABS0=

Signatures

SilverRat
SilverRat is trojan written in C#.
trojan silverrat
Silverrat family
silverrat
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
2	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2036	schtasks.exe
3836	schtasks.exe

Suspicious behavior: EnumeratesProcesses 63 IoCs

pid	Process
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
4640	SilverRat.exe
952	msedge.exe
952	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4640	SilverRat.exe
Token: 33	2364	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2364	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4640	SilverRat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 1168	4640	SilverRat.exe	78
PID 4640 wrote to memory of 1168	4640	SilverRat.exe	78
PID 4640 wrote to memory of 2036	4640	SilverRat.exe	80
PID 4640 wrote to memory of 2036	4640	SilverRat.exe	80
PID 4640 wrote to memory of 5084	4640	SilverRat.exe	82
PID 4640 wrote to memory of 5084	4640	SilverRat.exe	82
PID 4640 wrote to memory of 3836	4640	SilverRat.exe	84
PID 4640 wrote to memory of 3836	4640	SilverRat.exe	84
PID 4640 wrote to memory of 808	4640	SilverRat.exe	88
PID 4640 wrote to memory of 808	4640	SilverRat.exe	88
PID 808 wrote to memory of 5076	808	msedge.exe	89
PID 808 wrote to memory of 5076	808	msedge.exe	89
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 2716	808	msedge.exe	91
PID 808 wrote to memory of 952	808	msedge.exe	92
PID 808 wrote to memory of 952	808	msedge.exe	92
PID 808 wrote to memory of 576	808	msedge.exe	94
PID 808 wrote to memory of 576	808	msedge.exe	94
PID 808 wrote to memory of 576	808	msedge.exe	94
PID 808 wrote to memory of 576	808	msedge.exe	94
PID 808 wrote to memory of 576	808	msedge.exe	94
PID 808 wrote to memory of 576	808	msedge.exe	94
PID 808 wrote to memory of 576	808	msedge.exe	94
PID 808 wrote to memory of 576	808	msedge.exe	94
PID 808 wrote to memory of 576	808	msedge.exe	94
PID 808 wrote to memory of 576	808	msedge.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SilverRat.exe
"C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks.exe" /query /TN SilverRat.exe
  2⤵
  PID:1168
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks.exe" /Create /SC ONCE /TN "SilverRat.exe" /TR "C:\Users\Admin\AppData\Local\Temp\SilverRat.exe \"\SilverRat.exe\" /AsAdmin" /ST 00:01 /IT /F /RL HIGHEST
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2036
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks.exe" /query /TN SilverRat.exe
  2⤵
  PID:5084
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /create /sc weekly /d SUN /tn "_Task-WEEKLY-01" /tr "%MyFile%" /st 10:00
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcb01d3cb8,0x7ffcb01d3cc8,0x7ffcb01d3cd8
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2008 /prefetch:2
    3⤵
    PID:2716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2036 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2344 /prefetch:8
    3⤵
    PID:576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
    3⤵
    PID:1812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
    3⤵
    PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2000 /prefetch:2
    3⤵
    PID:924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
    3⤵
    PID:1376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
    3⤵
    PID:4280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=4580 /prefetch:8
    3⤵
    PID:2008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004EC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
c0dc0b433428a2329ffc182b2ed66527

SHA1
aca88da486b0cacbf1d9084fc7dfa819eca835f2

SHA256
d46d305170477e13210f79626974f1276f823ba5471663c4fecd206fb0da3cac

SHA512
731836b0482e0deb1d28779c3689245c4de87673fea8a34080891eac08851a08edaba824f6853f09244a6558930309dfefdfd8fd5d6131c0786947970290fe4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Cache\data_0

Filesize
44KB

MD5
41f17785bafa8baef4c3597945ee6870

SHA1
ec6496312ce9046cc459ccdd8a143a71b6d10fcb

SHA256
49886e51f3c176cb2f4dde9e5519444655ea859fff89e43410b28e315c5f002c

SHA512
f9d2332b20cd50e037b716d51761384db376b8a1e6ccdeabc3c9a820866dc7cbd4af2047057cf5146149d71444f61c544b2ef020efa0ced37bf342ba72f19ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Cache\data_1

Filesize
264KB

MD5
54f79705c2c2c96bd4f00233dd8fe4d6

SHA1
9002bba5f4927f85f5d05fd592a3468d5d46679f

SHA256
929b04844452fc9add632a0bec0c77fc0dabdbdc05f1dda2a5180b98cba93c7a

SHA512
711322017d6a917289f60e53ff88a7f94bd47d860af91f9fcb4ba140684a77cfe9337698ede56635eba0437d85c286d231cba94e5269213887e30ea78888d56e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Cache\index

Filesize
512KB

MD5
927de8846c6cf7be7058d7631fa441dd

SHA1
2233d0d3fddbb923c816a1053ba3e0bac8ee5a05

SHA256
6fb04d923c32f57667a0f620d02cc428c57bccfff178cc80b18174dcdbe9915d

SHA512
32734f6d70981995d5a50606761428504f8eebd146ecda702e04d5e63b432eb26126501eadf14801d57787e4f6d97281d8eec347f105cc49eb6b2758c4d9353c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
cea37bd59c1e02fa83c3c76e5640e17e

SHA1
025bb09841e360b4d582d8efe28402e792b0aded

SHA256
a9307ecdba7b584f85822879cb6c38c8f0af6e997a6a697bb655ec2524112e93

SHA512
a40842dbb946b1a6c0e334456350cc9ca4d74ea9c4fe5e017aecfebc71581440ec88323aaa628ce7a591ff230d063d2a7c21c80ccb67d2af331399661c225d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Cookies

Filesize
20KB

MD5
22be08f683bcc01d7a9799bbd2c10041

SHA1
2efb6041cf3d6e67970135e592569c76fc4c41de

SHA256
451c2c0cf3b7cb412a05347c6e75ed8680f0d2e5f2ab0f64cc2436db9309a457

SHA512
0eef192b3d5abe5d2435acf54b42c729c3979e4ad0b73d36666521458043ee7df1e10386bef266d7df9c31db94fb2833152bb2798936cb2082715318ef05d936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Favicons

Filesize
20KB

MD5
5688ce73407154729a65e71e4123ab21

SHA1
9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7

SHA256
be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60

SHA512
eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\index

Filesize
256KB

MD5
8b4abf02e6e06e3a3d250711c66d903f

SHA1
189edbd1a33eef956f94ed3a86cd6d7f6572710f

SHA256
fcdd949ac2bb455e78f3ae18a51a05200c81344ad39390cf1346f2b232980570

SHA512
aeecae47ce5e33120569132ef1f0bfa1b896e17807e4721fba8aaa31d2a13d45255cb689ac08695216ba142b6ac7191e277d7d6208cfb3f4404b53fb34b31ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History

Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a82f7db7145411c128c7a86ec690bd7a

SHA1
b42814a528daf9974945328b5ae576c8b2e994ac

SHA256
3bcba71c9e2b29d3662ff529b85c272ee6399462a5f53ff268976a51bfd95904

SHA512
1afd89ab00439cc816040324c78175daf499488d000fe21bcfb4cb66453703f09b5e188dfbd09b9d4a8d9182e9da1bd9ea67c5cd702ecea9057bbd396725c5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG.old

Filesize
293B

MD5
03b792660c1979b6058c4ccec5719f6c

SHA1
1a3d9a38bbb33e957bb777b96c3029652d959bae

SHA256
4df89ec174ca74b05807f7745a2a58b346096fe7870c7f67510abd85e432e430

SHA512
419e87538b635ab0327759a5dea0a9d948e09ba2e11390c40a0bc25f51f57b6423b1c9ff3d54a18c7ce80a9346e0779ecb4b2a6e1074129df0e006e623b09575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Login Data

Filesize
46KB

MD5
14ccc9293153deacbb9a20ee8f6ff1b7

SHA1
46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3

SHA256
3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511

SHA512
916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Media History

Filesize
76KB

MD5
cf7ac318453f6b64b6dc186489ff4593

SHA1
b405c8e0737be8e16a08556757dc817bd02af025

SHA256
634434e865f1ba1b90039bd5afd8f01bad6d278377106022ea2a9c2d8778d31a

SHA512
b64e484d16222d8de31f53cd60b719b7d855bbc552a7d052e202382bc3013e0edaceb31e3a287f2ea6b7117ccfdb8a56ea9d7da78535d2c606183072ecd084e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

Filesize
5KB

MD5
1a6bdf3d9939e199342d313a37fea47d

SHA1
97d1d001f2041606419f69e0bf61ba898a01a601

SHA256
7b9f74d18029dcf273c29e5d91ae0ce32b79dc260e61875f9beca53b9ebfe7f7

SHA512
a2c4c45a4f6d670890a309630bf689ce2adb428b2a489d597d974250182073437da5a50b95c4f8f63e555430cdad1bcb5268c01c0a6fc8dead67c2ab371ae51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

Filesize
5KB

MD5
11f85becd7491a224260f5a3b058531a

SHA1
6fd6a18b25880a3cc211b905986ec58ecea966c2

SHA256
a0986441b7c3c42ccafa6e5b8f006ad99ea3e314326c19205ed11969ab6e5d2b

SHA512
fc1245b9c0146cdeaf9a747363462b10fdee5b45f30bb1836659576ff8728183c2d812431d3d8e607077ae8093368821e211c432be141f273c3699cc1ee5b997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

Filesize
5KB

MD5
00671d9549fdf52c992a9ace6bb9e36b

SHA1
98317c5c1d35f1b91f4f8075fcd4e35ba07d81e7

SHA256
d738039de6b921ebd8df629ef8cc1a20faf4713a810a47398b344d88546deee4

SHA512
d974b5010a9679e289d476820c858c597c0bd0821fa4ad557e7b591b649d7ce73ce917de6ebaa4286488bc1c7a6d6994e973c343acb37656a6278c075d3f430a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Secure Preferences

Filesize
25KB

MD5
880fa6cd6287ab89a7a884e14c9a1e6c

SHA1
8e425b95361cb6f094899541c65f913b6f90902b

SHA256
c93d1c7515d61c8f691a362e2d80f9ec8df22d8c04cbc2144e3fd2614d981f46

SHA512
d9f0bef53832990ed5a9a17a90193956bbb20b0eb8eaf5cf564abe2300109450bd9bfe241fe48dfe71639dcde43229c52544af89dc7667226dbb6512c4a36e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Session Storage\000003.log

Filesize
99B

MD5
ba92e5bbca79ea378c3376187ae43eae

SHA1
f0947098577f6d0fe07422acbe3d71510289e2fc

SHA256
ccf4c13cd2433fe8a7add616c7d8e6b384cf441e4d948de5c6fc73e9315c619f

SHA512
aa1d8b7eb9add6c5ed5635295f501f950914affc3fa9aa1ee58167ed110f99a1760b05e4efb779df8e432eab1b2a0fc9cf9d67a05b2d5432ff8f82c620a38a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Session Storage\LOG

Filesize
279B

MD5
8602f8605abbcdd1571e0763905d20a6

SHA1
62a788397552adf6fb37ee635d5fead78fe98d09

SHA256
bd34742b8ece6f9be78eb73d3a949c4380aaa1775b32cf2976e2c4fbb5cb3147

SHA512
579026315f5487fe38fd0a9bc65cfacb0aa3764ec7e19a6164c1652e00b6e9f1c2a3c84cae15061f3d76c563903d92de8cae4b920550dfc6b2f351be4181bf66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sessions\Tabs_13359656792278346

Filesize
717B

MD5
a18a7044c86731d24877e8fe1522adc1

SHA1
d67a9d965d5ed113fcdce91cf4fdd4be9dd19f89

SHA256
b25f655adcbf7defd15a846a2e6e6454b054461a894b54ab7c8640ba8620061d

SHA512
a707e2bd59420b52bde602eeee4693e19b65bfed0a8eeb1b7738d26438b18889566affaba9629aea9a7881a2f6fc856f2761922f3c6a5f670538963d4467fd0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
4004d8cad799d130f7aef50cbfb38a71

SHA1
6fece41171a949aa93d677f97c02247df314b59f

SHA256
66f5e95cf6a3a358bea7def1f41bee12c84190b5775c7b5f48e76f667dacb00f

SHA512
c65bca54c378ad279a53c7fd8d982dd7e0613a2e8c85509e0043b342b3bbf72a1d8329db0df68c4c1f6c6f60a8ae23336b8331d71c98a4f221506490702fad58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG.old

Filesize
309B

MD5
2e2060df1cbaadb4f41b0fd3fa23a9c1

SHA1
87317235ee66aadb9cf717a5edf8089982415da1

SHA256
0bfaf052ba1e1ac8f8b28c1aafbafacf589af6f9d0cef1ee33cea977525241dd

SHA512
8195c5eb2d0475a0b685c7ee532155cb28351a390d0546a544b3429272b08f2d1aaaa889da57eb56fad872b45e55d425f074152be4373a4032217142cdf982d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\000003.log

Filesize
46B

MD5
90881c9c26f29fca29815a08ba858544

SHA1
06fee974987b91d82c2839a4bb12991fa99e1bdd

SHA256
a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a

SHA512
15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6f55f47e371bdfa5727ebaf0fd1741bf

SHA1
2cff9aaf8dd0bd0fcdc6b07a866cf134fe9fe640

SHA256
313b5ced68ccab787291f1ced5a0e77102d7e070bb0bb75419efc7bdc15584d9

SHA512
a111eeb0dde5b3c7f051369549e1d55f98e28591178a0327299f4e10a1c15af4426eac5ea42070b8a74f0e98607ace19f745d66f3ba8dac3cbb110e5082a5e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG.old

Filesize
285B

MD5
e11ee6a17f2c2f2f799645089b3ce365

SHA1
f1d4ebda4833baf3ab3bba87c8629db3f71d8bcf

SHA256
4211d567631dde46ee0fab0941c7adb3060bb6064b6c8d3773dd313d812ed259

SHA512
9fe3e5cacd4733581538baf9640ec6d1f48a50011d6671ccfce125ad0732c95d6cdc7e532fd42c11ce75d264b27132a0c780399290492f3be4a052fee2faac82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Top Sites

Filesize
20KB

MD5
325ddf165383376a8e530a8288a9fb73

SHA1
f451204bb6f3de9de42f27bd887576b083026e87

SHA256
53eb4fcb3cbcaacd4d94036c9379715990f86185b8ef7fd18cb27665193da6c8

SHA512
edb9c49956741560f40df102b81c3b558b1ae9ce902040f89cecb2fbbf60277dcb73f68d8b7c60340a92c46915828b7a204420292d0a4906ac0e9082943ad528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Visited Links

Filesize
128KB

MD5
1a6ce6b004ff51f47e00d79e39321d83

SHA1
de958462f70588ab8e90a4cd5ad4203d3e7ed442

SHA256
79dda63ffb7db22d2f80742543c4e1d32fb741b86da5455a74fe8fea91a7946b

SHA512
fc856c88a3c829d994e50311858a0c6720ba0071c9864790549f0cd6043ae7a77f4d4151d4e0b26a8b81ae4a36a477bcc4eeb033813494da9800174ce1452ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Web Data

Filesize
112KB

MD5
87210e9e528a4ddb09c6b671937c79c6

SHA1
3c75314714619f5b55e25769e0985d497f0062f2

SHA256
eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1

SHA512
f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\load_statistics.db

Filesize
44KB

MD5
4a358a0609128a02169e8308b41d5fc8

SHA1
81c70f697b964ac333c2f11bac8e7fdc84ebe7e4

SHA256
d5de9872d179b014153e8a9e1f17bce28d11ca92ca10eb617e148ba9bce7d9db

SHA512
c73d67464b3dcb2392faa3422bac5699a3530fa8df5755cc4d25f9ae5fcfcaa1b9b140c05089847cc8ee338623acabe9aa95ff2184484daca1380b7cff066012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\LOG

Filesize
279B

MD5
ac61c57b19652426a5a1de83d452c2c9

SHA1
996f982e7f9e365ff9be4375af9d70ca1792601f

SHA256
bf65f5ad369f4ee35734c1f30c7d88003755240087c6e9e1ed325680842aa341

SHA512
7691e3a1c409ff1a973d300c5a94a3ac8d2999244fd937cedf392a60f2e031795e5aa6103b2fb76bc204560642dd878162736e061325abcd8937f1a3173a315e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\000003.log

Filesize
90B

MD5
e4ed5231afe51e01740db96825edcc1b

SHA1
630576047360a2f23417996d8d677a52ba2e4961

SHA256
ca261950cfc5c0c0269855e1c7c356e4e3dbb6851c836eb5888545c3c92e5ed2

SHA512
902a7fd0dc6688dc9b6f3ea7b06748c5bb22901edb299782adf819b66d79dc0ef99d3af459461811231ff2b1024e542935fed319376d21298d5b0fb207266bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\LOG

Filesize
297B

MD5
9f4ca57fee8d7f9cf80484dbe4ded426

SHA1
ea128f6c12282d046e9a3e665ce9a804485f4a05

SHA256
a3b99fbf2cad4666b16feba2adb902d567a8732539c8e032f79e3426f22acafe

SHA512
40648f4a656de7ab7a642de10d111e9c1ebfc6d05705e2f26b6bf19c9119cd71a81d303e449e7f0b182dc0f253703a859ced04fb6baf2b4fd26897aa97b525e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Local State

Filesize
8KB

MD5
cc7a686a170e6638be8159ed2a094afc

SHA1
4965a4170df5c1beaa972e2544dabc74e051f990

SHA256
c3cd24971d0505b77912e50993422e3f5523c81fe86595cbbf387cf06709addf

SHA512
b4497be39e659917e8a496a1c7e28f007fd215da7914b80aba8f341569026bca2cb98735a16c3208d23e0d39d970fd87036575eca8e48c156d343d617bb21f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Local State

Filesize
10KB

MD5
83695bfe717e267ec9ffbc18254226f5

SHA1
7654bf0b191c497814e3acb291675a6c21b085cd

SHA256
01ccce68146d0aa8228fbc80e76b6d7929e506b529272cca105304745ea1d4ad

SHA512
8f53de905b8a7fc25f3a122dd1f9d4fd5200cbbb2f16e2d693005b9762e2f88aefa6896a1692dd49c5c919b16eb4e0544c235d808065898302bc8652a2d80083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\download_cache

Filesize
184B

MD5
24127606dac5cc6142848b0387a3afb6

SHA1
2dd825cba2ded5f73de2f70d3056764788d6b3cd

SHA256
7680b8117dce679eaf37a1c4670506fda78781cfcd994295b5108db18fbbc3a8

SHA512
0c37b62b580255716371554cd47a1d7aa15a92b5376ff66d42cacf1e2fd95c027e7f8781231c4b0d9ccc17521a94f1e719cfd2307853d6d7d72dd8155ba6868b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\warnStateCache

Filesize
72B

MD5
3f66f244278461dd07a3feb77a17712f

SHA1
8d570b550699ad0f248ec98b5d678f54248c0a84

SHA256
203ce5c7c1680c6e98f5ceca920e9d904122a9e26a743191e9b0fe1f6584ed60

SHA512
8d4733222e2e0bbc18370055d0602d0389e7a562887e97b2e54073017ffea024e9b1341ed95e28883861ef5e0d4fa9d27ed0894912ffe167632aed2e4cf53e7d

Download Submit
memory/4640-17-0x0000000025880000-0x00000000258A9000-memory.dmp

Filesize
164KB

Download
memory/4640-21-0x0000000026070000-0x000000002608E000-memory.dmp

Filesize
120KB

Download
memory/4640-22-0x0000000027380000-0x000000002738B000-memory.dmp

Filesize
44KB

Download
memory/4640-18-0x0000000028570000-0x00000000285B6000-memory.dmp

Filesize
280KB

Download
memory/4640-20-0x0000000026060000-0x000000002606D000-memory.dmp

Filesize
52KB

Download
memory/4640-13-0x0000000025930000-0x00000000259DA000-memory.dmp

Filesize
680KB

Download
memory/4640-6-0x000000001C330000-0x000000001C350000-memory.dmp

Filesize
128KB

Download
memory/4640-5-0x00007FFCB4D30000-0x00007FFCB57F2000-memory.dmp

Filesize
10.8MB

Download
memory/4640-2-0x00007FFCB4D30000-0x00007FFCB57F2000-memory.dmp

Filesize
10.8MB

Download
memory/4640-1-0x0000000000700000-0x000000000070E000-memory.dmp

Filesize
56KB

Download
memory/4640-0-0x00007FFCB4D33000-0x00007FFCB4D35000-memory.dmp

Filesize
8KB

Download
memory/4640-41-0x0000000025390000-0x00000000253A8000-memory.dmp

Filesize
96KB

Download
memory/4640-19-0x0000000025E80000-0x0000000025E89000-memory.dmp

Filesize
36KB

Download