Analysis Overview
SHA256
39d7726467f9ecdf9eac4e61ca9db7c8e302f2fe9b1c953cac8cd2db7e4a94e4
Threat Level: Shows suspicious behavior
The file SilverRat.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-27 16:59
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-27 16:59
Reported
2024-06-27 17:01
Platform
win11-20240508-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SilverRat.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SilverRat.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\SilverRat.exe
"C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /query /TN SilverRat.exe
C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /Create /SC ONCE /TN "SilverRat.exe" /TR "C:\Users\Admin\AppData\Local\Temp\SilverRat.exe \"\SilverRat.exe\" /AsAdmin" /ST 00:01 /IT /F /RL HIGHEST
C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /query /TN SilverRat.exe
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /sc weekly /d SUN /tn "_Task-WEEKLY-01" /tr "%MyFile%" /st 10:00
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004EC
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcb01d3cb8,0x7ffcb01d3cc8,0x7ffcb01d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2008 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2036 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2000 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1996,3576685104962172225,1255224610493316989,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=4580 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 147.185.221.20:37392 | y-blair.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 147.185.221.20:37392 | y-blair.gl.at.ply.gg | tcp |
| US | 147.185.221.20:37392 | y-blair.gl.at.ply.gg | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
Files
memory/4640-0-0x00007FFCB4D33000-0x00007FFCB4D35000-memory.dmp
memory/4640-1-0x0000000000700000-0x000000000070E000-memory.dmp
memory/4640-2-0x00007FFCB4D30000-0x00007FFCB57F2000-memory.dmp
memory/4640-5-0x00007FFCB4D30000-0x00007FFCB57F2000-memory.dmp
memory/4640-6-0x000000001C330000-0x000000001C350000-memory.dmp
memory/4640-13-0x0000000025930000-0x00000000259DA000-memory.dmp
memory/4640-17-0x0000000025880000-0x00000000258A9000-memory.dmp
memory/4640-18-0x0000000028570000-0x00000000285B6000-memory.dmp
memory/4640-22-0x0000000027380000-0x000000002738B000-memory.dmp
memory/4640-21-0x0000000026070000-0x000000002608E000-memory.dmp
memory/4640-20-0x0000000026060000-0x000000002606D000-memory.dmp
memory/4640-19-0x0000000025E80000-0x0000000025E89000-memory.dmp
memory/4640-41-0x0000000025390000-0x00000000253A8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\CrashpadMetrics-active.pma
| MD5 | c0dc0b433428a2329ffc182b2ed66527 |
| SHA1 | aca88da486b0cacbf1d9084fc7dfa819eca835f2 |
| SHA256 | d46d305170477e13210f79626974f1276f823ba5471663c4fecd206fb0da3cac |
| SHA512 | 731836b0482e0deb1d28779c3689245c4de87673fea8a34080891eac08851a08edaba824f6853f09244a6558930309dfefdfd8fd5d6131c0786947970290fe4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | 23da8c216a7633c78c347cc80603cd99 |
| SHA1 | a378873c9d3484e0c57c1cb6c6895f34fee0ea61 |
| SHA256 | 03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3 |
| SHA512 | d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Local State
| MD5 | cc7a686a170e6638be8159ed2a094afc |
| SHA1 | 4965a4170df5c1beaa972e2544dabc74e051f990 |
| SHA256 | c3cd24971d0505b77912e50993422e3f5523c81fe86595cbbf387cf06709addf |
| SHA512 | b4497be39e659917e8a496a1c7e28f007fd215da7914b80aba8f341569026bca2cb98735a16c3208d23e0d39d970fd87036575eca8e48c156d343d617bb21f7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\warnStateCache
| MD5 | 3f66f244278461dd07a3feb77a17712f |
| SHA1 | 8d570b550699ad0f248ec98b5d678f54248c0a84 |
| SHA256 | 203ce5c7c1680c6e98f5ceca920e9d904122a9e26a743191e9b0fe1f6584ed60 |
| SHA512 | 8d4733222e2e0bbc18370055d0602d0389e7a562887e97b2e54073017ffea024e9b1341ed95e28883861ef5e0d4fa9d27ed0894912ffe167632aed2e4cf53e7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\download_cache
| MD5 | 24127606dac5cc6142848b0387a3afb6 |
| SHA1 | 2dd825cba2ded5f73de2f70d3056764788d6b3cd |
| SHA256 | 7680b8117dce679eaf37a1c4670506fda78781cfcd994295b5108db18fbbc3a8 |
| SHA512 | 0c37b62b580255716371554cd47a1d7aa15a92b5376ff66d42cacf1e2fd95c027e7f8781231c4b0d9ccc17521a94f1e719cfd2307853d6d7d72dd8155ba6868b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Secure Preferences
| MD5 | 880fa6cd6287ab89a7a884e14c9a1e6c |
| SHA1 | 8e425b95361cb6f094899541c65f913b6f90902b |
| SHA256 | c93d1c7515d61c8f691a362e2d80f9ec8df22d8c04cbc2144e3fd2614d981f46 |
| SHA512 | d9f0bef53832990ed5a9a17a90193956bbb20b0eb8eaf5cf564abe2300109450bd9bfe241fe48dfe71639dcde43229c52544af89dc7667226dbb6512c4a36e4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Login Data
| MD5 | 14ccc9293153deacbb9a20ee8f6ff1b7 |
| SHA1 | 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3 |
| SHA256 | 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511 |
| SHA512 | 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Favicons
| MD5 | 5688ce73407154729a65e71e4123ab21 |
| SHA1 | 9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7 |
| SHA256 | be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60 |
| SHA512 | eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\000003.log
| MD5 | 148079685e25097536785f4536af014b |
| SHA1 | c5ff5b1b69487a9dd4d244d11bbafa91708c1a41 |
| SHA256 | f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8 |
| SHA512 | c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sessions\Tabs_13359656792278346
| MD5 | a18a7044c86731d24877e8fe1522adc1 |
| SHA1 | d67a9d965d5ed113fcdce91cf4fdd4be9dd19f89 |
| SHA256 | b25f655adcbf7defd15a846a2e6e6454b054461a894b54ab7c8640ba8620061d |
| SHA512 | a707e2bd59420b52bde602eeee4693e19b65bfed0a8eeb1b7738d26438b18889566affaba9629aea9a7881a2f6fc856f2761922f3c6a5f670538963d4467fd0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG
| MD5 | 4004d8cad799d130f7aef50cbfb38a71 |
| SHA1 | 6fece41171a949aa93d677f97c02247df314b59f |
| SHA256 | 66f5e95cf6a3a358bea7def1f41bee12c84190b5775c7b5f48e76f667dacb00f |
| SHA512 | c65bca54c378ad279a53c7fd8d982dd7e0613a2e8c85509e0043b342b3bbf72a1d8329db0df68c4c1f6c6f60a8ae23336b8331d71c98a4f221506490702fad58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG.old
| MD5 | 2e2060df1cbaadb4f41b0fd3fa23a9c1 |
| SHA1 | 87317235ee66aadb9cf717a5edf8089982415da1 |
| SHA256 | 0bfaf052ba1e1ac8f8b28c1aafbafacf589af6f9d0cef1ee33cea977525241dd |
| SHA512 | 8195c5eb2d0475a0b685c7ee532155cb28351a390d0546a544b3429272b08f2d1aaaa889da57eb56fad872b45e55d425f074152be4373a4032217142cdf982d8 |
\??\pipe\LOCAL\crashpad_808_XMQKXLBNIYOPPDCS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Top Sites
| MD5 | 325ddf165383376a8e530a8288a9fb73 |
| SHA1 | f451204bb6f3de9de42f27bd887576b083026e87 |
| SHA256 | 53eb4fcb3cbcaacd4d94036c9379715990f86185b8ef7fd18cb27665193da6c8 |
| SHA512 | edb9c49956741560f40df102b81c3b558b1ae9ce902040f89cecb2fbbf60277dcb73f68d8b7c60340a92c46915828b7a204420292d0a4906ac0e9082943ad528 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | a8e4bf11ed97b6b312e938ca216cf30e |
| SHA1 | ff6b0b475e552dc08a2c81c9eb9230821d3c8290 |
| SHA256 | 296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad |
| SHA512 | ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Media History
| MD5 | cf7ac318453f6b64b6dc186489ff4593 |
| SHA1 | b405c8e0737be8e16a08556757dc817bd02af025 |
| SHA256 | 634434e865f1ba1b90039bd5afd8f01bad6d278377106022ea2a9c2d8778d31a |
| SHA512 | b64e484d16222d8de31f53cd60b719b7d855bbc552a7d052e202382bc3013e0edaceb31e3a287f2ea6b7117ccfdb8a56ea9d7da78535d2c606183072ecd084e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\000003.log
| MD5 | 90881c9c26f29fca29815a08ba858544 |
| SHA1 | 06fee974987b91d82c2839a4bb12991fa99e1bdd |
| SHA256 | a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a |
| SHA512 | 15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG
| MD5 | 6f55f47e371bdfa5727ebaf0fd1741bf |
| SHA1 | 2cff9aaf8dd0bd0fcdc6b07a866cf134fe9fe640 |
| SHA256 | 313b5ced68ccab787291f1ced5a0e77102d7e070bb0bb75419efc7bdc15584d9 |
| SHA512 | a111eeb0dde5b3c7f051369549e1d55f98e28591178a0327299f4e10a1c15af4426eac5ea42070b8a74f0e98607ace19f745d66f3ba8dac3cbb110e5082a5e36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG.old
| MD5 | e11ee6a17f2c2f2f799645089b3ce365 |
| SHA1 | f1d4ebda4833baf3ab3bba87c8629db3f71d8bcf |
| SHA256 | 4211d567631dde46ee0fab0941c7adb3060bb6064b6c8d3773dd313d812ed259 |
| SHA512 | 9fe3e5cacd4733581538baf9640ec6d1f48a50011d6671ccfce125ad0732c95d6cdc7e532fd42c11ce75d264b27132a0c780399290492f3be4a052fee2faac82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cea37bd59c1e02fa83c3c76e5640e17e |
| SHA1 | 025bb09841e360b4d582d8efe28402e792b0aded |
| SHA256 | a9307ecdba7b584f85822879cb6c38c8f0af6e997a6a697bb655ec2524112e93 |
| SHA512 | a40842dbb946b1a6c0e334456350cc9ca4d74ea9c4fe5e017aecfebc71581440ec88323aaa628ce7a591ff230d063d2a7c21c80ccb67d2af331399661c225d0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Web Data
| MD5 | 87210e9e528a4ddb09c6b671937c79c6 |
| SHA1 | 3c75314714619f5b55e25769e0985d497f0062f2 |
| SHA256 | eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1 |
| SHA512 | f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\js\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG
| MD5 | a82f7db7145411c128c7a86ec690bd7a |
| SHA1 | b42814a528daf9974945328b5ae576c8b2e994ac |
| SHA256 | 3bcba71c9e2b29d3662ff529b85c272ee6399462a5f53ff268976a51bfd95904 |
| SHA512 | 1afd89ab00439cc816040324c78175daf499488d000fe21bcfb4cb66453703f09b5e188dfbd09b9d4a8d9182e9da1bd9ea67c5cd702ecea9057bbd396725c5f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\load_statistics.db
| MD5 | 4a358a0609128a02169e8308b41d5fc8 |
| SHA1 | 81c70f697b964ac333c2f11bac8e7fdc84ebe7e4 |
| SHA256 | d5de9872d179b014153e8a9e1f17bce28d11ca92ca10eb617e148ba9bce7d9db |
| SHA512 | c73d67464b3dcb2392faa3422bac5699a3530fa8df5755cc4d25f9ae5fcfcaa1b9b140c05089847cc8ee338623acabe9aa95ff2184484daca1380b7cff066012 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG.old
| MD5 | 03b792660c1979b6058c4ccec5719f6c |
| SHA1 | 1a3d9a38bbb33e957bb777b96c3029652d959bae |
| SHA256 | 4df89ec174ca74b05807f7745a2a58b346096fe7870c7f67510abd85e432e430 |
| SHA512 | 419e87538b635ab0327759a5dea0a9d948e09ba2e11390c40a0bc25f51f57b6423b1c9ff3d54a18c7ce80a9346e0779ecb4b2a6e1074129df0e006e623b09575 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences
| MD5 | 1a6bdf3d9939e199342d313a37fea47d |
| SHA1 | 97d1d001f2041606419f69e0bf61ba898a01a601 |
| SHA256 | 7b9f74d18029dcf273c29e5d91ae0ce32b79dc260e61875f9beca53b9ebfe7f7 |
| SHA512 | a2c4c45a4f6d670890a309630bf689ce2adb428b2a489d597d974250182073437da5a50b95c4f8f63e555430cdad1bcb5268c01c0a6fc8dead67c2ab371ae51c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Visited Links
| MD5 | 1a6ce6b004ff51f47e00d79e39321d83 |
| SHA1 | de958462f70588ab8e90a4cd5ad4203d3e7ed442 |
| SHA256 | 79dda63ffb7db22d2f80742543c4e1d32fb741b86da5455a74fe8fea91a7946b |
| SHA512 | fc856c88a3c829d994e50311858a0c6720ba0071c9864790549f0cd6043ae7a77f4d4151d4e0b26a8b81ae4a36a477bcc4eeb033813494da9800174ce1452ef2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History
| MD5 | 4e2922249bf476fb3067795f2fa5e794 |
| SHA1 | d2db6b2759d9e650ae031eb62247d457ccaa57d2 |
| SHA256 | c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1 |
| SHA512 | 8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\000003.log
| MD5 | e4ed5231afe51e01740db96825edcc1b |
| SHA1 | 630576047360a2f23417996d8d677a52ba2e4961 |
| SHA256 | ca261950cfc5c0c0269855e1c7c356e4e3dbb6851c836eb5888545c3c92e5ed2 |
| SHA512 | 902a7fd0dc6688dc9b6f3ea7b06748c5bb22901edb299782adf819b66d79dc0ef99d3af459461811231ff2b1024e542935fed319376d21298d5b0fb207266bdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\LOG
| MD5 | ac61c57b19652426a5a1de83d452c2c9 |
| SHA1 | 996f982e7f9e365ff9be4375af9d70ca1792601f |
| SHA256 | bf65f5ad369f4ee35734c1f30c7d88003755240087c6e9e1ed325680842aa341 |
| SHA512 | 7691e3a1c409ff1a973d300c5a94a3ac8d2999244fd937cedf392a60f2e031795e5aa6103b2fb76bc204560642dd878162736e061325abcd8937f1a3173a315e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\LOG
| MD5 | 9f4ca57fee8d7f9cf80484dbe4ded426 |
| SHA1 | ea128f6c12282d046e9a3e665ce9a804485f4a05 |
| SHA256 | a3b99fbf2cad4666b16feba2adb902d567a8732539c8e032f79e3426f22acafe |
| SHA512 | 40648f4a656de7ab7a642de10d111e9c1ebfc6d05705e2f26b6bf19c9119cd71a81d303e449e7f0b182dc0f253703a859ced04fb6baf2b4fd26897aa97b525e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Session Storage\000003.log
| MD5 | ba92e5bbca79ea378c3376187ae43eae |
| SHA1 | f0947098577f6d0fe07422acbe3d71510289e2fc |
| SHA256 | ccf4c13cd2433fe8a7add616c7d8e6b384cf441e4d948de5c6fc73e9315c619f |
| SHA512 | aa1d8b7eb9add6c5ed5635295f501f950914affc3fa9aa1ee58167ed110f99a1760b05e4efb779df8e432eab1b2a0fc9cf9d67a05b2d5432ff8f82c620a38a62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Session Storage\LOG
| MD5 | 8602f8605abbcdd1571e0763905d20a6 |
| SHA1 | 62a788397552adf6fb37ee635d5fead78fe98d09 |
| SHA256 | bd34742b8ece6f9be78eb73d3a949c4380aaa1775b32cf2976e2c4fbb5cb3147 |
| SHA512 | 579026315f5487fe38fd0a9bc65cfacb0aa3764ec7e19a6164c1652e00b6e9f1c2a3c84cae15061f3d76c563903d92de8cae4b920550dfc6b2f351be4181bf66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Cookies
| MD5 | 22be08f683bcc01d7a9799bbd2c10041 |
| SHA1 | 2efb6041cf3d6e67970135e592569c76fc4c41de |
| SHA256 | 451c2c0cf3b7cb412a05347c6e75ed8680f0d2e5f2ab0f64cc2436db9309a457 |
| SHA512 | 0eef192b3d5abe5d2435acf54b42c729c3979e4ad0b73d36666521458043ee7df1e10386bef266d7df9c31db94fb2833152bb2798936cb2082715318ef05d936 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences
| MD5 | 11f85becd7491a224260f5a3b058531a |
| SHA1 | 6fd6a18b25880a3cc211b905986ec58ecea966c2 |
| SHA256 | a0986441b7c3c42ccafa6e5b8f006ad99ea3e314326c19205ed11969ab6e5d2b |
| SHA512 | fc1245b9c0146cdeaf9a747363462b10fdee5b45f30bb1836659576ff8728183c2d812431d3d8e607077ae8093368821e211c432be141f273c3699cc1ee5b997 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\index
| MD5 | 8b4abf02e6e06e3a3d250711c66d903f |
| SHA1 | 189edbd1a33eef956f94ed3a86cd6d7f6572710f |
| SHA256 | fcdd949ac2bb455e78f3ae18a51a05200c81344ad39390cf1346f2b232980570 |
| SHA512 | aeecae47ce5e33120569132ef1f0bfa1b896e17807e4721fba8aaa31d2a13d45255cb689ac08695216ba142b6ac7191e277d7d6208cfb3f4404b53fb34b31ec0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Cache\data_1
| MD5 | 54f79705c2c2c96bd4f00233dd8fe4d6 |
| SHA1 | 9002bba5f4927f85f5d05fd592a3468d5d46679f |
| SHA256 | 929b04844452fc9add632a0bec0c77fc0dabdbdc05f1dda2a5180b98cba93c7a |
| SHA512 | 711322017d6a917289f60e53ff88a7f94bd47d860af91f9fcb4ba140684a77cfe9337698ede56635eba0437d85c286d231cba94e5269213887e30ea78888d56e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Cache\data_0
| MD5 | 41f17785bafa8baef4c3597945ee6870 |
| SHA1 | ec6496312ce9046cc459ccdd8a143a71b6d10fcb |
| SHA256 | 49886e51f3c176cb2f4dde9e5519444655ea859fff89e43410b28e315c5f002c |
| SHA512 | f9d2332b20cd50e037b716d51761384db376b8a1e6ccdeabc3c9a820866dc7cbd4af2047057cf5146149d71444f61c544b2ef020efa0ced37bf342ba72f19ee7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Cache\index
| MD5 | 927de8846c6cf7be7058d7631fa441dd |
| SHA1 | 2233d0d3fddbb923c816a1053ba3e0bac8ee5a05 |
| SHA256 | 6fb04d923c32f57667a0f620d02cc428c57bccfff178cc80b18174dcdbe9915d |
| SHA512 | 32734f6d70981995d5a50606761428504f8eebd146ecda702e04d5e63b432eb26126501eadf14801d57787e4f6d97281d8eec347f105cc49eb6b2758c4d9353c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Local State
| MD5 | 83695bfe717e267ec9ffbc18254226f5 |
| SHA1 | 7654bf0b191c497814e3acb291675a6c21b085cd |
| SHA256 | 01ccce68146d0aa8228fbc80e76b6d7929e506b529272cca105304745ea1d4ad |
| SHA512 | 8f53de905b8a7fc25f3a122dd1f9d4fd5200cbbb2f16e2d693005b9762e2f88aefa6896a1692dd49c5c919b16eb4e0544c235d808065898302bc8652a2d80083 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences
| MD5 | 00671d9549fdf52c992a9ace6bb9e36b |
| SHA1 | 98317c5c1d35f1b91f4f8075fcd4e35ba07d81e7 |
| SHA256 | d738039de6b921ebd8df629ef8cc1a20faf4713a810a47398b344d88546deee4 |
| SHA512 | d974b5010a9679e289d476820c858c597c0bd0821fa4ad557e7b591b649d7ce73ce917de6ebaa4286488bc1c7a6d6994e973c343acb37656a6278c075d3f430a |