Analysis Overview
Threat Level: Known bad
The file https://mega.nz/file/UiEzjbbY#Kdhy11mCkm19ZogDZyQez9Pthti652D0x2G9sYMqgf8 was found to be: Known bad.
Malicious Activity Summary
Detect Vidar Stealer
Stealc
Vidar
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Reads user/profile data of web browsers
Loads dropped DLL
Reads data files stored by FTP clients
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks whether UAC is enabled
Suspicious use of SetThreadContext
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
NTFS ADS
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-28 20:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-28 20:54
Reported
2024-06-28 20:59
Platform
win10v2004-20240611-en
Max time kernel
297s
Max time network
290s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Stealc
Vidar
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nodealt\JRWeb.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\nodealt\JRWeb.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nodealt\JRWeb.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\nodealt\JRWeb.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\Setup.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6020 set thread context of 4056 | N/A | C:\Users\Admin\AppData\Roaming\nodealt\JRWeb.exe | C:\Windows\SysWOW64\more.com |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\va.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip32.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lv.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lij.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\da.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.cab\ = "cab Archive" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.iso\DefaultIcon | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.rar\shell | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.bz2 | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.deb\DefaultIcon\ = "C:\\Program Files\\7-Zip\\7z.dll,11" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.wim\shell\open | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.bz2\shell | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.gzip\shell\open\command | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\.zst\ = "7-Zip.zst" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.rpm | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\.iso | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\.tgz | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.lha\shell\open\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.rpm\DefaultIcon | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.tgz\shell\open\command | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.lzh\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.taz\DefaultIcon\ = "C:\\Program Files\\7-Zip\\7z.dll,5" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.lha\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.deb\DefaultIcon | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_CLASSES\7-ZIP.RAR\SHELL\OPEN\COMMAND | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.bz2 | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.bzip2\ = "bzip2 Archive" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.tpz\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.arj\shell\open\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.cpio\shell | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.bzip2\shell\open\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.tbz2\shell\open | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\.taz | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.cpio\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.squashfs\DefaultIcon\ = "C:\\Program Files\\7-Zip\\7z.dll,24" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\.txz | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.lzma\DefaultIcon | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.xar\shell | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.tar\shell\open\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\.squashfs | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.vhd\shell\open\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.xar\ = "xar Archive" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.7z\shell\open\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.lha\DefaultIcon | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.lha\shell\open | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\.deb | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.tbz2\shell | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.gz\DefaultIcon | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.vhdx\shell\open | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.esd\shell | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.7z\shell\open | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.zip\shell\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.iso\shell\open\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.txz\DefaultIcon | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.esd\DefaultIcon\ = "C:\\Program Files\\7-Zip\\7z.dll,15" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.squashfs\shell\open\command | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.apfs\shell\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.tar\shell\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.gz\shell | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.taz\shell\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.bzip2 | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.tzst\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.001\ = "001 Archive" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\7-Zip.gzip\shell\open\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\.tgz\ = "7-Zip.tgz" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\.ntfs | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_CLASSES\7-ZIP.GZ\SHELL\OPEN\COMMAND | C:\Program Files\7-Zip\7zFM.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 442627.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\nodealt\JRWeb.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/UiEzjbbY#Kdhy11mCkm19ZogDZyQez9Pthti652D0x2G9sYMqgf8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c9246f8,0x7fff8c924708,0x7fff8c924718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5432 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x558 0x55c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2192,3555136248934492774,4714439396428752105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff8c9246f8,0x7fff8c924708,0x7fff8c924718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,13943512163416246864,12225638948082693216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\#!SetUp_22468--!PassW0rdz#$$.zip"
C:\Users\Admin\Desktop\Setup.exe
"C:\Users\Admin\Desktop\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\nodealt\JRWeb.exe
C:\Users\Admin\AppData\Local\Temp\nodealt\JRWeb.exe
C:\Users\Admin\AppData\Roaming\nodealt\JRWeb.exe
C:\Users\Admin\AppData\Roaming\nodealt\JRWeb.exe
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\AppData\Local\Temp\VIDA.au3
C:\Users\Admin\AppData\Local\Temp\VIDA.au3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 13.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs240n100.userstorage.mega.co.nz | udp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 10.89.30.69.in-addr.arpa | udp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 7-zip.org | udp |
| DE | 49.12.202.237:80 | 7-zip.org | tcp |
| DE | 49.12.202.237:80 | 7-zip.org | tcp |
| DE | 49.12.202.237:443 | 7-zip.org | tcp |
| DE | 49.12.202.237:443 | 7-zip.org | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| US | 8.8.8.8:53 | 41.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.251.201.195.in-addr.arpa | udp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| US | 8.8.8.8:53 | professionalresources.pw | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_2756_QXLKOQXODESKTBRN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f047982d743c73aa9811f69110c90c92 |
| SHA1 | 7480936086faac6996e43aca7552560ade8574be |
| SHA256 | 596991af930e1ddb1e7fa6139f6b1af90b5d2149f0620e4287ed7482be3410d4 |
| SHA512 | 38ef7c9b09d5f90e011fb834c2fff60a17f44ea67afb12bc1f0a5496275eeadbb88ed2deef8637a28a0f3e9230bc34257636dd847226682ed87f772d3baa1fbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3e554839c3b1f508e0be90ef8d8a3758 |
| SHA1 | 8d780b6fbc6510d9aeec6a18c0cc2897565b9152 |
| SHA256 | bbda35356ba35d455bb15818908fc89443a3bcf35b19e4f8399b917296915b85 |
| SHA512 | d479b631cc81b209505a2181e2d5896c06e0a0f0defe5351fcc4b866d9a2991a33866841b1269be362960020d0eafb8fb4be7798e79e04bebcbde564e524a90e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4430d98aaea835b66e2e617058529a4f |
| SHA1 | e5613047097f3be133acc56ed069052dd2b8765d |
| SHA256 | 0ae2cbbcccb353788eec871c57fd086726dd54175c2da3fff44ed2c0f347747d |
| SHA512 | 71d5964df0ffd81500cf3d82fbf9a03bc1a9395224e874e4b396e6e2bf907456c4ae7a8ef0d6cf7200cd539c5cbc8ee1e07017df4da5ebf977c784fabbe76b6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ed25e37de84d9a6d6084043d8225cd1e |
| SHA1 | df5de019e38146669a1d5e81c4818cec0557480e |
| SHA256 | 0d06ee82b9e475258fe2b6d859aacde0799a20eaf55bf90186e0b9e5efd6a800 |
| SHA512 | 491f2ad353d4e823b50cbeb77a3041277c61723f7d8b01ecce2c6b31e752c8d19354a6795d78eb9777e5ec052e387d72d87fcffb8c079f89f3ca9480c1d3f681 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | b526efa9db62415d74a92ae4db77b701 |
| SHA1 | e82e1695773516f0b0e6b89d8928ce1f068478ff |
| SHA256 | 5b63370af94b744a99c5609c68a6099066c7a4e67be58028359a5832729df9bd |
| SHA512 | ee11b4bd87e0c0ad6d86ba3425b0c71852039d376e65442d043b8148fb52dc6a35344fbe101a7837e61c792e01bbb5f6838d83107c81c4e5dd0eb4f9b80dbbf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b92e.TMP
| MD5 | 49e3d7ee3ce30695a69c82547c833d2b |
| SHA1 | d8960443bb7784db1700875885ed6095bdcfba63 |
| SHA256 | c4208150f64965c5c50dc72e16154c16b6e35443a60f407ccad67e827a368734 |
| SHA512 | 56b081417d540b45897035afdeb5248a441d1a7d27962682721d0a0158f5a27a25caf153b64c2b192a99b539f07736dd425ce4bbe1ecd50e6a889f1840613efc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6216dc6e0a59ff6ae3742df01144b4f7 |
| SHA1 | e59aace3a8564ae22e7ad74fc5ca598e53754e91 |
| SHA256 | 4eedab8bf96d1a7734fe3743e83c91e921c0f2eff1a2de039973860e54529622 |
| SHA512 | 466387d7df3e77d97c4475e5b591fa8762576b84555788d88cd76277ee9cd67b3f644f0c1f1f8691e10c2921ea767b2410b2ceabc9e1cdc93057729bfdad3150 |
C:\Users\Admin\Downloads\#!SetUp_22468--!PassW0rdz#$$.zip
| MD5 | 454bafc83d7f4bf9222185ca3e4dc2d0 |
| SHA1 | 5bac42f57cdbfd1b8790f5ca333fbbbef0a8259a |
| SHA256 | 0e0508ac95527e1262e102f37b94b21fd3066403380ce9e4dd26b060b451346d |
| SHA512 | e73dc17d50f1b695aa0eb38c43ca99bcfd4745641cf08681a735fecce65e8d135a55ddc03ce849998992f1c062235a975c204aea3e3608c7ea04aaad95e117d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 09192d545b59aae74ea96d62b09f3cdd |
| SHA1 | ee526dbf3d8772d64c1913b0df82aaffcf9d205e |
| SHA256 | c1f5fe15dad09187eb8bee763586f954413cf3a2e3e1ff4453880571935f9144 |
| SHA512 | 60cd9c39366f34e19fd6db5147afaea905d6cc2c05d4424d8e731f57fd0f379ad34e407da3741e5f5b5d322385444d5f09e63290c897b11822221ec72d3cf553 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 398f4b604f72e105e50584b3a5239df3 |
| SHA1 | 655c4192d5da578a7b4f8e8a7ad238cff2a9371f |
| SHA256 | a29e1de8e6dd129f8208d963a3a14f1f29373ed19815f0751a953c062d9b67c9 |
| SHA512 | 9795c6ee9412959185277efec91ce375e7583da940ea02621348b7a7e6293044ce6dac976de9fe9e456e5fbc62e1d5284ebbb98cf63c9ee56b46cc6194dfcf11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 008114e1a1a614b35e8a7515da0f3783 |
| SHA1 | 3c390d38126c7328a8d7e4a72d5848ac9f96549b |
| SHA256 | 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18 |
| SHA512 | a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 135ee86f1b923b25792656da61631175 |
| SHA1 | d5eec5f8adaa396b3cfb5c058197acb86696b0b4 |
| SHA256 | fd842336e3523c00a7462257972a6b467c3f6a9e497417a86ff4eab79c3c0ff4 |
| SHA512 | a2730f5dfc78036bae5b116bb4020c2d1e78aae7c360c246810527efc02c255ba2f4b4e30a81f5d82c53b31a51927be3b9b48e45e6b5a3fb7411a3375514b9c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | cd7b507bd8e85f4b598f49e7840bf6ad |
| SHA1 | 37ef65d4e5c5b9c1b3a817c6f9a9627217d195ec |
| SHA256 | 77dc377e315122c945dff10211e9ce0712e7711d12d2c1e0b5afb93713d575fd |
| SHA512 | c780c1b1fad9a02b3a55d736533413b084fb68ab01688c89c02f3f5048d324566269d15dc5be7dbadb1f5d9fc371d3052b68c4f29d1b15964bac0998864e9ebf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 60bb378ca370ca0885c444096d9c7003 |
| SHA1 | 47c062b122ff9da20184b53e3da34599ce89259b |
| SHA256 | 0cf447ca0743186510b4a6e925421e912bbcda3fa1597828ca131b5a6957cc4c |
| SHA512 | 71ee182849def6611b126cef02b680f0bb5c99cb5ecb416a105dfe0a7fbcdf4c9fb0843670542e97f5020c2fa7dd431703d0e2f66df345821f167df7852082f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 4ac52c69016535ee72ad79f02b9329b3 |
| SHA1 | 9faa59a580650efe49af9d4074bb9ccfaadc0142 |
| SHA256 | 09af10a3c6956a749ed7de38b61af51db25d5ca7e507d402c8d4c3d340c81961 |
| SHA512 | 24f9314a130eb462e979b21dcb3056ac29eec4b7b59755dbf0c803fb024b43da95849035c192326ac8f34836deae45774fdb79615a037e4433f134626f025665 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 27763b3232ffa64337e5d83d241487c1 |
| SHA1 | 08ae27072882013fd2f5dc89eeecda0dbfae67f4 |
| SHA256 | 2f3002586694985b89280c4815010144df6cfb4bbb7b4052020f5517c1542f96 |
| SHA512 | 9d1accc4936759a741e5af3199b85367608432b2993f9e6b111b4429a9a5448145a48fca4f8c6cbcb0f710b35385f6724db8a8b2caccbf85a21ef9817fda0ba1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 777c2d7307d5855908d4e742d42cbaae |
| SHA1 | 8fa7a39f651a2ca0dc95ba0cd88cf55598214a15 |
| SHA256 | 7c5394d6353ccb67c486b3deeefe9455e6f317454af94527df6bc823c331484f |
| SHA512 | 15efc2e5e073f75d4580c39fb5ef414dd9973b1eb2e710646d5b5e420426519ba971702399e4d874b271433e064365a6c7dced45ef72a44cbec4476756a1b189 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364081700377701
| MD5 | 712d17000ef052899c8a107194928b05 |
| SHA1 | 48c216ff2c91113f7b928531ad2ef0d8144044ed |
| SHA256 | 2e4f5d8b7baa4ffcfdf73cb003f1e409c0e09bf9179b3608a84721722e239d67 |
| SHA512 | e6b653f444ce626887ba61d46215c50b098764e743160458d10d4d545ceddccaa19f50b1e189abe77883e56265b12b28ebfe314f1a25faa448b5119813093109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 5e4b9bed1243e186fd9eb4b47e119e11 |
| SHA1 | 6b04dbb3758a5b4c1aa077c10fb941d627e37d08 |
| SHA256 | 2479c64b465dc4f4d8d528561e29a0223faec29d6276b06bfacb985d408c502a |
| SHA512 | ea460e5a5035a37f3f18e82e24ab3c4d002232943e83d2f2857ccf6fa1e0eb3511d6fb1c248ecd91ca32a228c308b5f7ef1cc07ef77886f3550ea58d08a92bf3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | a5e535fa185f3849d387ec47c3b7c5fe |
| SHA1 | 3ef7ebcff9d5a92e82b37f7aa6162bf5bb0e2564 |
| SHA256 | 6baba731eebd407cb46bfe78ef296fc576bc1e6fedd1856cf1a6d3b21193cdcd |
| SHA512 | 4491889da65d78ced83489ed5bcd834ed4b2f987dd62dd00be6c92efc65963a67b7997a25891482c1c63d797cafd97cbed01f88ea77016db7080a20710f114cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 60e2d8715b5bddf19149c93f9bea2abd |
| SHA1 | 634c57995fe299faf59da6f288cd87538e287e46 |
| SHA256 | e7e2e9029760d1b02048f491b3eb8958b3dd3562a28086a54c10874b5b379714 |
| SHA512 | d7cbc82d56bebe1168ea1e11283d65e18fbfbbe1e36cbadb25f96df7c577330256a167193166a50789e3aa1aa723f7c31f6cd62283fa38c1c64549765358b975 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 5bbd8773cc0745e5c9252c47a6596df0 |
| SHA1 | 9783c87c19247703cf72806c128cd144f3a1417b |
| SHA256 | 59cde6e5c61d7a7df1d0f35ec8ce4f01ab4d534286c4495095ef75c90c7abd27 |
| SHA512 | 76c3ca1ebb3296015691b51bc757df0b4049c14cbcbf3b78eaf8702a35adcc1d2941b643edf7e88a88c4d87939585bee0e2d51385b08d953536ac197309f8a5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 8152cb9626f5380da12c0c54bda0eefb |
| SHA1 | 98d400f6e766a345bdacc928d9fbd150e74036bf |
| SHA256 | 1c2b303e96e1e2f98f9afe98c4274f41150e82796fec4ebb990db2befa61031b |
| SHA512 | c63fd983da544e5d98ae397a4a2ddade6a4fdfb86035aedc52e435348a811037eae9fd0d11d9707670abfcf5c7bea9f88ab886db72b4c2e17e7c602c83c3faf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2ecac479340093c8acb7a5bb31234750 |
| SHA1 | dac610d4bd6be0822a9aa717c9644f915f524542 |
| SHA256 | 71302bf4fd8ae17957925ac3b17c566a3f7674466f6f7b0b52e1818a105e5b49 |
| SHA512 | 3031c71dce434502722ef251467aab4d178b363ecf13598682d8f64e4e541bd6617d2eed5545a660d99a4f7e30433133c6b4ba0b32f949193921912e423409e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 7d536aad73503bcb3ab2beb3efe9aa25 |
| SHA1 | d8c629478936f07337877534563f88030cf5de9b |
| SHA256 | becdb047b9d6024eed8210c91ab31ae63fc550650e22777b491e9fc3ceaa4734 |
| SHA512 | c875d6c671571b695179662538174465e5a634fabd93641910388a88d21b0eb0cd9475ecab11977179bb80aac8892203efe00ddcf0addc1313aa7ed83110db5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 567d1a52daf7cb177bbec0fdd8e8f76f |
| SHA1 | 589689966dc7b59ef5e0ef9708f145ea3df941a4 |
| SHA256 | 52b5c7b64dcf3e5c83b30a80aef8dcb3b505b24654f26c0f3df78a0fa579c349 |
| SHA512 | bb3394376b3dfd9337b0d7f7b98688f44975e322039014c8ba554cd6ce08d3b5675e4a35636506a898440c60b2cd0e3d976668762a7b5eae0d5d9bc9bfc44a4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | fec7e46be81302dddc637c1bea158961 |
| SHA1 | 30ff7c095f5ef46515452c692ecbd56b6309f629 |
| SHA256 | c29696b61b27d90bde35719c7919215e8027de980931ec25c347797140d262a9 |
| SHA512 | ede4e57e998b5211077f1f1f5bb6e02aa7dc6c2d3b121f3fc19af97005ac9dbc720417b77fb309af388b962545503ecd0c9beca76fde4d1d4acda7cdcc8488b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | dc1bb6d5fec058aadc1b2a546b499f8e |
| SHA1 | 2cac2809d53bf5cae746878fa678911e29b80164 |
| SHA256 | cd68d422794c07e2ae001dacd045b6298d5f5eb09e74b1071faedd2883c4f303 |
| SHA512 | 019fa76731db43ed8624b4033062d172c9adbd96150479cc87e534045e24a9481c6cfb4be512f453dcf65090bf53efbb43c3bdc6b02d62696ab25911b4b14cdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
| MD5 | df1dcf40808da7174570fd4c3fb5c85a |
| SHA1 | ca0d8798506e919c59503f3668592fb748bb9c92 |
| SHA256 | 99ab219a8b4e59cb524da5be0c0c9de6c1cec2d1dc656e29038bee49b8efb3a4 |
| SHA512 | e487e0cc90d8e58be68afdc98aeeb9ee049be469558d315cbfea7686b9f7c561bf4426da358162f12352f85c88fd57dff08527e484fbe91c926b6ccdfd7af5e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 99d9e7877bcfe114ce9f73dbe468f248 |
| SHA1 | 8c0295fdbb7cb5460f03973127d8fba66cef1440 |
| SHA256 | 36e9b337ea8b187dae7a96c661d4a4727daa4f0897caf6609f42e66fb66ffb6a |
| SHA512 | 0ce685785be91b55c52efcd3213319768cd3778e54b9269601c57ef632ff8c71368a67c6a952b894a036b68e3c2814cf448cbcc148147ff515d3aed3e9c511ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | e6c6074c93386b912d857c68249d4dd9 |
| SHA1 | 1ac343bbdf20b7e62aef319648b1015c08ba1769 |
| SHA256 | e9979987d7c4f3fd068a14256b1a24f5732d13ec8cca1a212b9e6ab48796206c |
| SHA512 | ecc4791c5fafe56f92f464011b1e5f43046336f5f404d48d8893b1af169963e43cad6851f60e207bfb1faa66ec1878600d0487d924e501444c51e608252fe2d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 7970e0be013bd96229cab616abb64c63 |
| SHA1 | fcba72f721e4e92136188d2a01b9f1e8390d492d |
| SHA256 | 588e5e886c144c60d32ddb2152f93604b8918dec50c3bc884fbe32b4fced83a6 |
| SHA512 | 1d1096e077445c3998cf8a6c8850dbe4eec615a4220b1a6c9dbbf7dfffc1d364b401f496adcb51698395b7a65631bddd76b9fa3b8c110c81d9c118b7ffa9ea1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 61d53973ef4d0dedf277659256c075bc |
| SHA1 | 77f1d7d557c23c130e6c8bb29c1186c0b2c6b8a4 |
| SHA256 | 24caccf1ff1a7f60713c3d880523931c8769ffb79235f5b0233a4bc4485dfdd8 |
| SHA512 | 72f5eb8f84759508911a4f2776739ffc2fe480f2a147274f3b3e010b36321f5d4d5fdee0c63d7b2cb1bef8cbdc0a3b86d36db7a9d490d2375f794f0fe3eb8240 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
| MD5 | ee80ee77d7994a993ad3a7bc6a2155f1 |
| SHA1 | e58d1793b459c046673000a7ad7250b44be0e56e |
| SHA256 | 32446887b4057e07a935640fb28dcfc2d51c70a4a828fa8538063a4a2e2a386f |
| SHA512 | 5759259bef2b1e0da2c878decf1d8f20ae493dabcbe6727adfcaf67d6da668db6592df8428c452a2dff516a14382445e1ba3ffcd8294acce963cf91b1b03595d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | c701beb10b2bcfc0480dc6a697c04913 |
| SHA1 | b95427a860a601d06e6a88042698581927c99631 |
| SHA256 | db5d6f7aa1a940ddc06f8f8ac5231d4e86c1ee14715c9dd6884d74939af0fb97 |
| SHA512 | 984fb0047e759ab7b5891cbd8f1e6e92c253871a0fd21326652181b43690ce79518d9771505cd228e11ba15697032fc71475c84d4f02e4f635c41117a8d04be1 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 48c6c6a72f02ce62f036439d5914729e |
| SHA1 | d5bb0a6983e8e543cfd8f0cd275245c77ee46ebd |
| SHA256 | 14fd0eba614e4ac0ade127d10b980a7ea456befe37660d1efe2a9044eb7ee2fc |
| SHA512 | c6f3133a2d987e7f8006f6807d6c31d62f77db45a4a1ca4b1f69ff31de52229b7823afefa1fa10aaa9cbb00b7ac1820ecc2c2afd930d1f7fc96d96f28f8a1baf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 5d03d37c7cad3f723540309acd80ee7c |
| SHA1 | 022e7cc1cbb9b559dcc82ed85a8fcf63fd8a9cc2 |
| SHA256 | dff7cca91fd980a995c0f6682dbf801e42e42432b4ddd0ff88742c28faaebb9b |
| SHA512 | ebd1734784195e3d2815d1795ca6f98da69376e8f323ab9c75f65d994e85ca4682dae583f93a88a249adf56deb517da62900a8096d2b4e29ccb0503aa855125d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b21d97c63301a0eae2af9f11d1e2f25 |
| SHA1 | 2050a412f77497490dab2743257f4f8ea50d61ef |
| SHA256 | 37eb5bff24cffcd1d37c31993032128a27de77344d20b4a2a8839a30b5725385 |
| SHA512 | 3b022b1259072a88ee9ca967ba1fda1aece3c47680591ee590c8d4a12940c885cefd4e8a8c34c0cf1797a5c3e4eff145bdc290a6f29ce47f2b5fa0ef7f022c20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | e2a36776cc58deb7e8b82adc35aa36ec |
| SHA1 | 6dd255c799ed7a1d154ba42bf6a29b4e5d447b1f |
| SHA256 | 6136a686ab74edff787807059d2025121c71e5740477f5de6f7bbea56f9c4f5c |
| SHA512 | 24258401178d694cba44fb0147e9aa0c692af287f6ae3675a40c7712620c4f9b9a545717e1f9bc7d66b94fb82ac4680206c8efc0597c6de905d97afb48b7decc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 9bf78f6d5298a02ed0bf97c8360ec85f |
| SHA1 | 0cd10050a3d7a9972f2bf6cb72eb060824f170e3 |
| SHA256 | 1c03248d876abda76d04656649e6139ba20ec07dcc5c8508cc7ae0e5a304ab69 |
| SHA512 | 82f50fa4ccb55da95aaa3f9c147280629b7d09a7b202bf5daf6a17d50620d353e654fc12cf52cd7cc3254923f6e675bfdbef414a84c8515c8bb16df2ae252bc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 623083a33ac74c12c1aaaa26b3da5d6e |
| SHA1 | 219b9d30a1cbd385f7f7871d0407d8840e1367a2 |
| SHA256 | ea2f435db5e59eb05d908ee336977b1ec7e21c3482fd4f9abf23ea1acc043195 |
| SHA512 | 95ccdef90f0abbf2c1dd7757561c442a2068a9d7acf0656bbc1ebef49fe5441390730922ea64bb00e37c263571a7354eb441cf444b27abf7ff15cdb0cbd7708f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | a01f237cbcfe679022d567308bd85fe4 |
| SHA1 | 7a88c2d6e087f25f32398ba09e789a700b95aa69 |
| SHA256 | e18d103911eb5d5df45162e83240a4fadaea406190fe076e47dec98bbd120550 |
| SHA512 | dfff127ab210f36fc6995702b9071089a95919debb47ccad3f666a9cf88fd535b8b493104ea4000ef06062720d2c6b0fcca26e5a23aa23b63ea6a1353bfc1568 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 00aae81af11c493acb2bce3a7e7f57f6 |
| SHA1 | 6e59768890f7a15a2553dc835f508d853d2e3fbc |
| SHA256 | f9ab44f720f96eeff8583ecf3765b3880e05108f93141f0dd17220bb83727806 |
| SHA512 | 6cb192aa95a0875ec31651e229dcda85fe67044984e2f749fc86084ede7b463100518cfb9b5ebcaf80b67db572043c0693850bd5e125eb9326f1fffa859fe5a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 6b413775138ddfbdfb8366c88b486bd9 |
| SHA1 | ce914f9061ba8f68e64f02a6ed964bff243b7779 |
| SHA256 | a0c2b4dbce0b704d5f051406d919b8ed1a469250e0e858fad77cc3f5cf0fc14d |
| SHA512 | 8a21a3be50a2b0dc95935f4393f0b760233f9a73ee5a9d83b58680315219a961ebfdac4b35f4cdc89b779311e0301301f4d1b5028cbc648c0d453e06fb815dd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | bfc7a84ef80ee4d5badba3a1421cb6da |
| SHA1 | ae6e136fb2f932ada523612911c5eacf67995fad |
| SHA256 | db27918ec10d612740a2c6afe5cfa5707a4c301dacb0d1823a67d871fd3b52f3 |
| SHA512 | b7060c81b08a831a20ec9aff9cf98f6a364dafffc96b18fc1e84435c9fbbe26e4a416fde2f0fe0064597745582b2f6c5b0b36a9cbcc367a32598c5d7f8135204 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 0cc7084da80fbee12abe5420893328e1 |
| SHA1 | 54685b10228f7818745c3555908d341e0c61fa8f |
| SHA256 | 8dbd8a7b275d5c1394d93647bec02e335ed291dd1ae91462084c4e430e18717e |
| SHA512 | f1af11f31638e8366f40be0c56288b989f0dd60edfc3022a7e8a8ad651069b0fb33c5ea56160cb3a604dc52611ddc8a309a0ea9bc1f4edd45668058049831800 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364081700126701
| MD5 | 209fffbcc8efa50deb3c6373718a095d |
| SHA1 | 100ac64d3cef49c0998ad2b4409de22c54c98a2a |
| SHA256 | 547cf86564ab76d27c71d70963f509be8a57b2afaa7d5ebf92505adc027ece2e |
| SHA512 | 3eb5065062113bebd5b9f104a888cf0b2375473314a525e323343fdb53bfbae0078f1b7de60daffe1d64335b2e83ee8a2efeeda839aa55b0510269390460d47d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 7defbd33e9c118f90206f6dd0903eca0 |
| SHA1 | 222e000b5d2d5889f08d88bb15dd3af5fa673745 |
| SHA256 | cf7e6bd09e5625a1867a0187feff482872dda9a893787d6742a4e03ec157e5c6 |
| SHA512 | a8f1760db9d759457c20e1a223010dfdbe910deb6de8b88c1ec1faf4f979a061ca29b375600756c2672e95b20a67eb0af463ebc212408305974cfca7241bb7d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | a15b8e287cdf985e43f3d20b0bc7a385 |
| SHA1 | de3ba3de5a1fb50c0384fdaa5b85d089fb42a021 |
| SHA256 | 390f7d7ba8e5b03021933c644831b3805593712fc93d08f035059c6bc97ee1b3 |
| SHA512 | 691a89076b92012e5d55aadc5dee3e7f58f3132da26a02bb5a0887f6c465b086b1898798287fcd65934ec2f0405ff99e3dd51d878d640a124a7639edd6f4f8cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a80043aa29304671e10dc8cd13ad523 |
| SHA1 | 55c0cae990b07e75e26774678dd9d7763250c3e3 |
| SHA256 | b3f260f80cc88d53f5878da7b49dd2dbb9f52eb833d547ff3d9093ff30ead7a9 |
| SHA512 | a41c71306b0d47d8869a6c1b59b48c2ba5ded34e56bab6e8033383dc40c900942a7ee9e7190e8c0454c32e5e92267b8ce48e5a36943d7ccc47dc24ae694f11ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f17d98fa0be76d830f00784da89d5aec |
| SHA1 | 49356e204ca5dd3a5328faecd815f49d31da8145 |
| SHA256 | 87eb7dc3ecb0a679b48553cf51987bc99b216d45a28f25e98bef92d0b49b26a6 |
| SHA512 | 86a2ac0623e16074538cbecc8eaae018ced179762901582475b818c55fe39abf56a433f26adad2b4951b7cdba71758f5afdd95ba3cbc44b037cc3a7b8ee856ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28629ae3ccce81f8fbdc6bdf61c7d1f7 |
| SHA1 | 11cc2b53964a0726ca117874332f1a826acfbe18 |
| SHA256 | 9f2aeeec8819fe0624d16c0d099843174eb731d40dbfc16951f7f12154245c4a |
| SHA512 | ccf27fe981256d34360372b22b92357a8da15ab3ba8683f9256e3a4431655d6279c76a30797e242f0a999a80490a08df40feaacfbe4422b1b892671311aae9e8 |
C:\Users\Admin\Downloads\Unconfirmed 442627.crdownload
| MD5 | f1320bd826092e99fcec85cc96a29791 |
| SHA1 | c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed |
| SHA256 | ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba |
| SHA512 | c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4200c471241f92caa57584fe57702dba |
| SHA1 | 59d47a8cf4388c9340c793a3d90917c24a715ec0 |
| SHA256 | f68917cbce5f7ebbb5096447ae6bea2fc5d661a633cc7c99d207d5a42f126036 |
| SHA512 | 71d8f604e2a00a03478cc33f66f7747601c0296506be39ddf2ea6bafbbf309e135a7a9b4c7dba04ac045f90323979888d1213e529470b5d890e5b23e03704b87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 432b9d659c77e89d63066ebe7f35bea2 |
| SHA1 | 7c7dd231f3f1688e49fbdc5b75f3892813295b48 |
| SHA256 | a0a821b2c56d4d989b85889f141af056e1ff72d8d46e0df0755cea29ada25d71 |
| SHA512 | 2792d9bbdf3e0a88d555d61deca4171bde410ea835332f0944e26f072c6a29f674b1d410cf922bfe363cf43acbce434b6df4d2ebcd178593710ba40a1f65de02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 95a9fa96c6e2072705d73b1eed91dad9 |
| SHA1 | 8aff6bf144db550de9c633279ac2f8538f2ce2b0 |
| SHA256 | d1df2eec51044afd8e098e58577db5100d5a155eb86e0a5243d5327542b92b7e |
| SHA512 | cf8608d8b6b43111768c39252d6e0d690d965bba8f2784306608fc97cdb510192e5b9754481a333d8179c39330a5db3c6079ceca0cf543a7597c7b1fffce6887 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f88da527dddfe4885492c23501f7f13a |
| SHA1 | 00ef06f2ddc81eedeb697c917384298d5008efcf |
| SHA256 | 0d51d53419a0a92cb6e14ea8a02dde4f6368396ade1b935e0d8c791308199069 |
| SHA512 | bfe7ed8ecd87ad420cba279bc5669ec229b4e2e99642ee26eeb67774c20f22d47f0bd9fc35f14f1457206416ca7ae82d2652eec0e392928fae11d50dd5374e6e |
memory/5924-819-0x00007FF6CED60000-0x00007FF6CFC11000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\16b56c58
| MD5 | 296aee37aa4a381e48dd9b696841c788 |
| SHA1 | 9d2eb33549f04089179ce4f6b5d7ad05981401d2 |
| SHA256 | c43902f540257932cc7e61f782bf3050af5cf0f15632bc76af1e633febf4def1 |
| SHA512 | e502eecaa8936c038b53e5ebe747ce188f524a6beebac9144948604870efc9454008220ef9713ebcb2a6943114d3417c04c198c5bc02f88fb5024cbb4274d02a |
memory/5924-825-0x00007FFF7CF40000-0x00007FFF7D0B2000-memory.dmp
memory/5924-827-0x00007FFF7CF40000-0x00007FFF7D0B2000-memory.dmp
memory/5312-835-0x00007FFF7CF40000-0x00007FFF7D0B2000-memory.dmp
memory/6020-841-0x00007FFF7CF40000-0x00007FFF7D0B2000-memory.dmp
memory/5924-842-0x00007FFF7CF40000-0x00007FFF7D0B2000-memory.dmp
memory/6020-843-0x00007FFF7CF40000-0x00007FFF7D0B2000-memory.dmp
memory/4056-845-0x00007FFF9BA90000-0x00007FFF9BC85000-memory.dmp
memory/4056-847-0x0000000075300000-0x000000007547B000-memory.dmp
memory/1324-853-0x0000000000C00000-0x0000000000E49000-memory.dmp
memory/1324-854-0x00007FFF9BA90000-0x00007FFF9BC85000-memory.dmp
memory/1324-864-0x0000000000C00000-0x0000000000E49000-memory.dmp
memory/1324-866-0x000000001D110000-0x000000001D36F000-memory.dmp
memory/1324-901-0x0000000000C00000-0x0000000000E49000-memory.dmp
memory/1324-906-0x0000000000C00000-0x0000000000E49000-memory.dmp
memory/1324-914-0x0000000000C00000-0x0000000000E49000-memory.dmp