Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

10

Analysis

  • max time kernel
    317s
  • max time network
    316s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2024 21:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.io/d/9zdt7U

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

147.185.221.22:63702

147.185.221.22:9090
Mutex

jqawqxwpkcbbymgyfh

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Executes dropped EXE 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/9zdt7U
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9545846f8,0x7ff954584708,0x7ff954584718
      2⤵
        PID:2880
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:1252
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4744
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
          2⤵
            PID:1436
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
            2⤵
              PID:2544
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
              2⤵
                PID:2484
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
                2⤵
                  PID:1920
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
                  2⤵
                    PID:2316
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1536
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
                    2⤵
                      PID:1624
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
                      2⤵
                        PID:5040
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
                        2⤵
                          PID:2856
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                          2⤵
                            PID:4720
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
                            2⤵
                              PID:4488
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5020 /prefetch:8
                              2⤵
                                PID:2528
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                                2⤵
                                  PID:844
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:436
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4700 /prefetch:2
                                  2⤵
                                    PID:4152
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18098308046497218027,17482911743609345216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                                    2⤵
                                      PID:1060
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2220
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:1964
                                      • C:\Windows\System32\rundll32.exe
                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                        1⤵
                                          PID:1600
                                        • C:\Program Files\7-Zip\7zG.exe
                                          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Client\" -ad -an -ai#7zMap8725:74:7zEvent21334
                                          1⤵
                                          • Suspicious use of AdjustPrivilegeToken
                                          • Suspicious use of FindShellTrayWindow
                                          PID:4992
                                        • C:\Users\Admin\Downloads\Client\Client.exe
                                          "C:\Users\Admin\Downloads\Client\Client.exe"
                                          1⤵
                                          • Executes dropped EXE
                                          • Enumerates connected drives
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of AdjustPrivilegeToken
                                          • Suspicious use of SetWindowsHookEx
                                          PID:228
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.baidu.com/
                                            2⤵
                                              PID:2248
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9545846f8,0x7ff954584708,0x7ff954584718
                                                3⤵
                                                  PID:3244
                                            • C:\Users\Admin\Downloads\Client\Client.exe
                                              "C:\Users\Admin\Downloads\Client\Client.exe"
                                              1⤵
                                              • Executes dropped EXE
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:1520
                                            • C:\Users\Admin\Downloads\Client\Client.exe
                                              "C:\Users\Admin\Downloads\Client\Client.exe"
                                              1⤵
                                              • Executes dropped EXE
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:3740
                                            • C:\Windows\system32\AUDIODG.EXE
                                              C:\Windows\system32\AUDIODG.EXE 0x4fc 0x468
                                              1⤵
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:3760

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client.exe.log
                                              Filesize

                                              1KB

                                              MD5

                                              baf55b95da4a601229647f25dad12878

                                              SHA1

                                              abc16954ebfd213733c4493fc1910164d825cac8

                                              SHA256

                                              ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

                                              SHA512

                                              24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              9b008261dda31857d68792b46af6dd6d

                                              SHA1

                                              e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

                                              SHA256

                                              9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

                                              SHA512

                                              78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              0446fcdd21b016db1f468971fb82a488

                                              SHA1

                                              726b91562bb75f80981f381e3c69d7d832c87c9d

                                              SHA256

                                              62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

                                              SHA512

                                              1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              648B

                                              MD5

                                              d388e5336390f04aa5c81c85cb4b01aa

                                              SHA1

                                              3755b43b924dc488bcdb635387b4808d2446e925

                                              SHA256

                                              b0011d6a08978e2538cfa8310ed952fd3ab424bf67cdacdb0dca69977490954d

                                              SHA512

                                              51d3548fa490b145438191d1cb2bac0c5c328340e41b8088c5d045b6e588871ddb4f8b5ae7405d9ef0f51032716dd369d76ee233837b40cdba131130d891e4c9

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              288B

                                              MD5

                                              c03a3469ab35a46a9c6db0408d2da8a1

                                              SHA1

                                              3b6327c3d367717e5d5df46df49da6bd99d20cc8

                                              SHA256

                                              0b10a41a161e06dc0e80556d8aa75a22c0edc2034c2c5af8adcf493488b4eec0

                                              SHA512

                                              da7a25d9de53c295699b86a11bdedacfb6db015f2e47a87cfffaf09d8169754912e0ccc3ad73c425aa7dc543dc210bba0b56fc91ce71cbd2e022202a333f4b07

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              462B

                                              MD5

                                              822e594c7dcd127fee455babed0c8b3a

                                              SHA1

                                              9b963baa5314cd4f56dec09221a779bf59d9bf6b

                                              SHA256

                                              8b50e45c9ff787dc0e636f66d9ec2d5383aa06508d5957261bbb1a3ebe1e92c8

                                              SHA512

                                              82e15542d9e77ad8b580ebd2a3517f65913ef9348a830ef2aa92f56f631366e25d17fde2f2ac99e7ea3c524a4c50302572513279b938884e74edabb46ef27497

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              392B

                                              MD5

                                              4dd3287f37fa761e67f5df9f3050ed2c

                                              SHA1

                                              7b84004dcf41c786ba5d6887fa9246956672e772

                                              SHA256

                                              2f693a4758ca8e853cb491eb6d2996ab121ac16ab0c047f919d8705988ce4809

                                              SHA512

                                              229d47f35e0e6f5f537314bdd0c26b5ddf3c56e4da2ac42a073c9cdb74d1b34b60c5f80ad46b8640af7afa1c4b3550bc6bde787eed6ee46931598c87a4b761ea

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              536B

                                              MD5

                                              7346401eaafe7dd0abea9558d0570a9e

                                              SHA1

                                              c725f8824c2f4aecf841e61e1ac1507d639c7961

                                              SHA256

                                              520e812b67cf3e8de615abbb29fd4b40e09ee631000a640301f0de7a402c5602

                                              SHA512

                                              9a9348756e0a37b34d884375d7eb56a125e7cee84a991d27941a48f7015356866b71af73e5fc7bbdb9b0601c66a97c6b868b7fef12f898d04614e53c8796b2b9

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              388fe95ad0b840c92c05c40abd30601e

                                              SHA1

                                              5db2844200d274c130c9bd39870852f811939715

                                              SHA256

                                              5f391579f9eb835488b7068deea91757b6de6f4941d08d58923e23f783e7e4b6

                                              SHA512

                                              49de539cb67d6b01ee8f0b1ee86517df97428e832691db7fa94833d81ce171588a193a4aab8c4f682e03125960836f429b5dcf2a5305788d9cb7cb2715393731

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              2237f3499d457600e15bc5af52b98e06

                                              SHA1

                                              5e3a6753fa6a10fd7f2491e5280bd3cd15338df0

                                              SHA256

                                              971039c3fc009572d7839822374617de7afef2a5bad9b39cfd537e0464e5e5d7

                                              SHA512

                                              c863fd2fb8243e36bf856c1161c873a8ee62cb97b5e223f7f38d1c25d64a675c6336bd702fa01690ff8aafd0eafd29b7ce43015e6a9a04cbf828292cd71c48d8

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              13447bf572f0e44544be4688488ba80e

                                              SHA1

                                              f19e890b198cd959deab8aa21fe16219266964b0

                                              SHA256

                                              d2aed1f6d2ae7a1aedc004ccd4596299a2ab0102d589d29ee0221c33c5e8b324

                                              SHA512

                                              129d2643184d7781260e81474146aafd12ab6856d02908412da643d834f5d3dceb1d4c5be80bf4e4ef6fb91e84e9fa60c5316b0cfcffbf046da1d6ee17d3c66b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              7aeb3218f13ec9efd5c44e717a7e7f25

                                              SHA1

                                              306dae4a032ed118f3f68ef2e40eb0ce170c6a22

                                              SHA256

                                              64cc4e09527bf537779da78e9752357ebc563468d898ec77d4864a4dc9c48b2c

                                              SHA512

                                              b96ad6459456f8991209244e0745e0c93b1190ca9ae32103a73723631c67993a316e450a5e96ef7a494debed45a5608170dc73258415e70a96f99366c9d95138

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                              Filesize

                                              536B

                                              MD5

                                              4dea0174a712f8b0313965d7c1d92c65

                                              SHA1

                                              fbc737bb02e744c7ddc7453aa481c000e3e18fbc

                                              SHA256

                                              d73398201a87100991079838d276a81e1da1d3f34f8e7f4350e611bcd46efe22

                                              SHA512

                                              5f4d959eb098a9e5c965fcb357ee7ebf31f49fedeb49fe726456cf29bae4de280cf15279fe771e5ff4d614e55b2e0d12c0ff812165373ac79c265b401cb098aa

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                              Filesize

                                              368B

                                              MD5

                                              f9936cd045f9f1401d795d1a09710702

                                              SHA1

                                              4eac7cdc83239575e94df24dec1fd13c35169f42

                                              SHA256

                                              a5e7109bbdbac7f51b332631cdcd9a2cfe62f957da67f79f8d80b0db1206d12b

                                              SHA512

                                              70a39225b77b597107042d908ac9ea57d3e13a723686401911a905f7d058a09893522fdc6b864ddfd24d6a5b65023a33951382f19add242d9cf3d81952ac68b8

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594c03.TMP
                                              Filesize

                                              370B

                                              MD5

                                              387d6c3f5abdc1b036ae13d705a4fb5c

                                              SHA1

                                              b30cb2cd90ceb0371c43dc1ca3d3d73cae02f416

                                              SHA256

                                              6ff4b2a80c145e3ae18bbf4aad0fe24f7e47a2a7c71a6b99c8a416d9708b9a9e

                                              SHA512

                                              1912e7eff2ad60e774706f3e0370674b4c7af96ac4f023e8c24fb591a53bd195e05f5a60ed028e34529ba7809a51518b509542b77f78febd52faf9d6d7d2069e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                              Filesize

                                              16B

                                              MD5

                                              6752a1d65b201c13b62ea44016eb221f

                                              SHA1

                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                              SHA256

                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                              SHA512

                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              1ae4934e5878847604fc37cf0abe1b54

                                              SHA1

                                              ae9b4eb7f5fb2d788b5be7a64ceb681bec730831

                                              SHA256

                                              da4426db6bdf497f87658dc897224defc6b901018429042d50c5a898e1fdab0e

                                              SHA512

                                              4735c816250dc1bd8aee17325220c29322c740a257420ce0b65ba174985c7d53f6813b4e3ab9735832e93e780670c335f55ff6966552d8d942fe982f428519ba

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              10KB

                                              MD5

                                              5e7f07e057c7835b4a95f4c860122667

                                              SHA1

                                              1a02c9301615b5459ac2088c3db8fcc93ce53364

                                              SHA256

                                              9a03f89ac526e0c08dd3c098f5fea5aac36681d03a0c389fe14d091504f5840b

                                              SHA512

                                              87d0b3b4a4f486e429c598a527b63c0cc31af67746bf8191bb5b03350f285ea116c93f39647ab3f2357af4eaab222ef4e62aba6531336031cc15d46fbfdb872c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              10KB

                                              MD5

                                              8237a84005e69bb70e422aec474b7d14

                                              SHA1

                                              553445cde07252fead9174da899b8aa51dd7bfca

                                              SHA256

                                              e5f5971bee0587108378bc6a196ddbec20cc147f21457c8eb7024f0f3ad6e28f

                                              SHA512

                                              8a194f028b372d842bbcb07245f58e622d7db7eae77cebf1ff0e87eece4e0f5bed6429db8d000ab9c179371556ccb42c1ae9323fd93a25c69c178c62fbb2295a

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              8f66158e5085e3a91e03abbb3b2c5f3b

                                              SHA1

                                              63dc30fe1d476b9bcfe2ef94c71262e280256f1c

                                              SHA256

                                              7a36e856a648e3e7fd564cc0bb763c9c5dd8115411be1385a45373074830b90c

                                              SHA512

                                              a8522a98e171226261b45b9ec3d915dac679bd83928c76fc222383865823bb1f63073e5411e3c7eb25497c213d28c773d8c929a55ec4211bc27a7b4328bd58da

                                              Download Submit

                                            • C:\Users\Admin\AppData\Roaming\MyData\DataLogs.conf
                                              Filesize

                                              8B

                                              MD5

                                              cf759e4c5f14fe3eec41b87ed756cea8

                                              SHA1

                                              c27c796bb3c2fac929359563676f4ba1ffada1f5

                                              SHA256

                                              c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761

                                              SHA512

                                              c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b

                                              Download Submit

                                            • C:\Users\Admin\Downloads\Client.rar
                                              Filesize

                                              32KB

                                              MD5

                                              d54455a8f3e6b1d6020e12e74b037340

                                              SHA1

                                              cb4aafeb4da77796424896afd0fca562097877d6

                                              SHA256

                                              a6af582ca770cdfae6b24a6c3fe631177f90a3861a9d0f1992b3fcc7a2a10ec2

                                              SHA512

                                              98f1cdf60445d346592b0d2d7468f09ae06d1ad81a00cd415e490c070363877d18e7670693419c9930bbcdacaf6ff6e2a3c3d74f753a5e2a44b0538d90b8cc8d

                                              Download Submit

                                            • C:\Users\Admin\Downloads\Client\Client.exe
                                              Filesize

                                              74KB

                                              MD5

                                              b2d7d7e799eb73c989ce98d52e453853

                                              SHA1

                                              5f4ae9ba20efac787b3a0a2b068491e036c89f3e

                                              SHA256

                                              28d3c9835ae79a4f715a7fd6cc5a6610344ee842476cde6806165f1ad19262bc

                                              SHA512

                                              21000599ab0f41ad43a8cfc2c4c294b7cc16391c69cfcbe01350400b8f13016d1c68a8172f0d6468061c4e9cffcd220d50852913a11070353caa6a23a5982d85

                                              Download Submit

                                            • \??\pipe\LOCAL\crashpad_2564_IYCLKPQNSPBCGVBF
                                              MD5

                                              d41d8cd98f00b204e9800998ecf8427e

                                              SHA1

                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                              SHA256

                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                              SHA512

                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                              Download Submit

                                            • memory/228-125-0x0000000000910000-0x0000000000928000-memory.dmp

                                              Filesize

                                              96KB

                                              Download

                                            • memory/228-311-0x000000001B5B0000-0x000000001B5BE000-memory.dmp

                                              Filesize

                                              56KB

                                              Download

                                            • memory/228-217-0x0000000000FD0000-0x0000000000FEE000-memory.dmp

                                              Filesize

                                              120KB

                                              Download

                                            • memory/228-216-0x0000000000FA0000-0x0000000000FAE000-memory.dmp

                                              Filesize

                                              56KB

                                              Download

                                            • memory/228-215-0x0000000001020000-0x0000000001096000-memory.dmp

                                              Filesize

                                              472KB

                                              Download

                                            • memory/228-348-0x000000001C820000-0x000000001C830000-memory.dmp

                                              Filesize

                                              64KB

                                              Download