Analysis Overview
Threat Level: Likely malicious
The file https://filedm.com/9SPZz was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Probable phishing domain
Subvert Trust Controls: Mark-of-the-Web Bypass
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Enumerates system info in registry
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Opens file in notepad (likely ransom note)
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 00:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 00:06
Reported
2024-11-14 00:17
Platform
win11-20241007-en
Max time kernel
615s
Max time network
620s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Release\Release\atlantis.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Release\Release\atlantis.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Release\Release\atlantis.exe | N/A |
Probable phishing domain
| Description | Indicator | Process | Target |
| HTTP URL | https://gateway.platoboost.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8e22c78aad7376fb | N/A | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Opera GXStable | C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Release.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Release (1).rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Release (2).rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Release (3).rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Release (4).rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 413304.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Release\Release\atlantis.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://filedm.com/9SPZz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa3c4a3cb8,0x7ffa3c4a3cc8,0x7ffa3c4a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,8817495070008240938,1565384140111756146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe
"C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe"
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa3c4a3cb8,0x7ffa3c4a3cc8,0x7ffa3c4a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5712 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release\" -ad -an -ai#7zMap1539:76:7zEvent18636
C:\Users\Admin\Downloads\Release\Release\atlantis.exe
"C:\Users\Admin\Downloads\Release\Release\atlantis.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5528 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8237642375500603916,14911270100040565519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa3c4a3cb8,0x7ffa3c4a3cc8,0x7ffa3c4a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,16900477807969685591,3701799092594441465,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4136 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 172.67.195.231:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | 231.195.67.172.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.21.65.91:443 | getfilenow.com | tcp |
| US | 104.21.65.91:443 | getfilenow.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 172.67.195.231:443 | filedm.com | tcp |
| FR | 52.222.201.92:443 | dpd.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| US | 104.26.5.28:443 | gateway.platoboost.com | tcp |
| US | 104.26.5.28:443 | gateway.platoboost.com | tcp |
| US | 104.26.5.28:443 | gateway.platoboost.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.26.5.28:443 | gateway.platoboost.com | tcp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 46e6ad711a84b5dc7b30b75297d64875 |
| SHA1 | 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485 |
| SHA256 | 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f |
| SHA512 | 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e |
\??\pipe\LOCAL\crashpad_1560_UDBJPDNDLFPTFWQG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fdee96b970080ef7f5bfa5964075575e |
| SHA1 | 2c821998dc2674d291bfa83a4df46814f0c29ab4 |
| SHA256 | a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0 |
| SHA512 | 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a5f1c2c12330facd9ee0aefb164f2aa4 |
| SHA1 | 4f381a32a78576d93f744df05adeba7a37b9bcb0 |
| SHA256 | 1f090ebf60b2043ffc0d2d1c427ef62bcf7af60985217dedf56543f2909f7034 |
| SHA512 | e07700de5a7d1f6fae308d89398177dc6b1701c8c1684f6c1d2462c56f75c9a9af31780c1f9372ce3cb7a15a9f857f830ca4fddd7c424d36f797ed82b4298bdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b2d8399116031c44d1a6f258a731d792 |
| SHA1 | 9c8463c2f46fa45b34e3ba023622fbac001cfc63 |
| SHA256 | 060b608e6a2a980143f561f144f89a2cb7bcc1a4e8ba3f2a3112a25bc47a166c |
| SHA512 | cef2e07f65d94404489885f52c14bcebbdfb91a12fddc7d2c9b956e791a3d04d6dd8a6d7cf2a10147d223868083395b5796fda2f4f89b5ffef398d00c94dcc12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb6d7295681d4f42c51f5bfb686567a5 |
| SHA1 | 8079bff795739254a46501685a30a695ba9adb74 |
| SHA256 | abb534662a196122f228f21eac71fc8174444ea35783a54b7f04c055bc236fec |
| SHA512 | a73d91545d27021623a221f740ee690359569696f25d8a5e2bca99abebec29f8a42cc7e8b93ad1833fbef24166613639f96c4cac97bb91240c483af8f13917d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8354aa79472bde959b0a00ea9df008db |
| SHA1 | f086ee7d41045a6b22ebc74e77613dfb88ca6849 |
| SHA256 | 09e794a4b6a0008c28f325cb0b4b46b0f72eb30cf3e1279a7db9432836d536b0 |
| SHA512 | 26e8be8e75e07276e61a625a24ebc372d5a6e0d9361698ea9901071eecb73d3c9d9ba52bf1c3d59a74c44fca8679e0ac2e557a3dd24dff73a414646f35af2105 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 602461d424fef7fad9d4721cee072e45 |
| SHA1 | 9ff4fa2c81f42eced3d0f39d949c8c202c204d15 |
| SHA256 | 748953bb00471a31ec3d29a1772e5ec35c34cc8091e9640672e38aa9cffea5dd |
| SHA512 | f28ca2c4e8d935d214cf827f44460bcf0c7acf58280315753c0b3f7b1a8351666ac3d3a84d274e74dd79f764b29231aadc8866e5669b2a7c7fb7b772b2c6fe7d |
C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\Downloads\Atlantis Exploit_54282224.exe
| MD5 | 15d1c495ff66bf7cea8a6d14bfdf0a20 |
| SHA1 | 942814521fa406a225522f208ac67f90dbde0ae7 |
| SHA256 | 61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42 |
| SHA512 | 063169f22108ac97a3ccb6f8e97380b1e48eef7a07b8fb20870b9bd5f03d7279d3fb10a69c09868beb4a1672ebe826198ae2d0ea81df4d29f9a288ea4f2b98d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | af2a3dccc208ecdb839bf3bce3b641ba |
| SHA1 | 2dd0d04234e66bc7a0537c069b7e802c55f39ea6 |
| SHA256 | 31afcde390de73e83399ce530afd5760b8148d9027969bdb17e4e39b475bf981 |
| SHA512 | db6469762137a8ac902d1ec9ea845cbdedc2c18146726ab4c0b245a638512c886f4dfda48100d1a284fadf5485208324916c8e1f512607fe4b91beed82404941 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 36806d7e0e3a1ff2dee167d2ae0fb64d |
| SHA1 | 9c1ef00ff650a27ccef2da8c1471587f4a541425 |
| SHA256 | e6f5c35a9ad0cb8a6b162a5e32eb965e2324e53303184dfa8878d042d056023e |
| SHA512 | 9d9f8fe2c1299bc98b12bdfef9e9da12031c214d60c8ae3e378db1a771f1767d4b998be5cf70a47613d171ead752a9e4ce30487f49796c8df1f93e518e9c83b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0ca8b5e6b4442fa2c3c99f06ba45a2f1 |
| SHA1 | f53fddfbe7200845492ad18407d869ce41d47f6a |
| SHA256 | b7a7436ae08cbdfc8b930c2849e679efef4f86759b0c89af3e9980afeb4f0822 |
| SHA512 | b23f815c6f4e4e677a02da1030faa43b86323a5ee9438f8e4784328d7fe7b1fa4a9bd57138cc5a8dd39eacd9af75085ae77d721aeea3451591cd8743a9aa8935 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 951d40780db17adceca0bf0d51f32afd |
| SHA1 | 48ba22d7ceae35789167f9d2d1d2c825e9f184b3 |
| SHA256 | 9c66e4786c8c6d72fb2f6afdc835f928077a483a88bdde86871e1dd09302eb8a |
| SHA512 | 81d3af811f7cb4e6874e1db96c0169d2e1cb62b474bf29d8934971542940e8963bb50c1cf81b4f9c77178ec050fa28633b3a385821e877aaecc859309ce18820 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3101902dc9ca4d08743b24ce210a08c0 |
| SHA1 | d0690537b578e31339886f372362d2d78d75263d |
| SHA256 | b6727e7602a210c42a4a593bda05a282d0b8f26cb03578ca971ddf5c40ea8025 |
| SHA512 | 23cab60e609587b970db56bfad6387e27a30ef86d1b383fad63495fe4be4abc0dd07e5658f646ab6f0df0e1ab9832d04ae37406726c1d7346a1480a721181dd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376016423447550
| MD5 | 298a047fa3cd9176b392c7761c0e71d6 |
| SHA1 | ed48b2f0542351178f4e50f0310a10922ddb3d82 |
| SHA256 | b7450dda64a4df0b4b786096b1cfa7209d112d9cc6b124d09a9867766f8feee0 |
| SHA512 | e31fef29a25bdbcc94552261cc572dfbd91f94252b84b696089d4f18f08c04a091b1b7118fb5c6c722a8137362ce2b3ccccb989b113d6bdd7d7e298b7589f5d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | dbebc53055fbf8cbd0a0a982057fbfad |
| SHA1 | 470334e594d892f4257a7efb75c2455b37bbf915 |
| SHA256 | 98a3bf399b0016aeee8cccc97532efb467df185c030f938514ed36da207afb0b |
| SHA512 | 2f9f8017905982f34029c9cf9fefd422186bdfdfe41c82d8353456dea0242a952306671fa8f84f67718f5005422dacb47e335f02e5cc55bcff437b335730a4d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 21674dc931c63dab35647b634ce6f8bc |
| SHA1 | 3c71b70a6d8f8c81fa6849847a1b43a721702cdc |
| SHA256 | a24776c9a024e4e31980e1efa379fd8799fc15bfc55b3d0c88b22c1552a63a79 |
| SHA512 | d89b896255da53cd959ba26ac0d517ca0835c457c75d99573a6cd524fc5b22517bf2961cb939a918bf2dd894b591aced6d353e9dd87d2da9182a846e2e22ec32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 5df1a6bdf33d087a1b563223697c53d5 |
| SHA1 | 0929ea732c5af597169a4b9a3d115f23ce3f8d32 |
| SHA256 | e37951e5dc5d7b545cfe3b95b7dffe2c631cbbd4c4e5d27f2b8789063f7f8ec5 |
| SHA512 | ccdbebcb23ef6a6bfc0063db2d716130886b240bf27c50d638d0eb27785dce53452b486cc0d686eb68cff79913494868c0918fbbe13275c1d46ef53cfd175f5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 963cfea6afb598dd6db6bcef3c66aaad |
| SHA1 | b58f3331f4f3b19b6a9c9e776cbe1dc4e4e069f0 |
| SHA256 | 719a3151b6bb6be243411dc16546ca83b54690f14060fd1bbd05107b5818faae |
| SHA512 | 3bcd5b7278479346f0c7bd056583256db2663eb1b9df30ce66d01f7c61db9e667b5d53839ba92ec85cfbf99ab817780316b89b736e2db67126f2cae0343e6e52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 7e935f307442abac91962cd21f3a7389 |
| SHA1 | 5bd2bca5d905961f0265c52c4e2ac717fa1b554c |
| SHA256 | bb3d51fd7005a143906943f6520a3222593bbc1337c29f1c92eebd0fc5a4eff8 |
| SHA512 | 234942ae4b08e3d28ea445bf0e14d01587f2dca0391960443ca56cd6db61cbd6898a066da4ce6a83c81eb8277350217e2babce51fb7645bad9c4141dba95b442 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 5baa4315fde279ed538f7bff847db7ed |
| SHA1 | 364f7524023afb2ac93bcce85d91bb7714d48081 |
| SHA256 | e12e8b78a2e80fbd4105cfd9009d2990851ef6317db28693a3435664fa80a5b6 |
| SHA512 | 7a2edb9e1f342bfd46c8e963626fe32896be9991a20628c0b972a81934c4bbeb4833e75230688cb1b28832cf30ef5d306dd37e6d0efc7613d46b6a8913ef1112 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 4e19b1a76613b9364863ca8cebb7f985 |
| SHA1 | 09925158826289aa05d5a2f4562bab60523adf57 |
| SHA256 | cb242c2b646b4be08d1dffc03c1f15196bd7a03c8f862b336dfb27d1301cd793 |
| SHA512 | f66a8a85f5f29cc656ce1bfd0b13432d37002ef7055312d13856f3d6881e8c495fa73b04dcc943d12707ef83c65a026db80d2dfa3a924ec954d0174ba6870226 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | c7b4e8e220fa32f1dc1b2e3d5bf5921f |
| SHA1 | 7d266ee1f662730196a4c193fddeb9382e967b0b |
| SHA256 | 68175fd03b6f93333810949f4eb54c5dec7d9eb5e4f695cf4ef5eb7f9a8b0473 |
| SHA512 | 111ad5d024c3ccb05525c186f93af388b313a2d3049dfce61f2dd401e29c4bf2338abd0bba364ce926d00624864abf8e82da8db427f34df92907bd522e33517b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | e4ef4d861c83b1c3b927a1b4103d3b43 |
| SHA1 | e1c07c332d86ca79304e0030329e741959943f29 |
| SHA256 | 4b566fb1354c94d9744a6e514230acefee49802ba109fc10a77902d382617041 |
| SHA512 | 47fefe4efb3e077e147853b4148f32310a987d6d15cea6c3c9fb9d673d73a0ada7a0e9de9b86866fd01d7458425b12f9ee8acb6f7398d62b4aff2c8b2617aabf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa32be72168cc055f34d36b994b7b733 |
| SHA1 | 0a18965cfab5297ee14ce0d1dbce0e4a12a0e73d |
| SHA256 | 73135d6c7855e9583ed3140a80c4d2d3b86274b26dae709e45764cc63496e594 |
| SHA512 | d26717a384495907520db0678825d099e758dcf920162a0502e1bd1a431656c8acc8a422e6d7afaa48387adaea309bd5f9268edcdfc096d407b42f58d9b2b8d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | a04b3c19e6770cce8241a2fdd84667bd |
| SHA1 | ea039d3080ec89abd52ca83e916455b5704fcfb2 |
| SHA256 | dce3c3a303741d65c9a54462e27a9959bdbcb2e370b599fc6316b1b410646c17 |
| SHA512 | 8dd7aa3794455b942d828a2caeca0b2ac8b315289fa31aee4c34d797995d2ef630292b893159cf5916d9bc43a793714e1d78f14226a4fc9793d96f23927b11c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 00de88f288a17663a922fd267f3e4a45 |
| SHA1 | 34cd50c50169cf48cd447bcd751f9635ac894196 |
| SHA256 | 5b2244028924c17e8f193d272d891b8007e1488226496c9321f27465ebee19ef |
| SHA512 | 8775804f9826ecdf8047a6c9e509573a853cc7ef149bb10d23907b0e276bf5c2bb14e388588966260de303a41c7f50a593767c4151fcfd8a795f010271941089 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 41ff77e334e62a1d1958bbd087f0b449 |
| SHA1 | 6772cb36f0e3bfaa7d666b33d722518ca204f238 |
| SHA256 | 47875cd22473ca9eca248e26498b434a2180e2dcadd1e5dcec53d56f4a51467a |
| SHA512 | 7a89c447cfff3f198a0865accf1984656e4686a02834a8a543e31005b2705c7b85b8336176891cec522a07902b7f0bd7645e1f4fe0e30577f35d7852bb0080d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | c8b8569e84a8f89042fb64d86b2c6005 |
| SHA1 | fae3c451b4b4c94eaa283294c8d4c02b33add3b3 |
| SHA256 | 49b102de23daddbe0d047f41374c0cd136e0c8384939362748d429a2a21de663 |
| SHA512 | 395b4b3402450f604b7cdd11dc591cf71d9541d4fd094fb7516172b20c40d5a4c8b4f6aeb3e70da9a9c034ab5fa1f00573b095f68c49270b4a28288997e75241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | d1aed455d2e58fd26b0fbba5ea354e20 |
| SHA1 | 4e5144d5a48907eeefd53ca7f2c3193ef5726213 |
| SHA256 | c11fcc428150911aca57647875c2b060b61914bb511a9a51d43e54efd52aee2c |
| SHA512 | 3d6076d854aa7227dcce920b47412c1624ef84d2ce502be4c938d6823cae94c53dc83bd0b55439febee5dfad05ae630fe124f5bf1309372f9bc5c81308cc5016 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal
| MD5 | 9d8e3e00a10c8da555eddfd6c8f85e09 |
| SHA1 | f250e3036d8c395866a71d899c1a79d8c1e94ba3 |
| SHA256 | e251720efd8b5bfc449f805fe5d75ecb4452502bbc661b963c60dc31d4cfebef |
| SHA512 | 65d5013e00ddd890d8cfcafd390c782bc3f44ff7f3121777e34d01d203c761bf1262289eded199b611f8b4cae38e4bd551c326f4af87581f88fda2dbf4ceb4d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | becd443f2fc48162985910ce2bfd2ce1 |
| SHA1 | baca720fbcb09176d7c164b0f4ded0d5c6ecedd8 |
| SHA256 | 00c37c93029d4f50a2af417c0b460eb1ef36871a5dc092cc0495f80a62f54330 |
| SHA512 | 27762e73438e03f862607197e4325476bffe8b2bdff6ba40b2e3ed4c9b4f7bb15ebde1375a87ff2174fc39a57dcc9c073accc31edae3b065713121a9db320e35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 6153ae3a389cfba4b2fe34025943ec59 |
| SHA1 | c5762dbae34261a19ec867ffea81551757373785 |
| SHA256 | 93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61 |
| SHA512 | f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 91099deeac321d3a74427060fdf84991 |
| SHA1 | 82dc644cd45b0ffd8bb3aee222a9feb87b0bb10c |
| SHA256 | ac8119928c25e91fa0f7c6625d5a53f0ee6a741adf44a5b00849c0a96cc785b4 |
| SHA512 | fe350c43e2c5753b5c5b2679a4fd6dac3512730c13d9e37acc0f5b118ff7fb1e2fdcae20b1d45b137ee588191e94e3d1921a198b904cee830e0980065575200b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | b25364c8427771f546a40c8da5dfec87 |
| SHA1 | 4b4d619b8b7d68e220588475bc4d514872656784 |
| SHA256 | a4247eb5fa17174b9bf8ab7dc3d459e7a089b4c826b6df13383e0992c83ca1bf |
| SHA512 | d65be1338b482d812af606e9ca655e3473906670645c223231a978b455522438ae880884240da06401adff339406ceef4ccd38ade7c59c83761ce07721fff723 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 267b8799a2a35c301970878b94b99944 |
| SHA1 | e8dd777e2de9f69a014eac248d812cfd2ec2cf2d |
| SHA256 | c4084c33aeab72dfff2f413c33ded673e6f911b28a5e3aad64483d7d2f4803b2 |
| SHA512 | 1c3a5cfba032ed089d46d1de51c9ea3bef2a7f2d69df12c5453d820ed38c79ebaed81c1d2b858a5437d5c770092bef6bfef8f6de86fcbe16339fd4460ace985b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | dec9cecccc4b6c31a30cf32685b02d1d |
| SHA1 | 7f0bdc20ef6c26cb0d87880fbdd00dc41bd22dd6 |
| SHA256 | f633ba9ee89334fa20dc3a5901f0efd6bd37387807e5b0cfb47db0543f39daa0 |
| SHA512 | 3cb5344c459366f256992f153193697e60ce36b209b2f40495e257a54036c14d85783043d846a295deb7faf47bc466fede4eec7db32ea4d096c63bfaac0aa8fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 9a6dc70a8cfc647a3d45cde21cbeaadc |
| SHA1 | a45d9deb062da784c65601efa9fedf47d5e76041 |
| SHA256 | 90826de990009adea2d30ac5c77276520f70304ed5a623f42c87bf2ef38597aa |
| SHA512 | bd32ec9724d56fcc5d2f7b927b0409c8d552ab102c82b1519cd1ff876b095a5a85716391ba4f9d1824e3923c094da59e815ecdc80060bcd2a78b010127067846 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 18cea9e5e391e3fc6b5fecdbe9a3dabc |
| SHA1 | 2f2b3cb931be52f23a6672a0cd611fb629c7e95a |
| SHA256 | 88b29b66e237f54b0ad06bd4bb689244b00efc5ba96bcdb6020b9dd23fd92eab |
| SHA512 | e446c328b8cfe22f1609abe3e713054a123e1c1b41fae61356c4f885ec423495ee772336387b9ff30c062ce07810ec14e01c4cba7aaca439a287decc5fbaa858 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | 7e86d5c1bf2ff36b15bfbd8fcf748b16 |
| SHA1 | 59a1515ddff8caec85c4f27ffb17b69a42ec6226 |
| SHA256 | 82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856 |
| SHA512 | 943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | 2a029687e73114ebcb4fad10c0114e8a |
| SHA1 | f09cbbed46b9f8c731568bdcee13024e89bda397 |
| SHA256 | fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b |
| SHA512 | 211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 155a593b34285df22ff3a6d4915e2f7c |
| SHA1 | ee18236f2985673be362a60d1e1aecc18f708326 |
| SHA256 | 67bd6fe50c6be4c2cda13c935cc9a82113ad13ad9b7a952ae5e2c07077f0619c |
| SHA512 | c94102140ab9904a3900544442b8c44f612721f0ccc78a014e0b73aea2e89ea2572c917102e80d587d334a98656e78e5ed1a086e91913222b51ff067924c8d79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | eb24276b711146788ad061b43de7c618 |
| SHA1 | bd2c04f9c37a3da700095b87a33344d29d735a88 |
| SHA256 | c2eec8424e320498cc0cf37e44efb176b28212c727af62bf21140277119b2e67 |
| SHA512 | 839cef0ca10331160ff65358aa703cc34c9c7795c5012664a704d7a22bb802d6c282906d26d343b732525971c75a73d8a830401c53061a521030342978572a27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | dd9a5e70831b52424947137535aaf3c8 |
| SHA1 | 82d5c6b441668c8e4b5cc33d3d05f7652b7cdc38 |
| SHA256 | cf3452241f396cecaee6f07c86b3d1185f81f60ca283a68f8a950374b103cb53 |
| SHA512 | 3ffd17bd78b6da6d59b1eb90e77a89f96e0d4b18f37c0a78bbb34d2c2fe38db8c17533121a428698e1f2745a153a8d779f231217b8b9418f25e681ac8f15352a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | daaafa3a6308d4b42292499867d7fc15 |
| SHA1 | 5af30a1f0ed1788e8a057f7633e46c1a1c9d7b03 |
| SHA256 | afdaf9e5649447b79938b4bd23a285a919c94e86508677fe00d23c679e3c7015 |
| SHA512 | ee4649fadcdba063dde3b6111aa5764838e608a06e88128987b09fc14f0fb46384958bacb2b7f6bd4e072d90fcd29ce3f63579ed7b9fa05a4ca625f94a03325e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 962c0dfc0ba5ad10d7343b86fc6b2265 |
| SHA1 | a349f8d8b86893b722e234b456f74d40766beeea |
| SHA256 | 8d6f0885a2c285dd42b3aac6cb64dda0980a98f0481990b9674a6312d95bfab2 |
| SHA512 | 8ec757998c7af9e07dd18eee99587e4d9a1f045631b37c18e3f9fd67dfcf7336b011e6448fa6da68389c0d05564ef80de3857f0719b1ac925f078836c1c0b48f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376016423197550
| MD5 | 3187d14630924a80c98047889b4b2cbe |
| SHA1 | 0f9570bf15d8131eeb665343da55655d48b69630 |
| SHA256 | 2d344004c9f36dc61e210d3efbc6b4c5cc369c0001b0723544246ba3c8e9970f |
| SHA512 | 1706ac99f4c8206d4418e4723e0a03916dd5ace47ac716ba563800ad87396c7f13d24f33670b073946f17cf3ad2b0e33e2f983685f15dd773fe5df6b375c3a5c |
C:\Users\Admin\Downloads\Release.rar:Zone.Identifier
| MD5 | 1f127e5d82bd4fb42a09e7223361b22f |
| SHA1 | 342c535c607a1dce11891c644cd2abfbb21d3918 |
| SHA256 | f5a57bab5e99f1536073f4031ca801315579a289274777d82f5edffedcce14e1 |
| SHA512 | 730a5873017d501b45122943e985cd64bb88b261c12075c76f86f35b1978e7bd06276a35e99f75e4fc2e18ad3576486ca69fc4cd10576421903979e5b19177bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d283cb1a4cce1945348f6c47d2277998 |
| SHA1 | e53d8668b0a62933bfd63a2b307153e5bb1684f7 |
| SHA256 | 94e3770ae4b844d0ce04d2095abc005165886fd1dbfa25899f01aff41c622d44 |
| SHA512 | 509efac8fcd9f3414875ea9a6ffc4fe5fce50094846124354e213595b95cc416c3c41c05f9b90b24154795e8ea17a69fcc0bcaa0733fe1ed8f3615f6285ae717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b83acb94deff18fa4fe855f0f1f0476 |
| SHA1 | ea73e1ac87473b55ce7bc79fb45eefb05535f067 |
| SHA256 | de5cd88e457f084a22c9bc6181192400ddd5589d88583a7a7ce6a663ae0fbe7a |
| SHA512 | 453eb033a8d038120bbbdcfa5eb65bad4b9bd116fd48fa5a7abad3dadece67c5ed16af9d8d4fe9ddba67d12824c124b232b73e36587c98e40f6dfc9e19b21862 |
memory/1188-438-0x0000019819620000-0x000001981962A000-memory.dmp
memory/1188-439-0x0000019835D10000-0x0000019835D26000-memory.dmp
memory/1188-440-0x0000019835DD0000-0x0000019835E70000-memory.dmp
memory/1188-441-0x0000019835DB0000-0x0000019835DBA000-memory.dmp
memory/1188-442-0x0000019835FC0000-0x0000019835FC8000-memory.dmp
memory/1188-443-0x0000019836000000-0x0000019836026000-memory.dmp
memory/1188-444-0x0000019836030000-0x0000019836046000-memory.dmp
memory/1188-445-0x0000019835FD0000-0x0000019835FDA000-memory.dmp
memory/1188-446-0x0000019835DC0000-0x0000019835DCA000-memory.dmp
memory/1188-447-0x0000019835FE0000-0x0000019835FE8000-memory.dmp
memory/1188-448-0x0000019836270000-0x000001983628E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 477cf89098e341fc80b9333eb11b3434 |
| SHA1 | bf287802521e402fefb56acb965ac504c8e75b7c |
| SHA256 | cf231a6dcc333af3396f10f091cf6ad505f74e2112cb47de5be8206f9fec7b21 |
| SHA512 | 371fb63329828cb7b74422b63ea83bb4fc051a7895112b21750c8efa56df57abc56f4c73f60c19aa1c5d870c6bed7c1d9c67ca5547e5f316c54da765325cbd6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5dfa6e77b003617a4951f073af4bef3a |
| SHA1 | 71c566194ba3845b5871e4d4e332b224497f4e27 |
| SHA256 | a67c9454fb64d8a6c3ec372da2987a91d01188cf3dc6368c9b2fda659f6f67b1 |
| SHA512 | 7c78388e3c5622ab3a891a4aecba3f008d316f54365bbbdd214456130c9eabad37be3a83adbefb9509a39ba91a7f2618e128f7ec9722e8ff99efe21a780ee5dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7991947f3420385c67039acb8b9898ac |
| SHA1 | 9ebc6cf0f1194d9e2989a4ea8a992e86d01d1d98 |
| SHA256 | 956f651ec1565aa40f5c90ee878fe9a5c6666630057c191b27d92eb192b72f14 |
| SHA512 | cd5da7ccf81ae83c534447a04d94cf0a43e31f69488c4f2691184a9b28411d2709c3cedd84bacc8606f3d9c658d7697f890e35ce740c29b1b9ded4d4f7a101b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | afe9e64d91ed08b77c94d790770f8ab0 |
| SHA1 | a682650f60f6350e6c3234cf90950a9649edd614 |
| SHA256 | 94160272d44d522906e8a15656e585fd030302675e8fe6c8edc11cbf004d1859 |
| SHA512 | acb925f89d9e66045f7a0e6b142e37fe691c9d4b86e3e3391f5c03f981da03dc10e6b8b69bb3502f95c4b594b3cc3720d38cc322c7fc6541de728c269b20f732 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ac5700eb962ad16f6c4f9bdba4c472b |
| SHA1 | 699608fd87c615fa2fd9257bb8c8129b150943ca |
| SHA256 | 6dab0e2d2609feb160e87d94adf2a5645592e7cac8907432b362027dc2911c54 |
| SHA512 | d86f4070207bfa30e9c4d8d4c38d0a8c0977ee1071890f23263289d796dfbd03ca4befc98c34fb69a6b8b356434b5894ad7e76379ecbc9a4e1c69a1d87752d6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a3085b7b03e86bcccc25229faa67ae24 |
| SHA1 | db9849f27198a7e88aaca1f7c690aa85b4a896c7 |
| SHA256 | 21a0e2a566d2b95c496c29c9f35a4ace6b083948e0b6c25a8fa77756dcdae5c0 |
| SHA512 | 2ef5fa5fcd76649b99f2edc4516dd6dfbed512510568e0ecdd05ce32cd83aa3e3afad177257bc3b0c2dceeb156b4ab71509ffb7e624bc5703453455e06d9ac9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 2f1f940376eb0a1f0c8d5ffc1b950a6d |
| SHA1 | 2d217d8e33efff54171b66709dfebf9dfd6aa6f3 |
| SHA256 | 2a6e1e5f99c8e30e9b8ab07b21db78fd2bc07bc6e9ccaf39bb2428d9e1d427a2 |
| SHA512 | 0884928d4f17b0705c54d41f57b926eaf746891134c3424562c63b8c4caf4927db6a683262b8421148f147fea58f9d38953a73691c8d2d8966943e01e4c44ce5 |
memory/1188-676-0x00000198346A0000-0x00000198346EE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3c04a920-d8d6-493c-b6b1-92ff8d965dbf.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2552a2ce08e025ec96b6385f857d33f1 |
| SHA1 | 99efa5dbbcbe869002e77daa4bb23dcdcb706408 |
| SHA256 | 8861943e5802fb28e1f59bff32640e5d7236f6bfb390ace2fc71a1724be06c2f |
| SHA512 | 467de42e657baf592561c84e0449f9d5a4629205c85835b6e178a04ed1865f218d3300d546fa6c13122551942d893975357a82cc2bf9f81924b1ad45ea9ed58e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f85ab7ca7064942edde55c9caf5e262 |
| SHA1 | 4a707800e1814ab2e2309fa04cc0ad269ed484d6 |
| SHA256 | ec08bcffeaeeeed740cbd554da2ea84109f824298c314a939d34a4e75f6abe68 |
| SHA512 | 57633ab0df911289310966753859bef96405a857c60bd21506deff49b40f7b78564fd9745742f468234fb41b19e4c98c5f2348cf230f5b18e5780e6854961fac |
C:\Users\Admin\Downloads\Unconfirmed 875571.crdownload
| MD5 | 99fb762746f8719f4421e1a897cf7846 |
| SHA1 | c4dbc0fb0c4c21dbdc61e2202162363d69092c8d |
| SHA256 | 2a2d19d053252c1d42e4b7e6119a443b08dabee38f18aa6bbff4e0b730275a5d |
| SHA512 | 931c16b5b4b1731e869a9ac4c016cfd02bf8c23c5f64b76621473bae449925e64bde1a6204ff9e51c439ac99cd47e7b6766babeb916bbffd9ec88cae944c7a56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e66fea2658a60fb9862a90c4438e4df |
| SHA1 | 5f6918ba7149ac116e2ddd14c2883f00da872c4b |
| SHA256 | 6fedfe4be44b326ada32194f2a10b13c2bd9e34d588250608aa8816d18daf796 |
| SHA512 | 6b5871c6b71b15819adecc9efe48039c43de9f74e7eed5e0768968278363e174a51f4e3edb3efa1bbc78fb0d6d309053088358bcd03a45e6a3ede3d1737b9ea4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ba43411f7a64f00cf8b93335bed873bc |
| SHA1 | 4c5fbe73b24f6ea3a25be477f234ac9f44b72614 |
| SHA256 | 9faeec5ba72a2a8cef59d26082ed6f436631a84cb88d84ac32e630435cd53d20 |
| SHA512 | 0cb3195a15978139e4d7f0da52f3dfaf71e298863f476e836f198e3171add4fbb49d96c214dac343a7e3c6e99cbe4365059973995844838ed8fe1052a152d3ce |