Analysis Overview
Threat Level: Shows suspicious behavior
The file https://mega.nz/folder/02dBGZiQ#8BKNCHdKg8CYTETbbmhRkg was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obfuscated with Agile.Net obfuscator
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Checks SCSI registry key(s)
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-29 22:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-29 22:19
Reported
2024-12-29 22:21
Platform
win11-20241007-en
Max time kernel
142s
Max time network
133s
Command Line
Signatures
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Browser Information Discovery
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\xera.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\xera\xera\xerav1.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/folder/02dBGZiQ#8BKNCHdKg8CYTETbbmhRkg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc06ee3cb8,0x7ffc06ee3cc8,0x7ffc06ee3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2028 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5252 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004F0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\xera\xera\xerav1.exe
"C:\Users\Admin\Downloads\xera\xera\xerav1.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/TzsNVCW2Nw
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc06ee3cb8,0x7ffc06ee3cc8,0x7ffc06ee3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 89.44.169.134:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.134:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 86.49.80.91.in-addr.arpa | udp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 89.44.169.134:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| SE | 69.30.89.32:443 | gfs240n122.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.32:443 | gfs240n122.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.32:443 | gfs240n122.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.32:443 | gfs240n122.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.89:443 | gfs208n179.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.89:443 | gfs208n179.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.89:443 | gfs208n179.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.89:443 | gfs208n179.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.89:443 | gfs208n179.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.89:443 | gfs208n179.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.37:443 | gfs208n127.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.37:443 | gfs208n127.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.37:443 | gfs208n127.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.37:443 | gfs208n127.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.79:443 | gfs262n369.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.79:443 | gfs262n369.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.79:443 | gfs262n369.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.79:443 | gfs262n369.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.79:443 | gfs262n369.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.79:443 | gfs262n369.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.37:443 | gfs208n127.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.37:443 | gfs208n127.userstorage.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cb557349d7af9d6754aed39b4ace5bee |
| SHA1 | 04de2ac30defbb36508a41872ddb475effe2d793 |
| SHA256 | cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee |
| SHA512 | f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a |
\??\pipe\LOCAL\crashpad_3108_PBCGOGHFSRHQXVPU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aad1d98ca9748cc4c31aa3b5abfe0fed |
| SHA1 | 32e8d4d9447b13bc00ec3eb15a88c55c29489495 |
| SHA256 | 2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e |
| SHA512 | 150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5e13ffd4e38e6ccba231232d174f116 |
| SHA1 | 861337f1c3a802b017826c072562e57bfbcd1c44 |
| SHA256 | bcc1efb8d74e392b3ffe2fd88788129d9e7dda5f14bb23aba5df87a105a8fef4 |
| SHA512 | 61b60b7dd64feaa0e16b82e0e6f5d7a9428d72ec860eab62a5df22518fe182a18cda593dcf59264fe6dca7b89d2e9b91a07ba91b1b87e22f2dd93e1ed25e40f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4023ca6dc3542144eae77993f9dfd800 |
| SHA1 | cb23ef3cd43998007c53e501991a9dcaa504becd |
| SHA256 | b05eb1ecaffc15f7c1621fbfb8f40e403cbe16e9c0b935de9db22130ef171b81 |
| SHA512 | 254adc027c7dbb434073e69da53e15b5d7767bada2c61e05d9a30884754ec81b0df65ec29af280f56e435a2e43cca0c2c4813fbe39a74b5d579612799847348c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9af7bcbb5655efc8e8db6309e4671348 |
| SHA1 | ef70adb55d3c93d933cdc3608add21d47473bd12 |
| SHA256 | 45d3d1ad1f2c1e2039258ed544394c9a0087a671e0b39cf00cd3cf2b7d7a9c66 |
| SHA512 | 194ea85e878afd00902b3c822a48271c7d217cd5b471ee315ed10d2daa533e56b783fc10ecee7cd6c1dd9ef4114e40387df87759813062903fb9fa6a442cea0a |
C:\Users\Admin\Downloads\Unconfirmed 643375.crdownload
| MD5 | 1c24930f8a949586fb93e1fd62de088d |
| SHA1 | bce395a44b0254fe05fb25a08ba9a0c72902e83a |
| SHA256 | 65ff7709c935ecf3144670cde40a5a07685337d557242cec88302f575cc3453e |
| SHA512 | 7847d3d66cd68e1c2aec614cea230fa6c82d6f0e4dbe5a2897296e60de8149c76f23f6939ecfe2d1cc8fd4570fb0895bed88a85a878e2097884f82fe8007ee93 |
C:\Users\Admin\Downloads\xera.zip:Zone.Identifier
| MD5 | dfcb8dc1e74a5f6f8845bcdf1e3dee6c |
| SHA1 | ba515dc430c8634db4900a72e99d76135145d154 |
| SHA256 | 161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67 |
| SHA512 | c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 76b18619fa495100887b6a07bd7045e3 |
| SHA1 | 28bb8c33765c1fa15be7dd1a6418062bb49451e9 |
| SHA256 | 43a9ef55cea86606e7390785247d9cc9104f015f4ca2e302526949f6a9536469 |
| SHA512 | 1ef2838ceff2a997b805cb1dfa3f63b46c229591014502601ca95f8dbfce93be307f5d1bcb6d5582d8c3ec4d3175b42489c86f2ae64d68b3cba7f0a56a134f81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4cda2b726f5ac20f8b32e05ca8cc612b |
| SHA1 | c77c7b16c461d6ae8aef4c70bb6c4358cea21ee4 |
| SHA256 | 0701bd3507857e6ce7aed14b8947724728d753a0bb3abb97f10727201317c3bf |
| SHA512 | 6a58d572c72c214ca6e8b616196f14b2702890eb40bd47a0c4d9aaa9bd479024d03f18a4cf146ec50312062f17ed55a35362e55aec57c4ad69a46c14574880e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ebf6.TMP
| MD5 | 30e9505a28724bdc1f7cbeb0ebda3168 |
| SHA1 | 9324a864ffc5ef96bc0956168b21ae7b1d199250 |
| SHA256 | dff8e1147382225d5bdef7fe9083be97fa0809b46baea822d801b45e24bd9650 |
| SHA512 | 10cba5456896542d4556ad84e299f38b53db37d618882f02371d250772a9b2d29993974052932b83841d5e1af302acb190302dbefc586ac93183c090b15368ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | d8eac4d488fdd10922d1c4492a32487d |
| SHA1 | f840d6558670607000f046fb506ebc74217dcaee |
| SHA256 | b78cf3caa9e843c4a9132a2988ea3e5e03eabfb1e4eeabfc18f8d9d8bf4aadca |
| SHA512 | 14f3a84a4e82e832ee424c4e6bf844fd2d7461d69fc28a7911ab37edb63e9f3cb21ce23508694a5c60a4262617228e5a6282558fae157051914b106b97ddc8ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3efa10535af2cd74a7f9befac3ce48f1 |
| SHA1 | abcfe814a0a4ea510f0378eab634883069f80f0a |
| SHA256 | e90d5a5787a2618deeaee89db26ac54815a8eec3f9c958cf7778aed19740072d |
| SHA512 | 098cbb12629838dbb2601fb7540b0e047cbf631e4417f0ed857e464f020f36481ca5c2b8f018703e5218578598c605d926515432230ef9d95b9ac7d2eaf271c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 008114e1a1a614b35e8a7515da0f3783 |
| SHA1 | 3c390d38126c7328a8d7e4a72d5848ac9f96549b |
| SHA256 | 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18 |
| SHA512 | a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4904a5d3b7900656a3d336fbb69bdda7 |
| SHA1 | 0c0eb9a1e8ea93b35e62ce87b4f5a8fcc07aafa2 |
| SHA256 | 4c8996f809b955042527a0657d8eda91739b2567e627a00b8b648ded3a521a71 |
| SHA512 | a53de4ae134e1af214b70db62287651b7dc43c628ab946d2175ec4427b55e68350533906e016c5ebabe6953296044478f18d163aa4375b95f4ef80fbb7cb6a59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 71ffe8a34637263712a04f3d8a2258b4 |
| SHA1 | 2f393bb8bd68fb0c5e9788e01e2fda8f27262ec5 |
| SHA256 | 39971a3cbc6566780cd3efd9023d476f3d03be32e9fb4f46cdb5323927c4fedf |
| SHA512 | 6c71ab6e2f3ef8702749429b6d854d191faeb3ea14ed7b0c5052340deb2962794f34c509a4587446c1d93abe809553a95165e116f6493b634f89a905c6e7fab8 |
memory/4072-384-0x0000000000CE0000-0x0000000000F98000-memory.dmp
memory/4072-385-0x0000000003330000-0x00000000033F8000-memory.dmp
memory/4072-386-0x000000001BEF0000-0x000000001C03E000-memory.dmp
memory/4072-387-0x00000000031D0000-0x00000000031E4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 852b3c86a6d00a8d3060b0e512794602 |
| SHA1 | 587d453d6f65cc18b93d7a337aa8469194cba20a |
| SHA256 | 4c284c3b63994d4c70b60f8aee3eb6a30299524a3069fd7a33b163bdef47d8b7 |
| SHA512 | 5714749c9a80abcda6b4afdc2edd387d486d0011799e19f597a8a40be98cb2af405eecd0d38a39954f772b68508642c3ea51cd97e50222d3d78b68652783d683 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 621894d2f21905aeb9c029008675948c |
| SHA1 | 0c6eb44d7d47022dcc09e54c7c0ac651bae32aae |
| SHA256 | c3759c102d942a245d233291352b56bb2df3f49f987d50ff51e86883fbc7b972 |
| SHA512 | f63dcc2cee5483e6be5bbfb627df8052e688aac6a79c77313ba55764078f4f694383ca3ba479603814853da67c6c1448b97aa0ce2f94b13baaa72f63b29a5915 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | f62ed2b98e56f9545f9cf56efa4da37b |
| SHA1 | dd2f49bb6b32b399411b5aab8a9786cd1273de37 |
| SHA256 | ec9026c5a8c96bc5f62506cab36711f065f3bc3c8587154b57680fe185166dba |
| SHA512 | acad29f2dcbf24816af9ae8a492fb7d6dc84a1716c1d605bf295b8b28dde8c9061815036fa402b9d9d5042616d8f2ffe2c03bf44a9a2c14c80829a3da2bce529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 3e6364411fb2303e0d6419f3316ff8c3 |
| SHA1 | 6ee8ecb2de9d69fdc28ef02ce31a2cc5f8dc9373 |
| SHA256 | 2cbf8b6cc314c5d76006f182c0dc116e160b4736c462a06395a092f0ea378b22 |
| SHA512 | fc71ab918fe8204bc8ce4cb8b0520c3dd13e3c07b8f0e63b08fbc32f9dc32ff235cb09f25bb8841f4aa481fe9a08ed7f7c2a735b8d8e875248a2fa5f238c8680 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13379984363237866
| MD5 | c8257272cd9f0fdadea44fbb12daaede |
| SHA1 | 7177e2c67428b06e997b6e063501d9df6fff0077 |
| SHA256 | 80c6c17da5e64051801d33040e7ac6df419c33c3c19037707077fc187b8356a4 |
| SHA512 | e8f590596fa17053b9c028aa3f3ea723d84c7055f12c8c6bcbc8bd4327e762e9515e990c71664a4c30c25b31cdf3b18fe014bff3d9ceca5b7f262ca482d68426 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | d61f4478ff2abf04bd09caf0450bbaa6 |
| SHA1 | cc574cfe0ed854168b9ea04c71018f41a603f66c |
| SHA256 | ddcec686e057ef63ab641e56c99fdc70a59ddf987d7d6a4a0a215b448c826ac0 |
| SHA512 | 38fb8be23eee44331262c4a767e8f3796450c46be8efa5763182ae7d3479b5062a39f8e808df9571cc1f463d1dfaa139c8c66faeb0ea3f8bd8b543e5a5eb56d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 75412c8146fc5f328c12f2a47dfa33f3 |
| SHA1 | 5571452220a473a126a1817acf16e37eb2e2eb87 |
| SHA256 | 58905b5abe7f382101f128ebee8a6ba59f9c2c40cec11e4084677da0af227173 |
| SHA512 | 257f0177fb174892e797333243ec98c3326bcd0d60ab4e053fe0b602ce006d85e146c883b7f4bbe4374e8859f5cf78d47566a7884c0de2a3065a85826436fcc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | da7a0fa096144ebaf6a8a2ef84efd7c0 |
| SHA1 | 8e721480811ef6f95b8e0ffc8fed7826ddd7dcd9 |
| SHA256 | c5519c28698fa87c5229adff2f1b81bbd6647c1472066d61606081870f568638 |
| SHA512 | c27d249b12206756a6f2215cdd49c05bf1b4adde6d4e8244d6fcd4723b05d2df41608703e9cb1ca3f9169816486a0df79f87465189f285fa68651ea6ce62045e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 84fbf1276f120314f7ef1397c80771b3 |
| SHA1 | f8673180507f109eb415fca1ad55b60db633be6d |
| SHA256 | 016febb23f38fe85550eedc8bdb073c3f55d35140eb887bfbe42d657faa63cea |
| SHA512 | 8c07bec7fce5264e7c7ef39d0a4b530783f3389a631f7835e0a9663b53bec5d83407af4df96199fce34681931fade18ffd4e48768e3ed96d2c49929e0f741784 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 18e46602014eb02065e054719623beac |
| SHA1 | 643244511c9bfe97493c011bc59b3b5195b88b09 |
| SHA256 | db949ae0a218da6b5e53da5ac42a778113b4d41102f398d27563263ca225816d |
| SHA512 | 5f5d6039676f987a422cc85734824f0b2370fe8941197c593ff0811fb724cae6b6498e8e9b15c45e517fab4aee397422ca0ee8b63a20388e8f356af78dcbc714 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | a3ed0c1be9561471582f8011a143fac8 |
| SHA1 | d02c72734e0dc5c66dfb6b524ac092ef2decf38f |
| SHA256 | a177678107c485c8766613b5dfbed08caa70d570be2fb2485eb9f6c1d3718875 |
| SHA512 | f14f5a4bf65d0f9d1bce077e6405c7ae099a499c04a053277884b79c718b70a6eb44039fa6eca94eef8b78317c1f3604df0189d8e8458ca01039b59dfddaf487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 13d3779cea804b18a3cfec98abff59ea |
| SHA1 | f9632651c19c90a601eb6dad95f7dce1da58e15b |
| SHA256 | 0100c012f6b1e81b69a4f633c66dd714b6bc5f07416efec844204add455cea5c |
| SHA512 | 60902fdeb767d8a6f3f221e7d398f5964119dfd275705641ddf7f1e9209cd9a342c355f64a5baa2eae24290792803f456bb31332cfe126fd30f710a09cd0e6b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2ad92cd4f23cb4c9aca348dea2ec6363 |
| SHA1 | 7ffe3bc242a16d616668c46531ba45b9b8409cdd |
| SHA256 | b4f9094535a0d97ad33d2a82dc9495a90f80f49a8ffc21f579e1713736b73529 |
| SHA512 | 6d2b711739bfab13daeebac060d6c9b202d572ce2c8901092e6967ced1cac97111d040472db81b30d86fe8279a4433240b6393a832e5bf67a73619fd41187312 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9d93605c756d97110c45bd2a8a91f872 |
| SHA1 | d906b67b316541a5fa74bc9c87deaf306c079724 |
| SHA256 | 9a6a29947cb715b20dc84690d34ed5c9d34b56883be2e4f93d7951007e68b4fa |
| SHA512 | 890e9adaf7cabdc4b6bdf0110d4fb26975435c0dbfabfac8662240b1d792a451a94d2ab904701280b3037c68be21081b7460b7e1e2471f7afad54b3320383f9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 5970d3a421c9695027a942184fe32b86 |
| SHA1 | 991c7bfdb2f69c701f46235ee7be817cda57020d |
| SHA256 | 42684c2d2644b61a28cd287cb0bc7dc538f1a208f7b79b7a367724edf3ab2144 |
| SHA512 | fba2e83a193ff24efaf15201d09f028156100a058ce478f588f81a223e09b1329180545e36d731833fdbccfa6c3c4462026bf2b6bb695cdaaa0ef24144405b95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | a3c3f30109d9cf693621cf663018f88c |
| SHA1 | 5e583496237ed83230b7c83462c7061f288f6462 |
| SHA256 | c5f07e21163fc7eb62267eff75585c228353bd039cc8c3e5e981fff96d9d86e8 |
| SHA512 | 32cba36bf3c3c25b6618a15bdf057c9db856f1c6ba292b233cc2a7a87fed3d170609c546bf07474bf9eecd6cb3c24dd9de06a9390db63f4354b8152f83c1ad3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | 7e86d5c1bf2ff36b15bfbd8fcf748b16 |
| SHA1 | 59a1515ddff8caec85c4f27ffb17b69a42ec6226 |
| SHA256 | 82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856 |
| SHA512 | 943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | 2a029687e73114ebcb4fad10c0114e8a |
| SHA1 | f09cbbed46b9f8c731568bdcee13024e89bda397 |
| SHA256 | fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b |
| SHA512 | 211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 371acbc285b49822148df22b8a2cab3a |
| SHA1 | 505297dc85b5259977f05b653d7a80235bfd89ac |
| SHA256 | 1d77b2b5f17f5e215971200dfd6434931a520207b83875b1d7f3d0e584efa10d |
| SHA512 | 966e2201e084cc433480909d2f741f9ae48b10f38b8a1fc7db072d8e36a8f9c80c4093f36abc8d6de7965ea845692b1a8d310bd1af705f09341d6fcdc985151b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | a98076a8742f552421fa1a698d5c1aa9 |
| SHA1 | 9943f40de1a9058f79153486b7336351d0d7b769 |
| SHA256 | cef9a522cc7b6554ec85f788684d1417dae2a4f3c5448f35ed4f3132ba18d36d |
| SHA512 | 8edfafa5d4f0d2bb5a105fdc8b8b42f2705bd4b17fc733f5d4b072c32798e92ca2e05763fbd105cd8f12fb62db20af45e1b6e09cbce200f20aea54211553fa51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | f7f672170f817b98fd1b4c2d728bf4b6 |
| SHA1 | eefb6a62d115936976cdf891c3d3df3488353593 |
| SHA256 | 769a79a90804a1ed37f0dc6cbda09d470f0d395f5b4f6c7e636b987a34f2545b |
| SHA512 | f024927c2b541f5c515573acc698caa6b6568ffc7adf3972c03a96bb75b0dd916fdbd2c4439cf1f91951040f15674cb5d283eb19480bb8daf44b8f4179bcfd66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 88f59b67373ce6faeeb618de325eea99 |
| SHA1 | 045687e066c93fa5b368a3c230779b1ac06826e7 |
| SHA256 | b85da6d538d80c0fd0f552e435bcf341e4b49d6d6ba4d9691d0b6f927e56b4c0 |
| SHA512 | bdb0950eeeb64788f5a397359c3e84636b510c51b76deabc8f575e29ce4412c2e009acb127c9ffe226df25e9cb05759eb1ecf4d3c33ea422ba62ab532404798c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae2081642a4af49e42cf7afdf5924a03 |
| SHA1 | 1730dda4057e2fe145665c19198a7e812a45b41e |
| SHA256 | 3ec5011fbb542af1332d867677032e6ca2da9cf4a9ee1fa641a567b96282e686 |
| SHA512 | 2e2b8420a97bcd268cc23940757dc2084ea4f202978de9918d98b7bb57778f3ab3275bf3d3b3cda58bab12c42b87f1a614ec568cf00af2bf23a2e20a475e9283 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 5ea7216032f1458c3be76c139f2ad2ad |
| SHA1 | 9a1bc5d247ea3068a16a9d43e8a588c26369b27b |
| SHA256 | eabab0ee01f3cdb4759f9ff2e77afbee7c175e3244040fecf36f95009e0aa76a |
| SHA512 | bd0bde94cef0ad9823a470c391a4fb336fb3ef59f59638dad4f1293402489be570df1a48daf98a56e032f84ff29b59aa1e26e78f36109f2d0ab3b2ea45c0f6e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | cbbbc7d124422e9d4f01cd5d60d375f2 |
| SHA1 | 95773ed618cd2bce247380ebca39a43f6de1279d |
| SHA256 | 04689bd146ba13ab074d1d0dcf0502f9210140ca573729dba506bc30b2bbe52a |
| SHA512 | f36809389d9a627b9adbc63a44d6007a0f277ee9be82d6a6beadc407f6e23cb450454cf20aeac9d14f621a5d4bf0cc45352312d1de2d38b615d977eac743d528 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 55fa2e1e7bbab2177cc3ae15e9639f75 |
| SHA1 | af9671a320f1d269feb45f5952058db4efc4bb4f |
| SHA256 | c10535dde8b5b26fa941b518dd4092ee11cfe5b1a705f516d6f146815b8b8d78 |
| SHA512 | 30bf2c2384cc5fc0a7bbea991da728a6a85668d9166e535f03ec426c5a3bcc55fa1daaae9b5bf26d93bfcfb45549f18495442a9961948c45bef528da7e07fa30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 9565600639fdca3110b711a64b6c0f8b |
| SHA1 | f6a1c1384ce83dbdce0b27c3cb3a104eca3adff9 |
| SHA256 | 59ed66a3a27ae4b5a5366f7736195dbbcba4dd4d8f7b9dc1cd17d9bcbc112916 |
| SHA512 | 22c09e7f1894c24a952222734a069a80c53d5cefce97271c3413ed6d5fcfcbcaf7324b3d5f6f0ba9db55d9b53735ad9f6a365b68a17c6debb90e04acf3f3dc55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | eaa8e2c251f108d4b8dee1995707db7a |
| SHA1 | 264901adeff28012c9bd0eec8edafbb3dc7e3be5 |
| SHA256 | 8b07a402fab2f48227aa7705139f3c232bbc9db0f1763b93b353ee1b4ebede48 |
| SHA512 | c7436efb5b75cb1121e8f253cd513eb16a668bd66bfde009d1e84885f95adcade4862fc78af48e0f7c33b2c51e092e411756bfbb4ca3f39bfdb78f12eee9aa58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | f3d5f161dcc1a8bd405cf47d1802c52a |
| SHA1 | e762fe3cfcc82eae41fe27e1ec07c1a1ac7b4793 |
| SHA256 | b3c03567a32d663f814ffd6a68188709ac9fbee2f6c3a80cdb6e38e8b9e12d0e |
| SHA512 | 19460846ec942a7eae889dc6a54fea6160aaed65159a96d0bd29da7c7cec2a649e31cc39e8839ea5c8ab309046e6efe34665d764945232c7623f55fcddf5621f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 48e7900349f06e3bf146edb1ce110316 |
| SHA1 | 59c6ce65086807249669e6110951b7dbd5abf5e2 |
| SHA256 | ab8cb59bf238edf0f7b0b8ac89f709a74e9234589fa526df1c98d1ef33fab2c5 |
| SHA512 | 85beeae4744b1551f671b5d0e40b4d658b09ceb2d4679cd5cae636ffebcc7defbea171ebc1b4c6c37d1793220b414cb3c90028553171d5a9eb6827ab1763a1ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 3c000f6f9dc1ddaa10a24769a68bda68 |
| SHA1 | 338c348f56732e159893438ddbf0569b6830aea0 |
| SHA256 | ea59f5b3c8f5bf7405fcebd2f10112188e228f7ec950c7886498f1d1f27a293d |
| SHA512 | 790c0e2f21db577435b254c2384e1ca992c73fb5856b12dc03decb64515e7e3cb373d79391ee9a54532703351ad91cd2213c195eb8d60f95e7beae98557e0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 53809c5b10bc3702ddfcdb479402c551 |
| SHA1 | 0a8435aa6b64218b3e57feb7a70ae2cd523af8fd |
| SHA256 | 95b37fc311a59780baf9846248e8ca70cc706fbc2c794be945f3895f1aabf2b8 |
| SHA512 | 302a1fdff3371a2e2d77a0e9b524f2fd42356e83d6559c63ae40e9510eb693a6ac345639876e372943af28f04f2d644f84c64145611df360cfec6588f5d7942f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 4b3cfe3fb13bbcf4109ab7f2a3c3e0a9 |
| SHA1 | 415dc5bc2ff8997ec006f944c267304415b65c15 |
| SHA256 | c6009f41735e1107fe56b8c90e75e1a5c6f49c66365883eb8df1551e69263abe |
| SHA512 | ed832bee74a0c8d892071f45b539d9936e154d86327d757a7c9d7897caebceda75910d92167476a199a004fdb762ea9ce53444168738c54127be2ec868d3d790 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
| MD5 | 2b05993e25820ca6de46c3699dcd3749 |
| SHA1 | b9aac78da85afd7b018b095f38ddf2c4de3aa286 |
| SHA256 | 7907f8d2d1daaeaa14986a1d154f5150cf17b771e44ef2af6b38ed952c147c37 |
| SHA512 | bb1133cc2a4c1d33d1127c00c1b854c1a62414e4609e2c95d1184d44eb44e64184ea7fd1a88f8a5dc0a62ce7bea0af871b0bfdb270c6c5933871d682be265c69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
| MD5 | 4d208bf16374e0766605112cfd4e1503 |
| SHA1 | 8a58fd024e65e427ab897c0bddf3c32a72dbc77c |
| SHA256 | 86f7d81683ebd0536c044564b251a36fcca5194b316900dd37bc336e7cfe0296 |
| SHA512 | ce15088597809fbc562dc2fd4c5f99864418c6ad129b23604c1c7980f01a883caf8053db692af41dc751223df69eb8f55e5910510a7965c56f9f266a20c8a4bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | be88db4df74be0d3e44b6ec79b74e76e |
| SHA1 | def8756724d83001203333ca4333e4617b1715c4 |
| SHA256 | 81608f8ba170e3e6de780d4a9f8d00de2e192ac503e793210f4978a772044805 |
| SHA512 | 2d83378ddba21ab289249b3b6e7f80786f1ac101f15ff7cf3f21ea2bab703b3c9f57e22111101b7bf5c7d12417a383ba074de914167895b49ed558db0e490bde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 709129e159cf0f55c57884b1fd217b5d |
| SHA1 | c4a1ba04fb6711060ec30618a4b2a5222c045ef7 |
| SHA256 | d8f1e720fbcbb52ea51ece50674ad02d0dbd253dc281c1d31230812d646d4f4b |
| SHA512 | 728d2bb4fb4d75ddaf5358ff8eb0452df166c4a701c89409dae6eb147590e0ddf423ccd26f83d08834fb0b6c6a2c79b94518ea39ce67e3bb3e4520a695f1f81d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e8790e3d936c5c5f44636da37f244d9 |
| SHA1 | 9208e0b61ace07599802bf7642e07aa0d6d4ba35 |
| SHA256 | af3e030b454b40d9a23f086aac4b56ed38509c26f12b38c2d81219fa9cbd1704 |
| SHA512 | dfe96c5d1199cf40b358dafd8d45422072f2d25a36b6cb828c3203e83c96f271243be0377f7729845450857a8f63879f54ab7cd6ba586efebe0cfa74934249dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2d67f869657ae13e6ec7ec18320c93e4 |
| SHA1 | 1304befa217b1e618c6f9632d5c66207a802a567 |
| SHA256 | 1a06a968a9eecedc3364ba56c4978530a38917dc0eedfa938d43ec4b2593ed02 |
| SHA512 | 906554a9f9943645d2a2650d23e741986aec998605bf93014520f9e38dac281d7166ea6d530b498e5cf039c33be78ec52e57fc9fa8e6c590c8e011226d907cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 99a5aa8b6190d8b44fe263686eadfefd |
| SHA1 | 5722a144716dbd0c9f662f71e8446d75d65437e1 |
| SHA256 | 6dda5f876dc8478ed3b0c28e2378fecee5d0837927e21619d6474ba169740346 |
| SHA512 | 827e3e13ea5d2894567c398db7cd4e954cca2818633f74831c9f2de2b49a1505041ec23e2c866644a2e64ef16224c5f9917bc7ebd03c7210a1081e2ddde07b6a |
memory/3500-550-0x000001BA82700000-0x000001BA82701000-memory.dmp
memory/3500-552-0x000001BA82700000-0x000001BA82701000-memory.dmp
memory/3500-551-0x000001BA82700000-0x000001BA82701000-memory.dmp
memory/3500-556-0x000001BA82700000-0x000001BA82701000-memory.dmp
memory/3500-562-0x000001BA82700000-0x000001BA82701000-memory.dmp
memory/3500-561-0x000001BA82700000-0x000001BA82701000-memory.dmp
memory/3500-560-0x000001BA82700000-0x000001BA82701000-memory.dmp
memory/3500-559-0x000001BA82700000-0x000001BA82701000-memory.dmp
memory/3500-558-0x000001BA82700000-0x000001BA82701000-memory.dmp
memory/3500-557-0x000001BA82700000-0x000001BA82701000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 1e7dd00b69af4d51fb747a9f42c6cffa |
| SHA1 | 496cdb3187d75b73c0cd72c69cd8d42d3b97bca2 |
| SHA256 | bc7aec43a9afb0d07ef7e3b84b5d23a907b6baff367ecd4235a15432748f1771 |
| SHA512 | d5227d3df5513d7d0d7fb196eef014e54094c5ed8c5d31207b319e12480433f1424d49df759a7a2aefc6a69cef6bf2a0cc45d05660e618dc2ec9a2b082b7b5f7 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | b5ec1c651d538125bbad8ae7b5878883 |
| SHA1 | fc51a9862cd962c1dcf92da77deca73aa79f0c04 |
| SHA256 | 7e4836c483ec272727cb1e69f6d1769be0f8ea3783dab5fc6846bea18f8c5114 |
| SHA512 | ce915256b7339ce5ae8c12864b66f8c83c4ef31185e46d5877776a4fb21ae18a58c742af77312d54ca77f42d33c63e9b6ff868c078d11d423dac4b72cb599f2e |