hxxps://vx-underground[.]org/Samples/Families/AgentTesla?view=grid

Resubmissions

20/03/2025, 10:23

250320-me9bdszyfs 7

20/03/2025, 10:19

20/03/2025, 09:58

20/03/2025, 08:24

20/03/2025, 08:16

20/03/2025, 08:11

20/03/2025, 08:06

Analysis

max time kernel
354s
max time network
352s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2025, 08:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vx-underground.org/Samples/Families/AgentTesla?view=grid

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1860	AteraAgent.exe

Loads dropped DLL 1 IoCs

pid	Process
2552	msedge.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\ffcd2127529093b63dbfc09a8f3ea7c52b91aba6b60a7132fbcb23aa0d41818d\ffcd2127529093b63dbfc09a8f3ea7c52b91aba6b60a7132fbcb23aa0d41818d	7zG.exe
File opened for modification	C:\Windows\system32\ffcd2127529093b63dbfc09a8f3ea7c52b91aba6b60a7132fbcb23aa0d41818d\ffcd2127529093b63dbfc09a8f3ea7c52b91aba6b60a7132fbcb23aa0d41818d	7zG.exe

Drops file in Program Files directory 33 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_797945281\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1094481207\regex_patterns.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_192236181\ct_config.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_192236181\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1853260289\safety_tips.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1853260289\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1853260289\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_797945281\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1965660498\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1630715766\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_192236181\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_797945281\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_292247372\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_292247372\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1965660498\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1094481207\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1853260289\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_192236181\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1965660498\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1094481207\autofill_bypass_cache_forms.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1630715766\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1630715766\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1965660498\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1094481207\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_292247372\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1094481207\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1094481207\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1853260289\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_429178183\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_429178183\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1965660498\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_429178183\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2552_192236181\crs.pb	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133869328339338776"	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{B7B5EA8D-8CF1-4F19-BCE3-83B8F9C50342}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2992	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeRestorePrivilege	2504	7zG.exe
Token: 35	2504	7zG.exe
Token: SeSecurityPrivilege	2504	7zG.exe
Token: SeSecurityPrivilege	2504	7zG.exe
Token: SeRestorePrivilege	5692	7zG.exe
Token: 35	5692	7zG.exe
Token: SeSecurityPrivilege	5692	7zG.exe
Token: SeSecurityPrivilege	5692	7zG.exe
Token: SeRestorePrivilege	2076	7zG.exe
Token: 35	2076	7zG.exe
Token: SeSecurityPrivilege	2076	7zG.exe
Token: SeSecurityPrivilege	2076	7zG.exe
Token: SeRestorePrivilege	4824	7zG.exe
Token: 35	4824	7zG.exe
Token: SeSecurityPrivilege	4824	7zG.exe
Token: SeSecurityPrivilege	4824	7zG.exe
Token: SeRestorePrivilege	2992	7zFM.exe
Token: 35	2992	7zFM.exe
Token: SeSecurityPrivilege	2992	7zFM.exe
Token: SeSecurityPrivilege	2992	7zFM.exe
Token: SeSecurityPrivilege	2992	7zFM.exe
Token: SeDebugPrivilege	1860	AteraAgent.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2504	7zG.exe
5692	7zG.exe
2076	7zG.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
4824	7zG.exe
2992	7zFM.exe
2992	7zFM.exe
2992	7zFM.exe
2992	7zFM.exe
2992	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3900	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 5516	2552	msedge.exe	85
PID 2552 wrote to memory of 5516	2552	msedge.exe	85
PID 2552 wrote to memory of 3108	2552	msedge.exe	86
PID 2552 wrote to memory of 3108	2552	msedge.exe	86
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1564	2552	msedge.exe	87
PID 2552 wrote to memory of 1700	2552	msedge.exe	88
PID 2552 wrote to memory of 1700	2552	msedge.exe	88
PID 2552 wrote to memory of 1700	2552	msedge.exe	88
PID 2552 wrote to memory of 1700	2552	msedge.exe	88
PID 2552 wrote to memory of 1700	2552	msedge.exe	88
PID 2552 wrote to memory of 1700	2552	msedge.exe	88
PID 2552 wrote to memory of 1700	2552	msedge.exe	88
PID 2552 wrote to memory of 1700	2552	msedge.exe	88
PID 2552 wrote to memory of 1700	2552	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://vx-underground.org/Samples/Families/AgentTesla?view=grid
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff98d19f208,0x7ff98d19f214,0x7ff98d19f220
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1796,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2284,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2596,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3424,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3432,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4988,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4832,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6132,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6180,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5124,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6448,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5376,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6884,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6464,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=3060 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=3060 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6412,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=764 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5472,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6216,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3632,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6392,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5856,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=5504,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4840,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=7052 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6980,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7092,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=7124 /prefetch:8
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6476,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:8
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7108,i,16495595915570807966,79976108179781227,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4772

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3900

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4476

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ffcd2127529093b63dbfc09a8f3ea7c52b91aba6b60a7132fbcb23aa0d41818d\" -ad -an -ai#7zMap11785:188:7zEvent47
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2504

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ffcd2127529093b63dbfc09a8f3ea7c52b91aba6b60a7132fbcb23aa0d41818d\" -ad -an -ai#7zMap30962:188:7zEvent24292
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5692

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18196:188:7zEvent670
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2076

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap8510:188:7zEvent28297
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4824

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\44f4a65edf7ae3ce4fbc50b03bc034b27d699e7a17cbd130cac07d78ce171985.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2992

C:\Users\Admin\Downloads\AteraAgent.exe
"C:\Users\Admin\Downloads\AteraAgent.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1094481207\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1630715766\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1853260289\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2552_192236181\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1965660498\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2552_1965660498\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2552_292247372\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2552_429178183\manifest.json

Filesize
118B

MD5
1c86577f2cd4d32c2a66df8ea2688d85

SHA1
35a17132f6e9fa4cf9f7cfb307870eef46b697f7

SHA256
312e962260bb133a4c811348a75396477d2bc284701393137cbdad971317578c

SHA512
ab8583a6c1e0f34f937296d12b9c045c99a8d5eb61fb36e797940cb0bd65f952eb99cfcd44c56ae45d6d14ff330bde0bfbd9cf5c18fb8296bf68a64b38ef7594

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2552_797945281\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000004.log

Filesize
1.1MB

MD5
c79c3552e08fc8121bcce4ba15911861

SHA1
115fb31db96375a298df292f9809bac7f9c786f3

SHA256
7a9cd476bc50c7ee70dbf2eec39294104bae64770f72b14a21cc374d0cee0064

SHA512
1913c250613d4f36ca5cc881e95940de0057545003222e515b8c75faf0d3a33b883f62fc825a2f4602a578e7009c56de791add1758ae6aabe221586e02bc6f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
a85a8c46de7c2d467273132c1c946a0d

SHA1
6b9bbd5e880dce231ee4022429282aa0788f4ec4

SHA256
c8e73bc8750b6831e124844e093c16dec34112e4d678fc12f084f59d04923b47

SHA512
134f01d26b3790b5f536bffb4891239ab61e474d5f20b9e214d5946a1e70903698ef74da13c40c21187bc7d5620f38188856d76fa83bbab0188334d0f1674248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
7KB

MD5
bc2a488279e4a224bb20816497dad95a

SHA1
7b5e70f4e84460773cabb3439245429a1c4fe351

SHA256
ba9b4941afc12124a6e79547e37be1a29218f37eae2314de672a5c34c0317897

SHA512
0dd4a01d1979169a8720671e4edb710f3bb8e6e2c2c7722e31891302d20a66f86f66e6b50968c409fc0686e85a014889113227ca30af9f03b51adaded02af5e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Filesize
151B

MD5
b21d33b94e73cd59dd683425953c1ff0

SHA1
9247256eca6b875ef3aefba7ca1ddb510021bd9b

SHA256
79ed58e03975c3fbbc0e4b4639d7921c1af16cb9649ed62cb1d57cd7c7648d01

SHA512
925d9fe34ad64f35ff6a43303f93a204bea0e2666db29974896e93f0a4e7c664842ee5a9c166eb74580cc04c5dd940af555a1937297ee18c405a93d8a0e4fa9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1ec8861f0b07f16c6b61ee8c6deb7298

SHA1
c20219ef521fbeb791a460ced9b2c32fa810c0ce

SHA256
73dc9e09d045cdb9cac5235668f45ec9f6b52c1c9ddc50343479f62885cd555f

SHA512
7ae8ab0606d4ed2175b4c1fcc35ca52c093baee8ae3ef2267fab101f812e3b85bed4242453133b339f85e0cd65ff52473e00cf94e908153c949ca4ff36e96a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ac7a528f844b6538720d225ac0aca837

SHA1
c1e2731ae42397b02dac7ed9bf0ad00de6350fb3

SHA256
b75e7d766f7dce59a3fb020e2613088090953b4d45eeffb4b8f9c6485a587dc5

SHA512
b0ae73fe585d52b12b585f6d4138da2e917cd6e5c038349712fb588cb45fdb0b2ed34c34a5c7fa7a1367bb604908236a29ea044816f647e6eee90b35e9a7d49c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57ada5.TMP

Filesize
3KB

MD5
c54a5e5ecc9ab04a671aad514d2e4b78

SHA1
20b11a89a019c69f8e547642085ccad8922faad7

SHA256
6544436a58ac6760e2e8abd0fde8df0a9c6c48b8c5f7c8b98b8ef59685862eb0

SHA512
9414f1d91cf755226fb36001c6cac63fe007dc31a63bf75a453a5a0d9a4b9920b94e5415ac13049832b71c528199bf09a0a7a3731553665a50bb8be54b5c2d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c85d9de02f77e5a0fb9524f37800d13d

SHA1
08162d175b3a8d73e6a52f902b6319b0528c0828

SHA256
1a99abe92eaa0423253f0d1a394e4ff822e3b644ee39fae657e8ba223a3f5962

SHA512
5663d387d311540d0d8d243fc6fc0fec4e6c32061d5cfc5d1de3571682f3de39cea36406b9962a45f09cfbf57e70057e2923bf6e710a954d5a99d1de02875885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a0d8c639aa123f05eef5107fc182d2fb

SHA1
faf7c7609c113396ac1879e0cd05ae1cf9a20e19

SHA256
73783d7c7a7a24e97a3991f45a7f0346ad76d093795bf79d2a7ab5b4543eb134

SHA512
770ac8106dc54144cde1b9204f07e6386c2bb00361b5f61dedf9387319a2627a8a23e067b38a6d19f2395060e716b98eec751ff7c2e1b3b708dab731ac7ac166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d1c72153a9c8061b031ba895c751838d

SHA1
6336bf2eb53b793f22e929af9ae34abca3ebd669

SHA256
d0639cc6f402830ddc910ab1490e4fc55581d90fbd39913f8f631c9acd394e67

SHA512
c77da47855b37d2ddce7c2b4a82bc436efb3b739c7a6b9ed58136c27f4ce465f74719d7150f397f91fad28fc38711b5088571e29463d5f88b7ed46631a5b548c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bc11b84b608c3b48645c3afc3d6a2cfa

SHA1
e13b65f509b17e0983305b8099694d46988ce787

SHA256
de2bdf75bd239b67da893e2c7b2e92d9ce84b9afbe6730de68920cb979fa415d

SHA512
4c072c21dfa5ba5fb9921e6ff00f89d7e5ac4b73f61301808fb9a823d315275f402b4da1ec9ea4db89bfe85e465c6e715b43d3479d61252ccf5104ac5caa110f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0f30f5c24637977fdae26355d323431e

SHA1
7e731128ae6019e68376ea5e5ca5e8a1e0c50276

SHA256
5d28eb170000a62bf8355d277f9ef3e644714856426eb2624553695a73d95c45

SHA512
8e43c3a46900d7143146166c0a3a66eefdbd5c35b4d76b22459af812d1b4f874f4575ca70c2cbb56a0eaf628970463d358ca16f2f9dc425a953e92b45294f8bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
8cb6fa09d22a74ef658917c48864bf7d

SHA1
738eda7846999bc1f97377ddcefe73f9b15c11b3

SHA256
a9afc8a7c1d255a7d4c13fb524fc7ec1ed1c201ab1aedc069035004e601a1c41

SHA512
1cb04b5dbbaceac722067ffa10b72ad4a7daba631770d45ae1850f35bfdd206da063987f72d1e953d850c7de83dc80f3d5a89dc1b81adc243dd76ca117597e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
bdc8dad1582b4a4009fecf8c4a9726d3

SHA1
6c9f68ca1531f42faf5d5e126ae9fd9facd6e789

SHA256
33524e0b2f995125bc81d16d82966088be11ea4bca7f731d51dbdfdf07328a30

SHA512
d9d0d7a31075b1cf0eacdd37149bb74fceb1c33e792ee2311c8ef236a9c187b24a8064e9e237f06c1675a0c083b453bb05169b96ec24b072ac28575fb8070acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
0a8dec6394443bb707b518e058eb3739

SHA1
b6e2fd39fcf6a1865bfcf8062586974acdecda46

SHA256
299443159f7e2ef3e742ae2fd86b22179ba7473055e795536e489b465ef7449b

SHA512
60ca953ab03853bbbf64e9e79b26618518ef275ea63c1b31746679d19f98375b793259b9e12f03add7fd188c084c99f551dcf8c3d3987ff4e0b86e57162c6c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
37def60780bb4fa19ed2ce0e9de89163

SHA1
e825ca57b153079b8131bd17de2eff469a7f6832

SHA256
817d415da82e499f2738b3b1addefb1461a93d8cff94b80ed78d23c020eba9b1

SHA512
581b0a59e8e21b02deb1a4ab9e504dd7fc08cfccff79274c3af24ca20e0bbd88bfc5ed58ff0d39839a4c89c3d98bf66487ae26def015607f8193d906228465a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\548e3de4-5f7a-478f-be3d-50e211f1a149\index-dir\the-real-index

Filesize
1KB

MD5
0ac4f6b85dbc52f64623a16c4cc1670d

SHA1
fd998ac7ac343639f397ec8e95de4cfe63752ce6

SHA256
9b8ea15ef5af0e109ef38bd850cff81c85f9da3faac4fe0598f2f34721854f39

SHA512
b19611532478b966485e679c431dae20fe2ccd946aa05ac43cea5f96f33852184b099c1aaeda9698306168af47deb1d9a0aaa15553fa690e2621b6260e12bbda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\548e3de4-5f7a-478f-be3d-50e211f1a149\index-dir\the-real-index~RFe5bf096.TMP

Filesize
1KB

MD5
e1e755b546296d6b76890030c08cfa3f

SHA1
637d4b2fb0f3736efe2842631c31eb595bfe18e7

SHA256
a60da3e24c08c00db107fbb2e54245805a8dd9a94dd7c3366b25d4c0c5ea5cff

SHA512
834322f1a6c4e3f624336d709569f524a0496d24ad7bc9a8fd535b6f32d0c4bdff3f69dbbff3bbca66d6bd533962145f4e9aa4987be9ad80dc884cbbef08eca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
8297208e2767820f79132d00e5b8bba1

SHA1
577a759667cd5d9e07896040215a5496cc53f332

SHA256
7974696dfac6fcb722de2698de1a924b02f8635f6b0b271b7a77c073485284b8

SHA512
b537251aca603f3948c521baca49bd729a085918ceb5c69c53a3bbd8e8db5ea7025749b29bcc397ca07cda17ff9210f148d491c34d961959541619d76f3c0ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
36a2decbe71289b3f2a30b90c435ce82

SHA1
65a0a412e21808b88f82b97dca23e714cf0d53ed

SHA256
32d3db3b91d15853f0daa583e0b4afb657a1e825268cd47b39d11943e08fa85d

SHA512
f863406f05567f7c9c60e83c7e8b8ec84c1df76cbef1bd703bc7854a41ddf0101dda3970227588fb8c7f3ad86861883d2048bdcbb240713ab81e7d52884e7ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
04904c07993061e0b6d08c1511680c95

SHA1
bd5042b9b1914d6ab4101743759eb2a35ef0f2e1

SHA256
b1d91e61afe9debdb49b2428c82aad109f1ecb4bab479f970a1f3a43ae84559a

SHA512
dc480e33e9ffc45a3c199aceae51246a209d1bb0820b79f7fe139f2b7fe4a96fd03074631b3495cb8748463e6672abadfb57ad3a6661242b2bdee0a703994bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
e8e339235ce7ce1a9964e465734522a9

SHA1
98cc1bcaaf19ab7598ce8e7a660e92b56c34f1f7

SHA256
b82e102405eb24f4e62ec01b5543d865b0097b7e49e60a928cea6ee7ef8d1350

SHA512
cf8a504a4c54437933e6a7dc4acd3c80ec2d1bca1c4aeb911afc87fc9e9a2ab3bac2d01bbedcb4e113996910dfba11afa6e1e8773bac3085bf05b996bafd26f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
18KB

MD5
b3bd1d03cf2753b20c19a0ca40e3d6dc

SHA1
53e8f413508be1096b75fa14817de1de32e93fec

SHA256
122f343f33c00e42f3c31ab3ab888d4aca075c9bbb27d5e76a05219f1b1ac910

SHA512
215b42547ca44fa349a8ffc0490f10c1ede68e131dee9288ae014f2e1246f901284d6b791f4db129ccc943dbdca4a6439d820f2b56e6252afe2ee23a41309aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
f605820ad52d056e49e969f0086a137f

SHA1
b32e8142e79400b3869635add370c9a585ac5140

SHA256
dd780cea4b97000481544f5e46f3e2d43914630a97e59a54221af4a71e721d65

SHA512
9a67b480498386bd9dfd0a6f90c83efbb5c1b7a8d5d5ebf48a09cc52c1ee9e87dbae99675def2558da1dd2893e57cbbecad9b0371fd142595138cd5e1f826283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
26d6bb9ad1ca58f5c9f6a94b28f76c7c

SHA1
aa082d7901a7cd300f13485d6a7991230ccc6629

SHA256
2a258599cfdeedbac0089ee745e84198c279f2385e1fe46bdd7a0889b9a9b4fb

SHA512
7789c59f043d62f79f014bfbe7cc6c8a20a5c1db3698d07e2410884fa36bbc81bc6c066a765b646a19fc848f09c2b46d4595db3b47f6d2c04bcd93049a078060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
fb16ea511babb43d89c75e50f4590391

SHA1
fd73ca176a6a5dfd5060058da7c9843c0094650c

SHA256
8bd5f7352474e237a8784258dd6d1f5dfa7574539494a55065bb4011df0039f4

SHA512
586917461a091481ec9d72820164ee60621df66bf63846fb7663de3ce8262010f7f7eecc7cbaf5012186040f1fdba05541fde3142a7176ece03fb6be9d87a625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
1b266f382667d35114ff0476484bc311

SHA1
3760c8c6af1e916fe40f72f0d514e44176dcb7c4

SHA256
21f3cc9a3e8fd4f436b0f84ad2d160779c578802de4867201b315f16b9a41fb3

SHA512
0a3de754594df7ae4f0481350c210bc3c26c43cf9abafc97931828ce0f8b7f5c5d1f832b16c63d7877d68bb42d2c1740c482e43041aa6230323f77ae35e8193e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
f4e749d3800672a4a5f27aa6f1f4089a

SHA1
82b7f320d2d4121c3dc62b00dacb3ebb5b46ed35

SHA256
deed391d35e86ef98d05039b449eee18f25c8c7c1307c3430a2dd7737c816e17

SHA512
e808481f08e43afd2355dcd0b92ffe73d08c9e6a78faaab0aef5d87418156b5fc85244c7f6a59b3ed5c0387cfa404947c47f828a1b79abeaad5c14212884d62e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
06920d83bd5547634646e5e2818453c8

SHA1
f8e13513fd71d3a06f3e53c2a197355c5c4463e9

SHA256
bd3afd5caada195f9efd0b3e1f9f3ebb2c53b98dc5efcefd2457a2242a555d78

SHA512
c750f8703a0ab85fe796365e95fd54479c95dbe8af46499bae0e9e8fdf48499f52af4dede3874c6743b4e9154b8601224eced6d4433b236dab4dbcd0c3a3460d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
1889cbcb59f68199d5ab9cb04fe9d2ec

SHA1
a0332cb551fc24a14f013adbe4dca79678c11ffb

SHA256
ed2f38ba7709439e31774c993ff74037cec0c7de853cd8220140bd5a369322fc

SHA512
6274df8397afc6eb5d68d4157a6d74e5dd7f7e0973ac58b8327dcf2f730cc11d6daab2cc5c4fdfcca5f997b6719fa86de3db70e37c6dae8027b4ac41c729bfb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
f85049eb6e25cf55f44704ea677f616a

SHA1
603ae7ee65770adbd78a08573b22980215724726

SHA256
2e394081eda7d7a4b9b83c46bedf9878400b0cf87d35940da43c660f710c306a

SHA512
394f8501872103e50b8e589fba319f8665bbd39dc7be04fb74b0478f41675e83148a3cfc4444b9e1ecd377e78e987a89cd7879db156b72c2c40e191c57b647d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
86973085d1db8c3c96adcf6b23c8451a

SHA1
1766028e82b85f7d8f987e6127ccd1fd373e91ac

SHA256
0efe5a28925650a5d3862b77df233f8b76f044afec5f54f966b6abdad40af7ba

SHA512
0a253190157732d9859b8cfd00e6aa8341d3cac15665a14febb08b584f8531f0af61757348ba76ab14264be079c26c041cebbcebb950f147010c096af1e167cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f2e92a0866ddb5d1c9842ba195702e53

SHA1
47e34438dd113bf88504a3516cdbfe068d0d826c

SHA256
097f3ce073e4693bd734c28a4455f2f5364b4cbfbe834a55b8c2aad27231be1f

SHA512
d69386df480ca587c12d8a0f36b1f781c423566232e189c572cad973411545ef13d091d10be3731283844205f7836bd5cee429a87127d75c67246a65c0c26332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
33e2d13969d920583060760105eda734

SHA1
77a6e52bae3d68dfafac5f957b14cc4e805785ed

SHA256
bd78a4bc0ffdf11afc241714d782728c27cffd4fb2998f61f6be98b1020f900d

SHA512
441e32a358179886917a36407e794b2e1e0bab302c353a1a03e42d0d18fe0fd497633c2d7c4de874cb03179fb17e0e0fb908084ea53352b23222cec1ceb0251f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
95225e698f3558f1c801f43fef8f804b

SHA1
4d818886921d477d9fb3c81955aa37e681a2a0e1

SHA256
1feb3ce579846e9d65a3d164b02155abb5bbf7f2cba94f6243a210eece7fd045

SHA512
374af75bd7192227057837a60641a66bd2e84d9901613cfdfcbe2ec926aaa7353863fc19ffaf7944918be4ac4e7e12c6ff5c433410413f5cfca3900c4980ba85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57f25f.TMP

Filesize
392B

MD5
50de5d94f9136022c60e86654bb0c534

SHA1
61bf679f3e24f7192bc0f0dba614648be44467e1

SHA256
0e8cb2d96034670571ddc7e9d0ab6082e86771f3c0798933d152bd3c5fee6ac9

SHA512
52cab6826d588ade12be90940c0a36f46ea989961ebae4bc3300324da02b9e2eb98d45fe5308c6c8ddb9abcf51c98e7f3abc8bc05c695a0a73a5884fca3b4dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.19.1\typosquatting_list.pb

Filesize
638KB

MD5
ca87451145b7744bee71724af1feca21

SHA1
3d99f1ad97326e49ef04904db63c312bd8c64612

SHA256
d03de614aecf8590e013746de46b715605b72445a14702edbda12b5ce2db3df3

SHA512
ef4a47b30b6b03bc73e4c876111af6d08f741998308bde635427d466d4800f8764ea94462f4bd9f13d21c9eff12cc3c2b8ac13433a8cef3f7aa5bc8395c4285f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
fe3a94576b4ec09d339ca04ea89ea346

SHA1
d7bc2a265967d52264c0caeb0af7e8ebd9a10ad8

SHA256
6ccf54a8954f92a33f2b13e3a7ed31e8fb767573fbdb87a8023a6cb102dea19d

SHA512
04f868450251a69a99b7728fa3e2552455749f9a1d46d65a1af21357bdf2f3b68002ce8bf0f0d40b66807c7589f1f834b9566fd5d985b4ee82bfba9b66ffe8b1

Download Submit
C:\Users\Admin\Downloads\44f4a65edf7ae3ce4fbc50b03bc034b27d699e7a17cbd130cac07d78ce171985.7z.crdownload

Filesize
2.5MB

MD5
9d767ccb34375a071817e4f8e7581219

SHA1
e27289849969fc05cefe3cc2cac25fec051e4ed1

SHA256
b50c29fa37da6ac050fcbed7e7ec6b847077aa1afcd4e9e8b39a8bf8b8427697

SHA512
81ba4f856097d70e7686617c76c79c8c92f33b8083aa068e71c04009e1de9365f69b30d44ed849305ef296d130cae6fe0f8426187f86b094276d4057dedd000e

Download Submit
C:\Users\Admin\Downloads\AteraAgent.exe

Filesize
142KB

MD5
477293f80461713d51a98a24023d45e8

SHA1
e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

SHA256
a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

SHA512
23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

Download Submit
C:\Users\Admin\Downloads\AteraAgent.exe.config

Filesize
1KB

MD5
b3bb71f9bb4de4236c26578a8fae2dcd

SHA1
1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

SHA256
e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

SHA512
fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

Download Submit
C:\Users\Admin\Downloads\Pubnub.dll

Filesize
588KB

MD5
17d74c03b6bcbcd88b46fcc58fc79a0d

SHA1
bc0316e11c119806907c058d62513eb8ce32288c

SHA256
13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

SHA512
f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

Download Submit
C:\Users\Admin\Downloads\ffcd2127529093b63dbfc09a8f3ea7c52b91aba6b60a7132fbcb23aa0d41818d.7z

Filesize
11KB

MD5
484fd1114f36312c70617d18e6014228

SHA1
e5b4c14af169dcdb991e820d230e095856a94bc0

SHA256
d339679e40aeec58e908704c467c53b1add951b75d222f238ebebcf33c251b73

SHA512
00caee643d11178ca2c03180b07e6d429c8b4de350a0ecdec735aa9d6e4b3eb95b3acd3002d087340de12ccc87be42cb2b354db481c97369e06120c80f2ad5e4

Download Submit
memory/1860-767-0x00000269B3BD0000-0x00000269B3C68000-memory.dmp

Filesize
608KB

Download
memory/1860-765-0x0000026999500000-0x0000026999528000-memory.dmp

Filesize
160KB

Download