Analysis

  • max time kernel
    141s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2025, 16:09

General

  • Target

    VioletClient_protected.exe

  • Size

    459KB

  • MD5

    eaf9c62f7cdb70a7a58524d9e209ed92

  • SHA1

    e287505193f0f4efef2a7aaa0d70ba86f4e30d03

  • SHA256

    7304c9b3a88f8d9a39979bde599a09f7f3e8eac2ec9368e8fc61744fb9881fca

  • SHA512

    34264e68b007094ea68b25be43117075a9f806f85e61b4923fe4d124a7271eff1297231d981b7a884bd82f947307ded3f9cb05a3adf33a612baa761ad5e2f425

  • SSDEEP

    12288:VOsZNsT9tIWr+qkM44sUxXqkSouWWmpBDP892t5nKYG/+C88WQvp6ZqofPx/1OBF:cC8

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 4 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\VioletClient_protected.exe
    "C:\Users\Admin\AppData\Local\Temp\VioletClient_protected.exe"
    1⤵
    • Checks computer location settings
    • Drops startup file
    • Adds Run key to start application
    • Sets desktop wallpaper using registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "VioletClient_protected" /tr "C:\Users\Admin\AppData\Roaming\VioletClient_protected.exe"
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:1296
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffdc820f208,0x7ffdc820f214,0x7ffdc820f220
        3⤵
          PID:3320
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1832,i,2184377737718815209,13833173755748208042,262144 --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:3
          3⤵
            PID:4548
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2308,i,2184377737718815209,13833173755748208042,262144 --variations-seed-version --mojo-platform-channel-handle=2088 /prefetch:2
            3⤵
              PID:3344
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2520,i,2184377737718815209,13833173755748208042,262144 --variations-seed-version --mojo-platform-channel-handle=3008 /prefetch:8
              3⤵
                PID:4156
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,2184377737718815209,13833173755748208042,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
                3⤵
                  PID:64
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,2184377737718815209,13833173755748208042,262144 --variations-seed-version --mojo-platform-channel-handle=3424 /prefetch:1
                  3⤵
                    PID:5896
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5068,i,2184377737718815209,13833173755748208042,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:8
                    3⤵
                      PID:4968
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3484,i,2184377737718815209,13833173755748208042,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:8
                      3⤵
                        PID:4852
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5696,i,2184377737718815209,13833173755748208042,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
                        3⤵
                          PID:5396
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,2184377737718815209,13833173755748208042,262144 --variations-seed-version --mojo-platform-channel-handle=5884 /prefetch:8
                          3⤵
                            PID:4592
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,2184377737718815209,13833173755748208042,262144 --variations-seed-version --mojo-platform-channel-handle=5884 /prefetch:8
                            3⤵
                              PID:3284
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                              3⤵
                              • Checks processor information in registry
                              • Enumerates system info in registry
                              • Modifies data under HKEY_USERS
                              • Modifies registry class
                              PID:5928
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffdc820f208,0x7ffdc820f214,0x7ffdc820f220
                                4⤵
                                  PID:3276
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,4757500853719523549,14348383100800066021,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3
                                  4⤵
                                    PID:1672
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,4757500853719523549,14348383100800066021,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:2
                                    4⤵
                                      PID:3908
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2144,i,4757500853719523549,14348383100800066021,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:8
                                      4⤵
                                        PID:1064
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4124,i,4757500853719523549,14348383100800066021,262144 --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:8
                                        4⤵
                                          PID:1000
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4124,i,4757500853719523549,14348383100800066021,262144 --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:8
                                          4⤵
                                            PID:4712
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4644,i,4757500853719523549,14348383100800066021,262144 --variations-seed-version --mojo-platform-channel-handle=4628 /prefetch:8
                                            4⤵
                                              PID:1156
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\VioletClient_protected.exe
                                        1⤵
                                        • Suspicious use of WriteProcessMemory
                                        PID:5716
                                        • C:\Users\Admin\AppData\Roaming\VioletClient_protected.exe
                                          C:\Users\Admin\AppData\Roaming\VioletClient_protected.exe
                                          2⤵
                                          • Executes dropped EXE
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:3044
                                      • C:\Users\Admin\AppData\Roaming\VioletClient_protected.exe
                                        C:\Users\Admin\AppData\Roaming\VioletClient_protected.exe
                                        1⤵
                                        • Executes dropped EXE
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:4564
                                      • C:\Users\Admin\AppData\Roaming\VioletClient_protected.exe
                                        C:\Users\Admin\AppData\Roaming\VioletClient_protected.exe
                                        1⤵
                                        • Executes dropped EXE
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:456
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                        1⤵
                                          PID:640
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                          1⤵
                                            PID:872
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                              2⤵
                                                PID:2728
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                              1⤵
                                                PID:4816

                                              Network

                                                    MITRE ATT&CK Enterprise v16

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\VioletClient_protected.exe.log

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      fde7cc81ed0c50e7ce18702102f19ace

                                                      SHA1

                                                      e9f02b348fda9b22bb3999b4ebef4d366f153086

                                                      SHA256

                                                      00ac4add3fbf73f31bdeb249969dddc68da554c9e9383ec524d63c64dc3f4b53

                                                      SHA512

                                                      75bf55c4f619948f16e29f51008d026e7789eda82615f566b150d54f5769b64d7fe1a6ff8be458e2630be621c551183dfe272ce0a579024065cbc2b4b26f4bf5

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      cfab81b800edabacbf6cb61aa78d5258

                                                      SHA1

                                                      2730d4da1be7238d701dc84eb708a064b8d1cf27

                                                      SHA256

                                                      452a5479b9a2e03612576c30d30e6f51f51274cd30ef576ea1e71d20c657376f

                                                      SHA512

                                                      ec188b0ee4d3daabc26799b34ee471bee988bdd7ceb011ed7df3d4cf26f98932bbbb4b70dc2b7fd4df9a3981b3ce22f4b5be4a0db97514d526e521575efb2ec6

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      280B

                                                      MD5

                                                      36326fcbb6119326e7c8aa24c4156548

                                                      SHA1

                                                      ed128a9727e1d58b970e732b8c66fc827b18372b

                                                      SHA256

                                                      ac41191dcaf36d91f7bd9a077bc59b1bd7218daa27b263d1da6a548f58264987

                                                      SHA512

                                                      ed5c79f1edc0c65a1cf0ace91ea5538245c1569c3b25ae3cdf033ffcb55d37e7b09baec36570e82fc1525c24224cea08a53abab7e52db6376f48f099ffefd1fe

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      280B

                                                      MD5

                                                      59d3e3ccb8d73684023b287c1dc4650a

                                                      SHA1

                                                      f989d6d53547697667335762bd843a6b26ea04f5

                                                      SHA256

                                                      da635f10f1c92925f0579ebbfaccfe6512a81255722740213808bc39ebf5c6c7

                                                      SHA512

                                                      038d405074d54756d8b0daafdfb6d0b9382bbfc40b2a2e630b92fcf797fca05e987d1c3ae0e0240f21d55216f51d3c0bdd88a7bc6ebea11b72ac1fca36309e28

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

                                                      Filesize

                                                      44KB

                                                      MD5

                                                      42d56addd27d7f2fcb7694c36259c02d

                                                      SHA1

                                                      365f3810bd8a1040f206a3ce529bee45bf5350ed

                                                      SHA256

                                                      51c74d9a9d9938e13479f320a06d6ccaa5fd060ebb52c6152932d682a7c86885

                                                      SHA512

                                                      86c6ad0714ad588dbaf382f9280e30bd8cc22a56e6175462d141e76f3277441b5849bc3fe1cd32d8a89f6f72ba65202a3ca6627e4c3f28017dced8618e41ffe4

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

                                                      Filesize

                                                      264KB

                                                      MD5

                                                      9a7976ce23236bf20f863da30a3b92d1

                                                      SHA1

                                                      0c9da7497cabc2bba5cec1057551cc45a193be20

                                                      SHA256

                                                      943d3886430a879c838b6c052829891ca42e5beb7bbf965f2ef0ee9c02ee2d33

                                                      SHA512

                                                      cc3512cf651736d4aa6b9b0749eab6b475f51c52565ca3b000f1af330fbf313a13732a3651d078dd1f7314382163e822b8a1541302b8413c01776bfc8f34b1db

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

                                                      Filesize

                                                      8.0MB

                                                      MD5

                                                      114d538e3fb2a17030ac9f542e0fe992

                                                      SHA1

                                                      d60de1e5150e94043fe6d46fa295423dc3d0551a

                                                      SHA256

                                                      0bf5885c42aa5b47ca11d5e8e6f188e67de6e4ad37b3f191c76fb41199a70133

                                                      SHA512

                                                      b5449b1999609efe09833e1b72fca8e03edf5f7ced9c578b22f2bca0c6d547ac2a8e587628b74160c0bb49fe166e3793694fca3ee8f4c2923659898c4cc05871

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      3KB

                                                      MD5

                                                      7e41a9377c89fa0beae970953e0859ac

                                                      SHA1

                                                      600f92946502f374cfb3e11e8747ed92ffe0ddd0

                                                      SHA256

                                                      85cfc12e48c08a479c2d63c87f1868209cfbc181f35005c0fc70cd423078293a

                                                      SHA512

                                                      495b1b936ea2e6a95c5e51533434581d17e3c9bc48afc2532aaa9add10bb24808f49edee279e448eb6f95751c1a07c4ffead3d327484ce4cf8768c7b3a4052ca

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

                                                      Filesize

                                                      264KB

                                                      MD5

                                                      f50f89a0a91564d0b8a211f8921aa7de

                                                      SHA1

                                                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                      SHA256

                                                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                      SHA512

                                                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                      Filesize

                                                      2B

                                                      MD5

                                                      99914b932bd37a50b983c5e7c90ae93b

                                                      SHA1

                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                      SHA256

                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                      SHA512

                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                      Filesize

                                                      343B

                                                      MD5

                                                      f547333cf863cff2adab2643813861dc

                                                      SHA1

                                                      1ea22d3757412fae4b5543833eaa34bb322d423f

                                                      SHA256

                                                      0ca509286511094706de0c70fa89a03a739761a16ffc36a4714b6328f43c7a13

                                                      SHA512

                                                      0ba14a53667056756cc4af6206d5148d75d676616c24901404c6f530f5317c748e02f7a8642f828c66375c7b7c41d9bcb3ebf5692e55fddb05f4c3456573268e

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                      Filesize

                                                      32KB

                                                      MD5

                                                      f996dd5de1b31006dc726733b007ddaf

                                                      SHA1

                                                      3ce779ac280cf569e83359dc75ce2591f04d4b1d

                                                      SHA256

                                                      564873a7992ace1feefce44c3e929dcd9902de83261c39b963b8d563379c201e

                                                      SHA512

                                                      10f03594e572b54940425361cf9bb6788941c724bdada101a52ca091fb3c146e8ff363093d850649d88f0f45702cb27ad49c136cd572b12380f054a9a33295cf

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                      Filesize

                                                      319B

                                                      MD5

                                                      bcac3edefc6b5c69aad9d9a79a9d25be

                                                      SHA1

                                                      85b67e504e43d00c75d9e932800c67193062fc11

                                                      SHA256

                                                      774fb4e37ac5f4050e3775b4bead20d3b637849c050bd7b83435a4c44c1a3c56

                                                      SHA512

                                                      c1aff4743baa7fdc9e9a8d29c8c71edebbd84fbd5049f016cf9e7bdc2e418dab3225a029bc63be27c40b65cad16ab7348262ba442094da4e7afac6e18b43f033

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                      Filesize

                                                      192KB

                                                      MD5

                                                      b6a1c9759ae6494f2b772b95778d2f1b

                                                      SHA1

                                                      c19df5dcbce538aa8f98e4c663a6e5839c8ab02e

                                                      SHA256

                                                      055c060f444c578ec1c409f5033fec4c6c82f1d0a3c3419848b7d0c3ce403ebb

                                                      SHA512

                                                      d0cf9b134ee6f44965a919bede241860bcf42168251540c16982315b503094a7d35c061663e2201614a4e67e4bc873da77dd57ab5972b73532a30b925a8d9c77

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                      Filesize

                                                      108KB

                                                      MD5

                                                      06d55006c2dec078a94558b85ae01aef

                                                      SHA1

                                                      6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                      SHA256

                                                      088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                      SHA512

                                                      ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                      Filesize

                                                      331B

                                                      MD5

                                                      40102d256693ddc75195854b8dddf1c3

                                                      SHA1

                                                      9a7bcbe89c067c6f2edb03d7d94061f34ebec336

                                                      SHA256

                                                      62d3f2e867dd244d68c07ed61e4ca089ea396bacb984a8515d07e99a3de0666c

                                                      SHA512

                                                      894715ce2d3165d449fbf9ef049ce95085a4ca9916ccec763f2084a82665fc8ad438f153d9415ad5b8ad81fb5bb506b88508f626ec535aafa9f9ffd447fee2b9

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      894be9bc9085514a2e09b4c51ff38d7f

                                                      SHA1

                                                      e6e106b3395a0ab1822ff112620cd6a160fac7a6

                                                      SHA256

                                                      ad9ab6a403ceb6b1162b64ef510327915b9469cb37cc6401c95e7e82d6efbfcb

                                                      SHA512

                                                      b2b1fedc67d2439a5ddfd3998bef0197596275b64f424d3ad843808880b78865405e0c8df9f9fd2db664ecae2693c2d8750a6b18fdba7db6adc90261e9a25c9b

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                      Filesize

                                                      40B

                                                      MD5

                                                      20d4b8fa017a12a108c87f540836e250

                                                      SHA1

                                                      1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                      SHA256

                                                      6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                      SHA512

                                                      507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\e64043f6-4113-4a62-a96d-fca81b47f7ea.tmp

                                                      Filesize

                                                      2B

                                                      MD5

                                                      d751713988987e9331980363e24189ce

                                                      SHA1

                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                      SHA256

                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                      SHA512

                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      6065a2c030675cfa66b0747f605189e0

                                                      SHA1

                                                      49732d825b4ff6d3e452712f9a2f0f7a178395ed

                                                      SHA256

                                                      2dd768748e8b562fcaf00daa0c550ed8d0faf9ffa92b579dec2995bee641bb81

                                                      SHA512

                                                      4abb15f2a827acbefe75aa0bdb963e2d2bffad798396daad6f4ec46818520a3ed6e867c8f04ec601ee4999fa7a2143489286db4029c73fe0ae8feec0bd7b1464

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      15KB

                                                      MD5

                                                      d260a83077599164396a1bb49efb9897

                                                      SHA1

                                                      0cdc3f02ae26cada071ab3d7e0017ea57fefe1e1

                                                      SHA256

                                                      31d4dd16e5f58d6fb6e4c262e66eb9e8928e43fe6286de94f0b942f7d7525662

                                                      SHA512

                                                      5e9c0e418f36a8ec85476a805caf0250522faac3a1f553eaeb5d4867d7f0523b031154cfc68d553d202f6e1a49270275e824f58162cb58cbc44ed0399fcc5229

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                      Filesize

                                                      36KB

                                                      MD5

                                                      8ab584c846e7b8719e79431576431aeb

                                                      SHA1

                                                      1af5577a93fbc4e690abb3457901a2b24b7186d5

                                                      SHA256

                                                      9f9de13baa86b09bc1d435ff99f6aa0e21e9757dea7bbd5f0890c550dfc2f071

                                                      SHA512

                                                      4df51f14409413a614f2af5d7898021865c0aa9dadd162bf5d4cf155662cead0bf68aea786d97c931e147462adae41490d2d7207b91735b675787990840a9ca0

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                      Filesize

                                                      338B

                                                      MD5

                                                      5ebbd9b4de6465eca6f82cae7188ab3f

                                                      SHA1

                                                      e0a10579a033d8aa4b8fdf54daab4488cd3b28b8

                                                      SHA256

                                                      c2138309926298b80fbb1fe650fbcd51bf8657eab03cda200fe0fdf7a80150ac

                                                      SHA512

                                                      9288bd58e2b7df30f16ec710b5ba6eedd7decf3599d2ae91df843a1cf0df854b5b1c84921c61f81d25ce282100556558977d11bdd764abe3794542966c07daae

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                      Filesize

                                                      350B

                                                      MD5

                                                      14d2dc9defc7d751e406ce276fe6f2a1

                                                      SHA1

                                                      1e7dba87a4c4d2481c20dfcf1b8df503242284db

                                                      SHA256

                                                      0d614af9d8fa94faca4cd27b8e36fb862c5c109feb1a8db15f0df17150319669

                                                      SHA512

                                                      d11520c7cc381999deb16f5a2f8e6fd6f1c7b19060c3226ec3fc5a4f015bb4833227158dba1957855575ede909b281508678e94023e8a403a4876c049d94e5bd

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                      Filesize

                                                      323B

                                                      MD5

                                                      67f7039a75d8378dc16bc7a4a6e51248

                                                      SHA1

                                                      29e50751f894ed11219f8e5c098ff9dc778dd5ab

                                                      SHA256

                                                      b82268053401814ed844d97f8bdffd9b03a0ab634e609d487088b1b0b8474f2c

                                                      SHA512

                                                      b4229c5970406a6aa402478a030fa1f86611cbc8a14a6b24c84adbb6476a3a99709fc17ca609acc66b63bed272828f83f82367d1403cb0f95c503ebc44100076

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                      Filesize

                                                      22KB

                                                      MD5

                                                      a84ded1957f009e61ab3e93e0b6442dc

                                                      SHA1

                                                      bd58dd172789557a24fe25d31cd220e4794f88bd

                                                      SHA256

                                                      d487cffae8a6728f74b3ea1f14863720c516be79bb52294602d8eef0eb074747

                                                      SHA512

                                                      091f51f034abdc5d0b8ea71cc3819ac5b45abb91eb40a9f7fb1c87c921f90a6e7c0b452cf92ba2e5a7a5668e75b1a15ca1dbe21cb92f3bcb45b5820cc16ea24b

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                      Filesize

                                                      25KB

                                                      MD5

                                                      a5e56150a28f60997ef9129051dc1d59

                                                      SHA1

                                                      399daa0518be8c5a1d295de5061fa94475ad7447

                                                      SHA256

                                                      c74efa8df203bc824af791e07e11ffce93fe4f375bf84a75af348647ff537415

                                                      SHA512

                                                      ff359ef9851a256c228c07f9d1305488f0a687cfd9c56e4f19d2af5710201cfb308e06b7f0d71fb1c35bcd08702b4c17630ac430f425b12cbd54e9104e3d0453

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                      Filesize

                                                      128KB

                                                      MD5

                                                      d1f9a1a945298dc40fa5c98ba379c77d

                                                      SHA1

                                                      96b527884a744c8d37a9d5f1d26e83bd3cf38da2

                                                      SHA256

                                                      f06c9c32e7e5efff0e137b68bebcb3c3cee87578f20f6e5692c0c0c472f241bc

                                                      SHA512

                                                      f91bc378ef7ee5d7b1fe0526e6bc6bb307d05e57df17fc62de277cf2d05da8f4821f2154334185024bc371162355c708b719d21bca54aa86a08185a7bc27d1d0

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                      Filesize

                                                      228KB

                                                      MD5

                                                      052df8fe64414f4516e8f7f7124a1de7

                                                      SHA1

                                                      64fb383adf3f4140f95cdeff4febc691ed061061

                                                      SHA256

                                                      4062bceda97a1884cd38de15b53f8a5b16b84b86ef311a9ad8e2977ca27a2ae0

                                                      SHA512

                                                      f3dad7858bc64ffda8d357920dd17970f1abad31795bdadc9c6a9baad4999c8c2cb9b55f5ebecf6630f10c96c30131daaee3e8737efd2b5ec6c5b0d9d674b90d

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

                                                      Filesize

                                                      13KB

                                                      MD5

                                                      256c40bace492c4e28451ce149d2f9ac

                                                      SHA1

                                                      b48b0eaf986b9efc91d5c8dd394dccb6d82e2adc

                                                      SHA256

                                                      f9e4da319fe1f5a7d497c452421f4648a24ec7588f309ebea0f0cd61a6251eef

                                                      SHA512

                                                      33b38d1ced015798722180fc8c8ce6daedb18cd5d0e4b3db27d6176c13cf3ccb1bd79f2e68ca390d6eb43ac508c29067e8f1a3ee9f0167cabe37ebbddf6b0ec0

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      da0b82a7d7ce52a29db9ccfd47aa0e1e

                                                      SHA1

                                                      4fc49a5dce61a2d274de349bbe6d23996287e2c2

                                                      SHA256

                                                      c499b25989fe5ca0d9a5930161da3cdf3f4fbac5498e4d123bee2c44f0885758

                                                      SHA512

                                                      feb33ec4d1e1cdd1e5d57dce5d4faf3963d8fac279daa56558860500b2ab8ac53089e46795bb01f7a9a14fdb11950a27a7444bc42c90ecd235a8e75148aaee55

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                      Filesize

                                                      10KB

                                                      MD5

                                                      17e6ffa94bd478d302a886274d7261b5

                                                      SHA1

                                                      d1db27d0f929b3985d71838e877d5b8d5b2cc35a

                                                      SHA256

                                                      0d1b594ff94baad6a94830ed02a87f5af269e2ace6c92db844775037f0094fcc

                                                      SHA512

                                                      ecbf4959b12284161643bdc832dcd926460807bfa92772b8adb7a2e2246d6e5abd9fe6b37430ed45b084e1a804f92819fd5d19e4086dac12c873f81f9c93b8d3

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                      Filesize

                                                      319B

                                                      MD5

                                                      19af77e639f2483e19cc0c2ca35c64bb

                                                      SHA1

                                                      00716412c0aae75774645d943ac5c7a7cb64d5c0

                                                      SHA256

                                                      fc7f9db41974943c5e9aedb19a11fddf7544d094f922350dd818949260e350c6

                                                      SHA512

                                                      bdad09747e8c245c6dc750a8e29196c5c13379249ef969da203981644b1f43f37bd8c337729b8cfb0d0dfc7a0e52db33aee1a15bbaaaaceb4401a67042964f13

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      df30064d2ceb0e92b6f9163215badcbf

                                                      SHA1

                                                      a879c1d2bbe30df3274d4e502fbaa7ba6cfcf993

                                                      SHA256

                                                      9b8436c810e5791111faf60772413faf41785d3113018733a265e8bed8d7dfa4

                                                      SHA512

                                                      482e3d214efe1a2d73a9b2e8b699f4de6be1b4b8b90f07e7a21bc152adf9bf6fdd4b9e1aae82289adb823d7b33b2b89d6f06db8e80f87e2ca4fd1b6aa6d1b4bb

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                      Filesize

                                                      337B

                                                      MD5

                                                      bcdb4eab065e4334a84a1fac49c5778a

                                                      SHA1

                                                      a8410f1247f61fc924ab987340e451c390dd5d14

                                                      SHA256

                                                      3382bce8070288ba49cbb8539eeaa49ab1f4286d7c20bdca2e9f67a4c95b5eec

                                                      SHA512

                                                      1cb7c55e608ce3d0f1205dea80e6f75e6b79a62047e66ab8acafd9b4891334f85c9666d7340d061659bcc28c1a283ccacb6936ab81bfd5bc6b7c2be668dade41

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                      Filesize

                                                      44KB

                                                      MD5

                                                      1a096e210d71cf13e0289efa48f24dfb

                                                      SHA1

                                                      181f13fb66406ec82fa0ff847b77068eadddd61d

                                                      SHA256

                                                      e135935beff12a678b780c6a4430b03ef503718d81cadbc08f6d1f5bf0fe285f

                                                      SHA512

                                                      14422bcbde35748ec7a64199d9e60912c9e3c96737dfcdbc885e47f41cb17fa3af73087c07598ec10c0f3fabed1b833aea31f6527acbe0760ddf9bccba80afc2

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                      Filesize

                                                      264KB

                                                      MD5

                                                      e5ef1426e55a854ff2234f80f7ec4159

                                                      SHA1

                                                      8e5e7cd735c1a7dded3402b3ba748e4411747605

                                                      SHA256

                                                      36eb7417f3b0d12c595078d8f34579ea8043c6622f806835971bbc4698d81e80

                                                      SHA512

                                                      9ee84ea42a04f90537c4d53b5f7bb8ae27f25a54d05c59a65d8928372e3c66f8f58f3823d457120ee38f6822e0e05f4792853d534db508e73b43fd11e66cfbf5

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                      Filesize

                                                      4.0MB

                                                      MD5

                                                      e03f6fc5eae46bba4d08437065fa2770

                                                      SHA1

                                                      e85672a1b2fd896b0c24be2aae38b107915b4b21

                                                      SHA256

                                                      3c3418d4548cb681c37c2ba299d1c78a05efb9411b16d037603ef6e63efce3d1

                                                      SHA512

                                                      b1db03d8e4f34953eac198121e96a78cb81f6add4e9fbc10187d7aa11a7aa9602365d90945be4ea9acbf1ed55b42653c844847d2b94075cd4d4d6ead5b5e075b

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                      Filesize

                                                      264KB

                                                      MD5

                                                      e08b1defc5fa42f0f0062c0be798d02d

                                                      SHA1

                                                      671be69bfe80c7723e507ca876292a54de467e32

                                                      SHA256

                                                      087367ccade596b5546fc0a9385cebec4e1602d5e79438a368dd47695450a1f1

                                                      SHA512

                                                      6269bec5063a79d01fbe2f58e695b72077ca27cfcc6f0274cb7b713a589a9da0c40f7ab2d7d80b60fbde3f883cd26f17c17b35fccb7acf69a281afed73e57aca

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                      Filesize

                                                      120B

                                                      MD5

                                                      a397e5983d4a1619e36143b4d804b870

                                                      SHA1

                                                      aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

                                                      SHA256

                                                      9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

                                                      SHA512

                                                      4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                      Filesize

                                                      13B

                                                      MD5

                                                      3e45022839c8def44fd96e24f29a9f4b

                                                      SHA1

                                                      c798352b5a0860f8edfd5c1589cf6e5842c5c226

                                                      SHA256

                                                      01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

                                                      SHA512

                                                      2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      48KB

                                                      MD5

                                                      9e57028c240594ae12b252c36ad686ad

                                                      SHA1

                                                      0102ab0a1d0105ab9e05b5663a451bbb9133b194

                                                      SHA256

                                                      238a53eadf45b4c408a8664b5e886915bc26c0bf48430840bb66c68d634b68f9

                                                      SHA512

                                                      d8d90777dc1d8f51089b8df31a279194eae9e1ad930bdd4a522d3f59b3fd9c6b1b13dcfec5d15d3885a0223fea95931dce8a68e6b79f115f27fd4e99399be685

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      54KB

                                                      MD5

                                                      d123b68c8eb714c7ec6a15d05e5c6a8b

                                                      SHA1

                                                      ba3475d21b7156cd46d1dcbce3a055cd171449e1

                                                      SHA256

                                                      7a3ebc660a90a4cd5bb84ebffa33d9559972a38ce9e28760e88d3550c02438fe

                                                      SHA512

                                                      825cec83da1201de17227da692f4e0f7cdbacc1bd18e305b6ec6840fcaad7ab3bdc2a3c2785a6a64b9b3401a2d4414c83ab387ec768cc1495b76c0e58cb77bdf

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      54KB

                                                      MD5

                                                      de5c3c4331eefaf834ec86f8014e3158

                                                      SHA1

                                                      ecbd704107513a36c8a3b38f157f5f115a426078

                                                      SHA256

                                                      c2c0ef0808098f38c9dabaa30261a9c790350609ca070a4a9f17df04e3f1827f

                                                      SHA512

                                                      6200c8b840fea21e086d2777f7716a3861e9da538908d92417c3cb29aaa92049336859903f7975c1d28034951ea2818620290d2f880d0cf2e0160ee982505657

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      40KB

                                                      MD5

                                                      ca38e580b3429225c208a6dffbd4ee53

                                                      SHA1

                                                      a0d1291ab5cdd53092d14bfcc02fd58ca8097c67

                                                      SHA256

                                                      b32525bee09109df6827b314d2557f885f14eca838cbb9d939affedf42a13028

                                                      SHA512

                                                      3adbd28acfe86346961f3c9c15e3c7a6f50357b45b09d1b6c9e58229247303ccca0366d208831f49b1693b22840625f0f15a0dcb5c48fdaa35c4a2bb25a5bf5f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      40KB

                                                      MD5

                                                      3e9ed75cc14e09fcd8c49a2c7bad63b9

                                                      SHA1

                                                      8479dcd133586769c38ac844b075b69801cbf6de

                                                      SHA256

                                                      ae49d33bedc3dfdd82480c73f6399842b573428864e6d43a426a2678b9fd9350

                                                      SHA512

                                                      6f5e46a78c9b7f07f9254466a4f470fc26c92163245daa85e7a33aa5b8215847a680f531c3a5d6cb0ad4a914de24d81342ad75ba3dbaaf6675acb7a3938308af

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                      Filesize

                                                      264KB

                                                      MD5

                                                      36b37431f6f230fd65d1f9d1212a7462

                                                      SHA1

                                                      8be2203b22898b9349fc70b67618d3c033ccde86

                                                      SHA256

                                                      85b1c2c0b2331a7d480699fd8040ba7046f2510ebd9b8010bb0bfd29b8a20d3e

                                                      SHA512

                                                      ef966842e1ae47b372f92d53eaf45df1776fbf2d86f920ff11075846ffd1eb69088d9abd717812226d22b175a8db4e9c86a4834a118b5402bca052427511116d

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

                                                      Filesize

                                                      86B

                                                      MD5

                                                      961e3604f228b0d10541ebf921500c86

                                                      SHA1

                                                      6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                      SHA256

                                                      f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                      SHA512

                                                      535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db

                                                      Filesize

                                                      68KB

                                                      MD5

                                                      b732993fee92feef21e1c2e9aa1fcc0f

                                                      SHA1

                                                      b8bffce1a85e8f568ddcfcc7e0f66b29cfcce13b

                                                      SHA256

                                                      43bc697650b73e2fdd4b361e42fdf601afee195af55fbb6307bf3a08263f810a

                                                      SHA512

                                                      6c196ee8d757d793a4f37fd874126d1abbb99b28aded0f84d48d6fd59480079a0b8d8226acd02103fc9c08e84d29286698d91b8dd356e3793de380a04431054b

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db-journal

                                                      Filesize

                                                      4KB

                                                      MD5

                                                      05aa68357908cce2f8ac7a451c9f38e0

                                                      SHA1

                                                      944eaa680aae8aedcc039aaaf2994874b46161ee

                                                      SHA256

                                                      5b8b50676535c7a0454fea4b6c99dd88b9d07b1abe9f6589830ef6480a7df950

                                                      SHA512

                                                      ab8bdff49f75d449aab17a19c84e29c40639e2fcef114d8e91e18f95edc11f5f314975402f553d1118dd7f1345802b324d70a77b62d8b38d96622581ef73813d

                                                    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      98f225383546a5180c8f7dac9a2b89b3

                                                      SHA1

                                                      cf1507013516322fcd8b6d9ca362210faf85bb75

                                                      SHA256

                                                      0b59168796dde7a57a0395ebe127330bdebc2b811f7a396bbdffd31b4696eb0e

                                                      SHA512

                                                      010e94ac619c7156a9b3b991b6fd051fd9936868455b67cf1464a72ed991fb01940f78822bd9a3a4e5a6c0f1984cbba31787f6f49d46568b251c8b548b51d128

                                                    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\8b0d4544beb97a69dbb9583fca5575a9aba6e37d.tbres

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      242d70ea68443de3f4e4ce97bb3a2ea2

                                                      SHA1

                                                      95fe1b9e532af7c183e98ee56ae7e14dfb2d585b

                                                      SHA256

                                                      c87154c8c04c189a7f21d66f473c6e86a7864d02b9abfc76c152d287b22f4d05

                                                      SHA512

                                                      5e9ab252a896cf69539e4805df4522fddd8e37873022afe80bf309745f91989969cba4cb9ced85a509818e053d1ebbb6a61d22507badb7d6bb0c3bc0f0d5195e

                                                    • C:\Users\Admin\AppData\Local\Temp\cv_debug.log

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      95295cf39d7af2bd92c78c5ab4cbcb9f

                                                      SHA1

                                                      11e2fec332eb4463c5d532a1d54e0cc6701cc12a

                                                      SHA256

                                                      a6fd452413a09305025cb23c52d7663bae2a2ced8c55575a4f3acceda3217f16

                                                      SHA512

                                                      8e3767c70fe22273b62c7b12bd5120bba8cf93a9b7dc9696782339ec7af981cd443d9f0bd36eb242dd1f44ab9867954790d0c83179d795cf3ee657fd953eb933

                                                    • C:\Users\Admin\AppData\Roaming\VioletClient_protected.exe

                                                      Filesize

                                                      459KB

                                                      MD5

                                                      eaf9c62f7cdb70a7a58524d9e209ed92

                                                      SHA1

                                                      e287505193f0f4efef2a7aaa0d70ba86f4e30d03

                                                      SHA256

                                                      7304c9b3a88f8d9a39979bde599a09f7f3e8eac2ec9368e8fc61744fb9881fca

                                                      SHA512

                                                      34264e68b007094ea68b25be43117075a9f806f85e61b4923fe4d124a7271eff1297231d981b7a884bd82f947307ded3f9cb05a3adf33a612baa761ad5e2f425

                                                    • C:\Users\Admin\Desktop\How To Decrypt My Files.html

                                                      Filesize

                                                      716B

                                                      MD5

                                                      d945801bb65b57524011cf0474ba0f0f

                                                      SHA1

                                                      eb4708741bb6dbce89239ddc1dad3a43dfb4403d

                                                      SHA256

                                                      ff1afd836f4bc07130484d89690d8251dd10218cc15b5a15fa04228376f55268

                                                      SHA512

                                                      cc2d9b4f5467ea53f05f65d76047c7f9e9f6bef8dd618ae9f834cadefaece4ea71e7d3814c32be7fe3c4bad0b27d6aafb27b1b5a4dfcfb53e928356dd92abc21

                                                    • C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.ENC

                                                      Filesize

                                                      16B

                                                      MD5

                                                      f5c4fca52ede7a1173c28186128056d3

                                                      SHA1

                                                      c5184c28a972a646c8a3fe68f3c25e77ef2612af

                                                      SHA256

                                                      0bfe4ec1ae3f35ea64a3976443ad90f2825528df97c96a501f9a97af0fd74435

                                                      SHA512

                                                      29694fe89b3037a0ca1ee95382791ee2f3c4a9dd0067f41cf1152234fd45c3282bd43ce4edcd8b8c015868a21df78cb9b2d52e145d1caa4a5e04d0524092da1b

                                                    • memory/1388-18-0x00000000013A0000-0x00000000013AC000-memory.dmp

                                                      Filesize

                                                      48KB

                                                    • memory/1388-14-0x00007FFDB8F20000-0x00007FFDB99E1000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                    • memory/1388-13-0x00007FFDB8F23000-0x00007FFDB8F25000-memory.dmp

                                                      Filesize

                                                      8KB

                                                    • memory/1388-0-0x00007FFDB8F23000-0x00007FFDB8F25000-memory.dmp

                                                      Filesize

                                                      8KB

                                                    • memory/1388-2-0x00007FFDB8F20000-0x00007FFDB99E1000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                    • memory/1388-1-0x0000000000D30000-0x0000000000DAA000-memory.dmp

                                                      Filesize

                                                      488KB

                                                    • memory/3044-12-0x00007FFDB8F20000-0x00007FFDB99E1000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                    • memory/3044-10-0x00007FFDB8F20000-0x00007FFDB99E1000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                    • memory/3044-9-0x00007FFDB8F20000-0x00007FFDB99E1000-memory.dmp

                                                      Filesize

                                                      10.8MB