Analysis

  • max time kernel
    111s
  • max time network
    114s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250619-en
  • resource tags

    arch:x64arch:x86image:win11-20250619-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30/06/2025, 17:52

General

  • Target

    https://www.mediafire.com/file/v04wcs9dlfq5ke0/VanishRaider-main.rar/file

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7213845603:AAFFyxsyId9av6CCDVB1BCAM5hKLby41Dr8/sendDocument

Signatures

  • Phemedrone

    An information and wallet stealer written in C#.

  • Phemedrone family
  • Uses browser remote debugging 2 TTPs 5 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Drops file in Windows directory 8 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 4 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/v04wcs9dlfq5ke0/VanishRaider-main.rar/file
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x308,0x7fffcc5ef208,0x7fffcc5ef214,0x7fffcc5ef220
      2⤵
        PID:5588
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:11
        2⤵
          PID:1976
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2188,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:2
          2⤵
            PID:2212
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2500,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=2652 /prefetch:13
            2⤵
              PID:652
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3416,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
              2⤵
                PID:4256
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3424,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
                2⤵
                  PID:2440
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4800,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:1
                  2⤵
                    PID:2508
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5132,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:1
                    2⤵
                      PID:3012
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3400,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1
                      2⤵
                        PID:1480
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5128,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:1
                        2⤵
                          PID:1356
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5480,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:1
                          2⤵
                            PID:3820
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5712,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=5748 /prefetch:1
                            2⤵
                              PID:3828
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6000,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:1
                              2⤵
                                PID:3268
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=3504,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:1
                                2⤵
                                  PID:3036
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5460,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:1
                                  2⤵
                                    PID:2344
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6484,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:14
                                    2⤵
                                      PID:5872
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6592,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:1
                                      2⤵
                                        PID:4168
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7012,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=7024 /prefetch:14
                                        2⤵
                                        • NTFS ADS
                                        PID:5504
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6996,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:1
                                        2⤵
                                          PID:1944
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7212,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=7248 /prefetch:1
                                          2⤵
                                            PID:5072
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6312,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=3048 /prefetch:14
                                            2⤵
                                              PID:1820
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3480,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=6868 /prefetch:14
                                              2⤵
                                                PID:3076
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7244,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:14
                                                2⤵
                                                  PID:4072
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7244,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:14
                                                  2⤵
                                                    PID:712
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5380,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:14
                                                    2⤵
                                                      PID:3364
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                                                        cookie_exporter.exe --cookie-json=1144
                                                        3⤵
                                                          PID:4608
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5448,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:14
                                                        2⤵
                                                          PID:5432
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=5560,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:1
                                                          2⤵
                                                            PID:4668
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7788,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=7808 /prefetch:1
                                                            2⤵
                                                              PID:2000
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7840,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=7704 /prefetch:1
                                                              2⤵
                                                                PID:4556
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7888,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:1
                                                                2⤵
                                                                  PID:3720
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=8076,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:1
                                                                  2⤵
                                                                    PID:5996
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=7336 /prefetch:14
                                                                    2⤵
                                                                    • NTFS ADS
                                                                    PID:984
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6272,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:1
                                                                    2⤵
                                                                      PID:2532
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=6060,i,1903769782934914402,1803080771192226372,262144 --variations-seed-version --mojo-platform-channel-handle=7576 /prefetch:1
                                                                      2⤵
                                                                        PID:1180
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                                                                        2⤵
                                                                        • Drops file in Windows directory
                                                                        • Enumerates system info in registry
                                                                        • Modifies data under HKEY_USERS
                                                                        • Modifies registry class
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:3772
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2f4,0x7fffcc5ef208,0x7fffcc5ef214,0x7fffcc5ef220
                                                                          3⤵
                                                                            PID:648
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1832,i,3680557553541716924,12189387703491955025,262144 --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:11
                                                                            3⤵
                                                                              PID:748
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2092,i,3680557553541716924,12189387703491955025,262144 --variations-seed-version --mojo-platform-channel-handle=2088 /prefetch:2
                                                                              3⤵
                                                                                PID:3828
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2412,i,3680557553541716924,12189387703491955025,262144 --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:13
                                                                                3⤵
                                                                                  PID:2848
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4416,i,3680557553541716924,12189387703491955025,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:14
                                                                                  3⤵
                                                                                    PID:1184
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4416,i,3680557553541716924,12189387703491955025,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:14
                                                                                    3⤵
                                                                                      PID:912
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4572,i,3680557553541716924,12189387703491955025,262144 --variations-seed-version --mojo-platform-channel-handle=4576 /prefetch:14
                                                                                      3⤵
                                                                                        PID:3152
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4636,i,3680557553541716924,12189387703491955025,262144 --variations-seed-version --mojo-platform-channel-handle=4424 /prefetch:14
                                                                                        3⤵
                                                                                          PID:5304
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4624,i,3680557553541716924,12189387703491955025,262144 --variations-seed-version --mojo-platform-channel-handle=4460 /prefetch:14
                                                                                          3⤵
                                                                                            PID:1988
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4612,i,3680557553541716924,12189387703491955025,262144 --variations-seed-version --mojo-platform-channel-handle=4576 /prefetch:14
                                                                                            3⤵
                                                                                              PID:5744
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4704,i,3680557553541716924,12189387703491955025,262144 --variations-seed-version --mojo-platform-channel-handle=4952 /prefetch:14
                                                                                              3⤵
                                                                                                PID:1884
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                            1⤵
                                                                                              PID:1868
                                                                                            • C:\Windows\system32\cmd.exe
                                                                                              C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                              1⤵
                                                                                                PID:1300
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                                  2⤵
                                                                                                    PID:1428
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                                  1⤵
                                                                                                    PID:5472
                                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                    1⤵
                                                                                                      PID:5252
                                                                                                    • C:\Program Files\7-Zip\7zG.exe
                                                                                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\VanishRaider-main\" -spe -an -ai#7zMap16184:96:7zEvent17441
                                                                                                      1⤵
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                                      PID:5736
                                                                                                    • C:\Program Files\7-Zip\7zFM.exe
                                                                                                      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\VanishRaider-main.rar"
                                                                                                      1⤵
                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                                      PID:6036
                                                                                                    • C:\Users\Admin\Downloads\New folder\vanish.exe
                                                                                                      "C:\Users\Admin\Downloads\New folder\vanish.exe"
                                                                                                      1⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:1592
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
                                                                                                        2⤵
                                                                                                        • Uses browser remote debugging
                                                                                                        • Drops file in Windows directory
                                                                                                        • Enumerates system info in registry
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        • Suspicious use of FindShellTrayWindow
                                                                                                        PID:3600
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa363dcf8,0x7fffa363dd04,0x7fffa363dd10
                                                                                                          3⤵
                                                                                                            PID:2672
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1964,i,1464431970104000674,13597125507657548839,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=1960 /prefetch:2
                                                                                                            3⤵
                                                                                                              PID:4784
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2220,i,1464431970104000674,13597125507657548839,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=2268 /prefetch:11
                                                                                                              3⤵
                                                                                                                PID:1668
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,1464431970104000674,13597125507657548839,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=2540 /prefetch:13
                                                                                                                3⤵
                                                                                                                  PID:5004
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3028,i,1464431970104000674,13597125507657548839,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3168 /prefetch:1
                                                                                                                  3⤵
                                                                                                                  • Uses browser remote debugging
                                                                                                                  PID:4232
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,1464431970104000674,13597125507657548839,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3184 /prefetch:1
                                                                                                                  3⤵
                                                                                                                  • Uses browser remote debugging
                                                                                                                  PID:2184
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4208,i,1464431970104000674,13597125507657548839,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4240 /prefetch:9
                                                                                                                  3⤵
                                                                                                                  • Uses browser remote debugging
                                                                                                                  PID:432
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4588,i,1464431970104000674,13597125507657548839,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4648 /prefetch:1
                                                                                                                  3⤵
                                                                                                                  • Uses browser remote debugging
                                                                                                                  PID:1584
                                                                                                            • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                                                                                                              1⤵
                                                                                                                PID:3820

                                                                                                              Network

                                                                                                                    MITRE ATT&CK Enterprise v16

                                                                                                                    Replay Monitor

                                                                                                                    Loading Replay Monitor...

                                                                                                                    Downloads

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\67f3b581-1e43-42f0-a46e-55328dab0e31.tmp

                                                                                                                      Filesize

                                                                                                                      1B

                                                                                                                      MD5

                                                                                                                      5058f1af8388633f609cadb75a75dc9d

                                                                                                                      SHA1

                                                                                                                      3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                      SHA256

                                                                                                                      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                      SHA512

                                                                                                                      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      83KB

                                                                                                                      MD5

                                                                                                                      0e09d5b4623dc12795520533936ed9cf

                                                                                                                      SHA1

                                                                                                                      d316c2c96eab4d312fc2431905270f26337b1f9c

                                                                                                                      SHA256

                                                                                                                      1aae5f0e6ebb50ef490a70373e7e01a332342e2fb843c07f7a7d7cddd26c63e5

                                                                                                                      SHA512

                                                                                                                      268a9bee96581d4910287889eb8ecb54a5409b0e54e45043cb5e7d1ab531d83a85690449361667a343b5b7fd8f4d4d9114de9187d9a11276bb88691141d441f0

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      MD5

                                                                                                                      f05b0294ae4949feed0706bc80fa6418

                                                                                                                      SHA1

                                                                                                                      346bb7d2d99251c193652ad4ae7ef2964565b98d

                                                                                                                      SHA256

                                                                                                                      1c02e2feba3b2af3c045d1ed01f8a67e0923f7e357b32c434e567eef6aac4138

                                                                                                                      SHA512

                                                                                                                      348366e162f3a037e74d0e9ff422ba7ca3e14c2b170f50bab2a4b88b29a572028e56965c332bc63cbe89de1a3467c215893ecf3cac514d786ec7ea30c08bcc05

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                      Filesize

                                                                                                                      280B

                                                                                                                      MD5

                                                                                                                      39fb4c6f2a65fbbd5af96bc829bdee31

                                                                                                                      SHA1

                                                                                                                      c29df4ab9d8b81857fffe6ebad3822fca60d081c

                                                                                                                      SHA256

                                                                                                                      fa0155bd3f221d417174eb05f9f2ace3b8d2481de114fda7996342e005612dc4

                                                                                                                      SHA512

                                                                                                                      6e3eafa0b53b754ba4fcbedbd70d25bdb06ccad72904bca7522fdb13548683f56c38c95b5ffab951921038924ee222295cf02dc8d9eeb7b77ad5cc992f3ddb3b

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                      Filesize

                                                                                                                      280B

                                                                                                                      MD5

                                                                                                                      32a60a95c5b165b397761f411d1ce7e9

                                                                                                                      SHA1

                                                                                                                      97b880b3c59cdce863312ce97b641cbbeedeb0d8

                                                                                                                      SHA256

                                                                                                                      bff6124e14a262a5efe1c1657cba06b117c2fadc4c57d303906f37d030378e4a

                                                                                                                      SHA512

                                                                                                                      e433edb8ed7be3de08141cbc081e97dab62a2265e266320bbea543afb1f5b31c49799499ee2dac7981edeb5a97b8e8ec2c3f03c62d7ec4655b40337dd6121a9a

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                      Filesize

                                                                                                                      280B

                                                                                                                      MD5

                                                                                                                      38473ffd9528ac1edbe9d6c09f01995b

                                                                                                                      SHA1

                                                                                                                      a4c36310b0a4712a654d8b6948c1cd76908e5773

                                                                                                                      SHA256

                                                                                                                      99f70a30dec4b1af5ae30c4d123610dff79fc68ce5e015259d07db230bba16e1

                                                                                                                      SHA512

                                                                                                                      3f8664fb59deced3262cd28bf5da2b3612f0bc49602b48dde50ec7f5eef2f0452418c90b245c0fe464e9e90965f10dd9ef4c37e131d828552218dcaf60fbf002

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

                                                                                                                      Filesize

                                                                                                                      44KB

                                                                                                                      MD5

                                                                                                                      9004ee94f40c523029e832865ec2cf39

                                                                                                                      SHA1

                                                                                                                      1d46f847d8aa03c97be1c6f8d41dfc3d8cbf8920

                                                                                                                      SHA256

                                                                                                                      1459aadbf8690d48325a86aa86786649d8d6f169544e5a62e20002d232b6d2ca

                                                                                                                      SHA512

                                                                                                                      6bea869eb066574c82d3471c9236ae36e910dfa995a579e5f2932e898210e4fe4b990c32b8a45df40f6559d784e8eb3d6de9327d11fdb9ccaa05972147cf8ac0

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

                                                                                                                      Filesize

                                                                                                                      520KB

                                                                                                                      MD5

                                                                                                                      f5375164c20e8e4df505bed6b986e884

                                                                                                                      SHA1

                                                                                                                      41d99870a907bd6aebf8a8c38bedd8df104bf4cb

                                                                                                                      SHA256

                                                                                                                      11de5a1103f60be282dc96ac5e0818d20ac19c852a443e4aed14bade94e9e560

                                                                                                                      SHA512

                                                                                                                      56eb1461bf7d29b55a10c13fd91755eee76fb94fcb32167a3477f80d675f65584cd848464b5b5e1f3e4010fc332b62765ee66eb9deb4bf7726d02ab724af0e39

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

                                                                                                                      Filesize

                                                                                                                      1.0MB

                                                                                                                      MD5

                                                                                                                      47473c8c2687a4e12445e0657ce5d6c5

                                                                                                                      SHA1

                                                                                                                      82ed98f8015c824efb8fe7f9cba3c189717811e9

                                                                                                                      SHA256

                                                                                                                      cfa9f2b600bb541905458e54100679976aeab1e6f9270ecd483864f013572965

                                                                                                                      SHA512

                                                                                                                      2787a0c8987985e5a63b788bd7df52e8cda0ed4d9d7976bef830dcc727ed465bab9bb27fed0aa09b6aacb0028a44d0c65b5aac565ff9704d7fe2fe34b6cebbc4

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

                                                                                                                      Filesize

                                                                                                                      8.0MB

                                                                                                                      MD5

                                                                                                                      89bb352fb26cfa037efe13768a350bc7

                                                                                                                      SHA1

                                                                                                                      27478cf9672fb80fb4b0b2c179fffae488fc8529

                                                                                                                      SHA256

                                                                                                                      07f49c75ea67313aa37ac2d213410bfc67e872e72a97d98b9b913eb20a23957d

                                                                                                                      SHA512

                                                                                                                      c623581ddd37be288e95cda8f87bce7de6b2441dfaf5091677c8862e4ed9f19e79e636130c5d9432962ea3aa466b6d1d674ab35b0a99a52d600faf699b1a76f3

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005d

                                                                                                                      Filesize

                                                                                                                      114KB

                                                                                                                      MD5

                                                                                                                      d7d8309ef9554ae7beb3f2ece374f9ff

                                                                                                                      SHA1

                                                                                                                      36144ef5ff0dbbba8c2231e641003a20fe07910c

                                                                                                                      SHA256

                                                                                                                      1a0318689977d3599a0763dd237d6d094c1213df7cf5467a52d99d08dfa39851

                                                                                                                      SHA512

                                                                                                                      171763a4d0297cc16acdef9b0489a9af1d0792b6b7487c8f46bc92f254d18193363f1ad7d0022596497813a7c52b7aa9c182603e0a28418569a2752073cd173f

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005e

                                                                                                                      Filesize

                                                                                                                      94KB

                                                                                                                      MD5

                                                                                                                      7ef8a01460858e863c15b61ed4303c25

                                                                                                                      SHA1

                                                                                                                      9489476a1707877d67a12b296abb9f4606763491

                                                                                                                      SHA256

                                                                                                                      7878b94e219dec0ebfcdfa7da88e3b66bde85617c3f2292b5077ace664d79570

                                                                                                                      SHA512

                                                                                                                      a69af96a08cf767c0722fb439749bac5aa38a711b63c73d5cf4ade717d4beab55129feb612f136c2ccf669cc4fb548c098e1bb9cd1a9cddbeaf32fda8d08330c

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005f

                                                                                                                      Filesize

                                                                                                                      22KB

                                                                                                                      MD5

                                                                                                                      aed998c5e469075f97e8f47e60331224

                                                                                                                      SHA1

                                                                                                                      d251f0d79c72a39b19ae4064735b5765e011acdf

                                                                                                                      SHA256

                                                                                                                      e7a4d1320776afe51dfad2e322379a0cc09cabad863d2c6d6bbf34fec1912c1d

                                                                                                                      SHA512

                                                                                                                      2fe785be4183b572465dfa6c59e7a5a2632a29f9d5dee639b0b3f50a52a10f9e391e69a24397ed6af75451126236578cedd56ccc08a70c2f780f2bc86ff3453e

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060

                                                                                                                      Filesize

                                                                                                                      47KB

                                                                                                                      MD5

                                                                                                                      b17ef632fe20de78ba454ff9797f6673

                                                                                                                      SHA1

                                                                                                                      ec928bee3685a815d8e10cd7259ee22b1cd064cf

                                                                                                                      SHA256

                                                                                                                      e8c2aebb8805e18098aad2b050361bd03ffdb502a0509c68c2148547c31936b2

                                                                                                                      SHA512

                                                                                                                      7f72cf691238e87aba2a8e6bc3a4a813632e9e9ef429dd4db44eaee5a2db42e916317a1cd0c41d1447315fe9ca3bebf1187ebcfdea3a5c49652da2c6f56c96da

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000061

                                                                                                                      Filesize

                                                                                                                      79KB

                                                                                                                      MD5

                                                                                                                      22b9353db4911624d0757680ae498552

                                                                                                                      SHA1

                                                                                                                      1ed12140167835b105000dbcc6069b72c140d5cc

                                                                                                                      SHA256

                                                                                                                      1d0b444368c0fc4c75fe2f8f4ee5732bc3c8729c15575aa15f2b74a8eb37121a

                                                                                                                      SHA512

                                                                                                                      2c782d8d67c96a5b3d6e25300ab80e44d345c6e902a766a7085617fb39501b430fac5cfc06b2c432aeacb42654e05a0200992727806982702d0d561f467c8de0

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000062

                                                                                                                      Filesize

                                                                                                                      21KB

                                                                                                                      MD5

                                                                                                                      660c3b546f2a131de50b69b91f26c636

                                                                                                                      SHA1

                                                                                                                      70f80e7f10e1dd9180efe191ce92d28296ec9035

                                                                                                                      SHA256

                                                                                                                      fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

                                                                                                                      SHA512

                                                                                                                      6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

                                                                                                                      Filesize

                                                                                                                      153KB

                                                                                                                      MD5

                                                                                                                      a973b86340b8180e01f4ffc8ee8544c6

                                                                                                                      SHA1

                                                                                                                      e63291b7306bb539452d556f9483cf603ffddf50

                                                                                                                      SHA256

                                                                                                                      aed90de992d879d0df3a4ebacc7b1238b2797e731401a22da7b44cdf124a9925

                                                                                                                      SHA512

                                                                                                                      2022c14e51bc9c6b207a0d9accf8129b52c3f3bdb1ca23f69d8143bd3ddfdc9c0bcbb8655868aeeca87b1c6c08ce6d74fc567534a25c958437df8e3a21734da2

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      MD5

                                                                                                                      270bf5419f1abf7e5f7aac5be5222fad

                                                                                                                      SHA1

                                                                                                                      539f0941deff9d7a825d651ca31e12333c911e89

                                                                                                                      SHA256

                                                                                                                      03fec39c40136f5be231ad9a6067e41bb93811406ce5e9c365599720cea1f0e4

                                                                                                                      SHA512

                                                                                                                      8df31cbab08ce4c021e4af0d135b9b61d1932ec13ce1fb734c50e663df694a4643fa59044bd1fc56f08f53db5566563a8eea44c8bb44bea26f15219e16467b5a

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

                                                                                                                      Filesize

                                                                                                                      74KB

                                                                                                                      MD5

                                                                                                                      a2ace47209dca2588e5b3676aaf89585

                                                                                                                      SHA1

                                                                                                                      490560fc8b4af64f4c57bb76e774b4d19c214644

                                                                                                                      SHA256

                                                                                                                      c4520172576591a3b903f2548b3148ad5441ccceea13a28a4d793bf88a0fa53d

                                                                                                                      SHA512

                                                                                                                      3d258b2b57ee0ad004a6e33a1812647136f576b8fad3fb6d47960649d513a45082803468ab7e471b63021125c90236882881145d1a43a2f859e092934b157f04

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

                                                                                                                      Filesize

                                                                                                                      42KB

                                                                                                                      MD5

                                                                                                                      e8909544781ab9a1a33a1030bba6081c

                                                                                                                      SHA1

                                                                                                                      0ef4dd034fb38a93316976d8c730841269b5b4f0

                                                                                                                      SHA256

                                                                                                                      e9d03ec6dc64a1f8daf997c802e7d3d76a185a1708a574b18dbb870470694bce

                                                                                                                      SHA512

                                                                                                                      1fc6b1135f1896910aad73ff676d69e2dbefab37911c2309859f5ea8505c60270d51a1e1fa007f6a9d5e9a125f7eac1dff16b2662460a1ca09734d002421a9d4

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

                                                                                                                      Filesize

                                                                                                                      87KB

                                                                                                                      MD5

                                                                                                                      9871be9864d9f8748d5b5466c1cccb10

                                                                                                                      SHA1

                                                                                                                      eb73773243b85aebad9963a694eb203fb9261c05

                                                                                                                      SHA256

                                                                                                                      b9bdc3060833a831a74254057cc74a488505f9b5ec7655a80ee1aa83700d5fb3

                                                                                                                      SHA512

                                                                                                                      6fb10b30f091a94afce9248866c23e0f60a11905bd5363243400a782eb8ea59ccd1e6d8331839689502c5aec730556dfc11f3fe84cf3fd3cfa87dd84fbada6bc

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

                                                                                                                      Filesize

                                                                                                                      20KB

                                                                                                                      MD5

                                                                                                                      87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                                                                      SHA1

                                                                                                                      eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                                                                      SHA256

                                                                                                                      e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                                                                      SHA512

                                                                                                                      37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

                                                                                                                      Filesize

                                                                                                                      38KB

                                                                                                                      MD5

                                                                                                                      e90f3453002fa464ee8cf8471b7e6ec6

                                                                                                                      SHA1

                                                                                                                      7b0725beeaeedd221ffbedce76e53ad51298b41b

                                                                                                                      SHA256

                                                                                                                      4da077d5e52e25232ca15c95fcd340d12b031e7a1f0532b1a08d9d01d538fce2

                                                                                                                      SHA512

                                                                                                                      0415d1dd12dbc20a902744a46eb9157dd8c27b3ea051d035a5af9d0e08f0675938855d161fb2cabea982c19cddc7b7694c0f3f8a7516123510ab09e6a5cb53ff

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

                                                                                                                      Filesize

                                                                                                                      30KB

                                                                                                                      MD5

                                                                                                                      76c9b66927ce87209c22e2755da66b87

                                                                                                                      SHA1

                                                                                                                      cdbec59b112656e0fad99ce200bd139cc9738a6d

                                                                                                                      SHA256

                                                                                                                      9afa9bc0fffd7ef59a11982be0fcb5426247f08736cd87a74a97c210347fcfa2

                                                                                                                      SHA512

                                                                                                                      cfbf418c58212c07ff7057ecb402ac0cbc7a29f5dc3bd6ed88e7077a12f3a1a2cb5baad0a00c6f6ddcb445b62f70d4c04240b320281f1a2fc5a30d32e7b3f610

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

                                                                                                                      Filesize

                                                                                                                      33KB

                                                                                                                      MD5

                                                                                                                      7653dd06d245c3475716852ea8f450af

                                                                                                                      SHA1

                                                                                                                      3f0007d7650fb4746074f4d2b279da88200e3bbb

                                                                                                                      SHA256

                                                                                                                      85b5f3f2b27aa3e178464e28fdb9d8a03573d8101379d446cb67172c04ffda6d

                                                                                                                      SHA512

                                                                                                                      2edf0c0b9ae286e507cdf8a0030988503067eec115323c93c2ce955f5f585679b4d99180e86ace41e5fdb1c7d948c7b8700aab121991191191b5c460aa828352

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

                                                                                                                      Filesize

                                                                                                                      52KB

                                                                                                                      MD5

                                                                                                                      9ad602a0416d53abef2ac363acd9568d

                                                                                                                      SHA1

                                                                                                                      d18466024649d35f631f749176e54d71155da611

                                                                                                                      SHA256

                                                                                                                      41b4056f7c8b9600208e6f704e41fabb9b0a76c2eb2340ca0d5cb2146cd1eb3a

                                                                                                                      SHA512

                                                                                                                      ad1bc3fd51feba3d26538b0cb3c6b0db0e96be53ea4c938cf298257c382e0507fd0fb066b160d71e583881cfebc4cbc4ad5f731d788e1c2de98bac8182e9f5b2

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

                                                                                                                      Filesize

                                                                                                                      226KB

                                                                                                                      MD5

                                                                                                                      648823009b2c6dab3a2d9f74258a8916

                                                                                                                      SHA1

                                                                                                                      b2066566e85a351137ac3a41c1c8904cccd6410a

                                                                                                                      SHA256

                                                                                                                      1739d643058fbcf858e430da78b54e82550057e7979b3aa3d8a6434eeb039542

                                                                                                                      SHA512

                                                                                                                      52267fc5299f8081d0f9916b25a7a16c60aa0ad446e676fbefd9b67fda73968aacfe04eb2ae87a470e4ea74a45b4d12847aaa2395e1431013d16efc745c85817

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

                                                                                                                      Filesize

                                                                                                                      22KB

                                                                                                                      MD5

                                                                                                                      bc045e41540439b3a98a368a4c8868e5

                                                                                                                      SHA1

                                                                                                                      04bf55dae49feb4cae5dba34137e3b7998be1d11

                                                                                                                      SHA256

                                                                                                                      9bd1d90cf5c2baca327f34fe841dddd6636c73819b4bb79263d0558b06793b2c

                                                                                                                      SHA512

                                                                                                                      23a2ce036527f9d4ec64d01d19d0220651430bc7b4e495c2f98bfccfb7057880ecbd4eaecfcbc3bb2304f8ede544501731e6fc25370f27f249458248edbd380e

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

                                                                                                                      Filesize

                                                                                                                      42KB

                                                                                                                      MD5

                                                                                                                      0151af8967e20ad314c45cda1bc65e8e

                                                                                                                      SHA1

                                                                                                                      ed3d0743c2c1f3c8a7bc934e9112e934f5afef00

                                                                                                                      SHA256

                                                                                                                      0a2828f2f95857baa1281f483ce0e078038a2c54a248d0fd1774213d3104a9f7

                                                                                                                      SHA512

                                                                                                                      023e3b4321e7edb21cba63ebd0dccde5a678ffc9ba996340e8356e69e4ee7a1488bd898883599ac25312678263d126a110a8a1f951ad247bf105d8811ab4b8c5

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      1b18b0c55b3c1d46662b168dcf46c21f

                                                                                                                      SHA1

                                                                                                                      8df883528c6d08a1819843787bd43cf6386dc7fc

                                                                                                                      SHA256

                                                                                                                      c24e1762fb4217d694cc53f6ff141d2e2964bd35637ef3421df2a012e58c2e65

                                                                                                                      SHA512

                                                                                                                      9fb99ad6323ab03ec83e27bb3300f4b6884ecabf59d6f6e9f07a59c9848c1e90ff46c95b311b67d9f6969210369f17ef92d9f7807e8ac2dcecabce901004a9d5

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57bd26.TMP

                                                                                                                      Filesize

                                                                                                                      3KB

                                                                                                                      MD5

                                                                                                                      233ea3b2d757306f676199842e47313c

                                                                                                                      SHA1

                                                                                                                      f01c2073067175aeca56bd84ba5d63eec148cb5d

                                                                                                                      SHA256

                                                                                                                      fc18ff238daaafe929f1de24413a2456ab2f63a330a06648d9221b0390e3b332

                                                                                                                      SHA512

                                                                                                                      087b0c942cd7dcc4e8cb5d186d8fda00df89dc5a3c709070acfc6b8259d8dbf6f15c4b805f54fc72b086e18a4b41ec681ea6f22b322f5f600752959d8353a0cc

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

                                                                                                                      Filesize

                                                                                                                      264KB

                                                                                                                      MD5

                                                                                                                      f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                      SHA1

                                                                                                                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                      SHA256

                                                                                                                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                      SHA512

                                                                                                                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                                                                      Filesize

                                                                                                                      2B

                                                                                                                      MD5

                                                                                                                      99914b932bd37a50b983c5e7c90ae93b

                                                                                                                      SHA1

                                                                                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                      SHA256

                                                                                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                      SHA512

                                                                                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                      Filesize

                                                                                                                      352KB

                                                                                                                      MD5

                                                                                                                      b02f17f39fcbd4718238b5d53ec10784

                                                                                                                      SHA1

                                                                                                                      9cde70e7432b5be572b1e496a5c7f02f6de5b8b4

                                                                                                                      SHA256

                                                                                                                      f0c81ef72be8d8c2007fa8dbdf0f60dc0b3bc80d0a1b0d6dfb01cdc9eb489865

                                                                                                                      SHA512

                                                                                                                      f1d4d0685eac2c09602422d81f089e36c02d7da33f182c23bc3839ff6251002ae1067015ac3dd7fcb09a0928f6abb27cea21b504dec30dc138b2648d88b2cc7b

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                                                                      Filesize

                                                                                                                      108KB

                                                                                                                      MD5

                                                                                                                      06d55006c2dec078a94558b85ae01aef

                                                                                                                      SHA1

                                                                                                                      6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                                                                                      SHA256

                                                                                                                      088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                                                                                      SHA512

                                                                                                                      ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                      Filesize

                                                                                                                      19KB

                                                                                                                      MD5

                                                                                                                      6794178beebd6ae5c96ebc33223c79b3

                                                                                                                      SHA1

                                                                                                                      076680740143440b27b3def3d6edc394c2843b1d

                                                                                                                      SHA256

                                                                                                                      0c6fdf1454a88fdb493ec0f926245546b232a9f163dfec020c589855bc4161ff

                                                                                                                      SHA512

                                                                                                                      4ef9bc57c810b9c213482be44637bcf3114c4eb70c9b51318aaa7483b78f487ba672e719b6de3f3f220f357775abe206437b9452a83be82e75eae96be1c1cf5c

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                      Filesize

                                                                                                                      2B

                                                                                                                      MD5

                                                                                                                      d751713988987e9331980363e24189ce

                                                                                                                      SHA1

                                                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                      SHA256

                                                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                      SHA512

                                                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                                                                                      Filesize

                                                                                                                      40B

                                                                                                                      MD5

                                                                                                                      20d4b8fa017a12a108c87f540836e250

                                                                                                                      SHA1

                                                                                                                      1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                                                                      SHA256

                                                                                                                      6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                                                                      SHA512

                                                                                                                      507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      22KB

                                                                                                                      MD5

                                                                                                                      7f8f8c2d75c24783c6d6dcee871595a9

                                                                                                                      SHA1

                                                                                                                      9387c825d065fa98f3302e1169e6db07715c7fc6

                                                                                                                      SHA256

                                                                                                                      9fa9b9262f32a899bda4eb4f2c8d491ce6cafc6a1b798a2e06992b12478ed246

                                                                                                                      SHA512

                                                                                                                      8d0a58186670ec1bec2f7d40c8f044d4fa38504943df5484857f1523c5b2020f6f18350efa3971bda07d1333c475b2e2cfde473f2022e16d17fb8e759a1466b4

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      24KB

                                                                                                                      MD5

                                                                                                                      223c7297fe9abb4b3c549900b897936a

                                                                                                                      SHA1

                                                                                                                      b26dbfef0b635623ca67dbddca3febfe9ab4a47a

                                                                                                                      SHA256

                                                                                                                      852956125b2944b20b46754591e1c17677cca20c85d0478af57976abe0e3e2ae

                                                                                                                      SHA512

                                                                                                                      0ae43dcbd9e8fc5e1aeedaccb253f35afa1f9887d7efaf6ae1c4c1352d4ea37ac282236ea75ee4e50d844b388794553ab39cdf4cb1f97386bc2d402324c6a3c0

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      22KB

                                                                                                                      MD5

                                                                                                                      262aee3b0dac303873e84970a4cd751e

                                                                                                                      SHA1

                                                                                                                      d8bc1d7f0e81d7f4de92c424da7a788a1ceb99b2

                                                                                                                      SHA256

                                                                                                                      2663d5a0ccdd03e1bc9d78eb399c06980e5672069aa6baa88bea5f0255b5c2af

                                                                                                                      SHA512

                                                                                                                      f9aa605e352083cb48535e43ace11f5198e80e37019d8e185193f2f9579426847443dc1388e788c930ee0b951429a4576c660f10b647208e363a83101c1dc812

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                                      Filesize

                                                                                                                      37KB

                                                                                                                      MD5

                                                                                                                      35a2646ee635dc3063beaac925533167

                                                                                                                      SHA1

                                                                                                                      0062c081dff261fb9969893c0350f40a24874319

                                                                                                                      SHA256

                                                                                                                      8137219a166fca9352b1633d07fd2b57371f70ba261f0ff0914e922b5dc56dbd

                                                                                                                      SHA512

                                                                                                                      98354ed363d3c08c7937d76ad47b41b9bb0994848f4b6abce9b04ae68a9806dd8f41bd3ea75642e2f95e3a764d97fd8e0a404b59bb1e4e250467192b3a3ce39f

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                                                                      Filesize

                                                                                                                      22KB

                                                                                                                      MD5

                                                                                                                      eaafd394555be007264fb6e7c4d057c9

                                                                                                                      SHA1

                                                                                                                      708a339e1d00c568895a8fb4caa7c45465342c91

                                                                                                                      SHA256

                                                                                                                      cb229db34ac104b71f54c670e233a5888f0ece6d5d1d2b1323ddccb4f34aaf9c

                                                                                                                      SHA512

                                                                                                                      1dcdf5ebba28f29afad021ec47d2b809f265bc32afc3340dc2a6888d7d92cd54891b0a60f713ef5ca4592b3b6b203781b868ea5d90455e63aad35310df9895bb

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                      Filesize

                                                                                                                      16KB

                                                                                                                      MD5

                                                                                                                      91330a4aa1f57dfd0ddbdd2911227164

                                                                                                                      SHA1

                                                                                                                      01306abf533cae1f9b0f908e156cc2d0be8ada6e

                                                                                                                      SHA256

                                                                                                                      f8d209c93928f113b61ac571d69e997f6d971e1090be5d00484635df2a227ea7

                                                                                                                      SHA512

                                                                                                                      89f6b3f1c0cfc828b78332098244fa01401e14b7fc4378940740fe2451392133ed99433a9783088d82c0cf9faaa392daa52e3742e6a811e5b9f6db0112f41742

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                                      Filesize

                                                                                                                      464B

                                                                                                                      MD5

                                                                                                                      81ea646f1c961928b7c9d96a266beb54

                                                                                                                      SHA1

                                                                                                                      5d04e7943a91c74b34d0cbc39b5a6ee972913ee2

                                                                                                                      SHA256

                                                                                                                      8faa539b92ec7c296f0d5e21cae3cd4300ec0c1ae3cdcf304dd5d3a0dc111c81

                                                                                                                      SHA512

                                                                                                                      f0a3b70aa99dc50999e5366390a0f8a1a648ae3da062bb2134d3dbcad7d9d34e16a8de10304926cec93381f208b9e76769ff8b78c05f6e3c7a3b61cdb19c0f07

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                                                                      Filesize

                                                                                                                      44KB

                                                                                                                      MD5

                                                                                                                      8ab1dfd0c2bde21f0705e0275360b7b7

                                                                                                                      SHA1

                                                                                                                      951cbcf8f673db8f3e3437ad93802730e4121c29

                                                                                                                      SHA256

                                                                                                                      fee03d7b98587b2f055649ca09deb2d63649aaaf1c8d3b336eb33fb5e7512444

                                                                                                                      SHA512

                                                                                                                      e93ba146c36157135c7b31d3b637203f3638c4f095bf17dac12d4ac3e1dd668e47b5cdf4cc235acf5a23fe67c94b7bc5b9b64f1ba6672819ee21b6315ffb46a4

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                      Filesize

                                                                                                                      13B

                                                                                                                      MD5

                                                                                                                      3e45022839c8def44fd96e24f29a9f4b

                                                                                                                      SHA1

                                                                                                                      c798352b5a0860f8edfd5c1589cf6e5842c5c226

                                                                                                                      SHA256

                                                                                                                      01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

                                                                                                                      SHA512

                                                                                                                      2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      45KB

                                                                                                                      MD5

                                                                                                                      bf120ce5ee893f83f28401a4621007ea

                                                                                                                      SHA1

                                                                                                                      c264e21d159147693ee2fc475c4ab02bdb02e6b4

                                                                                                                      SHA256

                                                                                                                      db1e0e5111bd6964218929bbe4b2c2b6264599a08af16f1067d9ad9e72d02f92

                                                                                                                      SHA512

                                                                                                                      f33b6b823d97ec649a4f1f561abcbc67e85a55d61138eac6a0e58eceb4b20d676c7f2fef710179156b91b6ed3ad2d775798f10a9372699ea9b48d9cc33f1bef0

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      38KB

                                                                                                                      MD5

                                                                                                                      8aaaf93e374531d658f2daabde509fae

                                                                                                                      SHA1

                                                                                                                      e2ac160ea6f3058214705265dfb774ab8e5fd295

                                                                                                                      SHA256

                                                                                                                      dee31a377529f1094d3443c041ae99e800701a0e1a3a3692ea47258441a1a436

                                                                                                                      SHA512

                                                                                                                      78ba3d46c7d68c990ffec8cc1d239d967071de56905c049ad9e70f5976b83798294d0866812f569987316130e2a08f54cf3336ea04ef564ad4983c42c12bdd61

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      38KB

                                                                                                                      MD5

                                                                                                                      25afe74a5da30d05274286be706f9c34

                                                                                                                      SHA1

                                                                                                                      e279bfb44a162750690dafc9742c2efe2b6d837e

                                                                                                                      SHA256

                                                                                                                      79a78139d3cebfddb3bd87eb4e9f6d4fc86743e533a26d7767faef507aac2654

                                                                                                                      SHA512

                                                                                                                      c2fc5c862dd86a1f6e97eadd7959ffc698b52aebcf90fac783ae0df6c54b717846e7a43f15c922cbd71f1b3c77408187b7bbd597b794ca3ef70448ddefb3ce1b

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      51KB

                                                                                                                      MD5

                                                                                                                      146e386c71783e8702a6a6267a9dfaa1

                                                                                                                      SHA1

                                                                                                                      04be2dd2bae635fc62d1a9492a1a8d62cc1fc465

                                                                                                                      SHA256

                                                                                                                      ecc286207b24bc2846792357eb4a3d907d68775b2389b609e1f5041e7676087f

                                                                                                                      SHA512

                                                                                                                      9cc1a9835452479269864586d564691cd990374dca83a37d5281b0754a888f46c148493bcd945428a8966d329ad822cdd3f5cd9cd0420696ada5ea9fb570245c

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      51KB

                                                                                                                      MD5

                                                                                                                      97adbe6251b43ae41c9f945f84600181

                                                                                                                      SHA1

                                                                                                                      5455e41dd2091f39a1b723c14b7c0c68b9b39ff9

                                                                                                                      SHA256

                                                                                                                      013a29138e8a78588af1a7bae1186a665e92e4ee2cadcbf1c45972c469fafcea

                                                                                                                      SHA512

                                                                                                                      2444d0ea26677ddf3f2a1c2c7647f21b5b36ed3bf74f74826e7465026088902139f3d0310ae118a1c1c936fa9d2ea89e16e0ab5cf5f69a4acaf194c3fb92975f

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                      Filesize

                                                                                                                      86B

                                                                                                                      MD5

                                                                                                                      961e3604f228b0d10541ebf921500c86

                                                                                                                      SHA1

                                                                                                                      6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                                                      SHA256

                                                                                                                      f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                                                      SHA512

                                                                                                                      535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                                                                    • C:\Users\Admin\Downloads\VanishRaider-main (1).rar:Zone.Identifier

                                                                                                                      Filesize

                                                                                                                      66B

                                                                                                                      MD5

                                                                                                                      91a932dcd7bffe18428528359af8f18f

                                                                                                                      SHA1

                                                                                                                      bee30924f7cdee4b6332c7e53726c14e0e5acf36

                                                                                                                      SHA256

                                                                                                                      467b8610308d08ee1a4d30fd9ed93e238352b3020d19a8417c51df22eed98b3e

                                                                                                                      SHA512

                                                                                                                      0f2e141a64a55088b078d789159fde7bf407ebcd5583528a380cde89f573b104c29045dc1dd923fff562e4bbf1f710443a2ba5d617292cbd625030bcab074fc2

                                                                                                                    • C:\Users\Admin\Downloads\VanishRaider-main.rar:Zone.Identifier

                                                                                                                      Filesize

                                                                                                                      325B

                                                                                                                      MD5

                                                                                                                      47675b9c1f4f0fe560a6936489ad393f

                                                                                                                      SHA1

                                                                                                                      5e56a38c2e166ccdfc20c027ed1ea3170d2e5517

                                                                                                                      SHA256

                                                                                                                      5cd15a056584e522aa454861ff9048e976b13641223e2107ff53afc4be17fdeb

                                                                                                                      SHA512

                                                                                                                      8eb2691122863ff9dd6ec3b2e94be3e01e997ed3e9182f79fd65b57592004282c513901fc4f0ce510b1af14ea784ab79e568e56bb1404bc81afbca3bc23eb719

                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3772_391580775\LICENSE

                                                                                                                      Filesize

                                                                                                                      1KB

                                                                                                                      MD5

                                                                                                                      ee002cb9e51bb8dfa89640a406a1090a

                                                                                                                      SHA1

                                                                                                                      49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                                                                      SHA256

                                                                                                                      3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                                                                      SHA512

                                                                                                                      d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3772_391580775\manifest.json

                                                                                                                      Filesize

                                                                                                                      84B

                                                                                                                      MD5

                                                                                                                      e0909520982fc48e47a6451443b11741

                                                                                                                      SHA1

                                                                                                                      0e46425274933c153ebf5a03f25e693267a8cea2

                                                                                                                      SHA256

                                                                                                                      2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654

                                                                                                                      SHA512

                                                                                                                      3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8

                                                                                                                    • memory/1592-857-0x0000023936340000-0x0000023936368000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      160KB