Analysis Overview
Threat Level: Known bad
The file https://github.com/Hacker2425/Ransomware-Builder was found to be: Known bad.
Malicious Activity Summary
Chaos
Chaos Ransomware
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-18 13:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-18 13:32
Reported
2024-03-18 13:34
Platform
win10v2004-20240226-en
Max time kernel
95s
Max time network
101s
Command Line
Signatures
Chaos
Chaos Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware-Builder-main.zip\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Hacker2425/Ransomware-Builder
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb21046f8,0x7ffcb2104708,0x7ffcb2104718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8890396605721382679,14781374561327370860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware-Builder-main.zip\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware-Builder-main.zip\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 1.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 9.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a774512b00820b61a51258335097b2c9 |
| SHA1 | 38c28d1ea3907a1af6c0443255ab610dd9285095 |
| SHA256 | 01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4 |
| SHA512 | ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1 |
\??\pipe\LOCAL\crashpad_1812_FETIGBZDMRRVTYBB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fd7944a4ff1be37517983ffaf5700b11 |
| SHA1 | c4287796d78e00969af85b7e16a2d04230961240 |
| SHA256 | b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74 |
| SHA512 | 28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aad0de95395fd2fde250a4e2b0dc643f |
| SHA1 | 1903681329b374f31dcbda7ee7f73db20758b39b |
| SHA256 | 3588a330fc28b60fc6c053f07a2ae55fc2644945fe953694402ee714e408bbc7 |
| SHA512 | 808b5fe59b5b51beb2a8a46509675153e67f6318ab10c7efc5d653204caa28fe79c8a8d08950a12b85ca7b97fcdfb6f4c2bbf5e472c263745587d6a50c157e1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a437fa5928eacee78e894e7138168d92 |
| SHA1 | 5554966bd0d09c79b7efac81282c87c7da1c38f1 |
| SHA256 | e39039c06d3dfed7ee8d36ba8c4c79f5ac35cd5c97341d18950a31ca95d2ec93 |
| SHA512 | 67cbfd85ce615703e31fad441dbc6198e4d978a4ae7bde25bfe75f43ac2404451af242f9ba2d546098fc1288f8cadb93f4efad838e15d6fdd99ee8e019a92df8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ce57d970130c506ae21800984de01d4 |
| SHA1 | 11848a716097ee96dcb0aa37beccb789cba018e7 |
| SHA256 | 5e467ac24d9c2efbd3d92f62fb5b4ad9b5f7841ac8834d492a62fa6793cb7d47 |
| SHA512 | eeae5dc91c0e2d6cdcf491273f0f227db51a468140b0c66b3cca6c4ea7b2e1ba1f355039b3e34c3b91c6af73eff40fe1e65f02584f91ec66265db818bdd7d38f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\Downloads\Ransomware-Builder-main.zip
| MD5 | 2f859950b215f4eee1e00bbe39207212 |
| SHA1 | 31593e690a1e02c5a19f24d65b2ab0022c136a0e |
| SHA256 | 4b19ad3ef396d68d4ad5457be25ca636d22e1bd848d3e4a5211b71da58f016b6 |
| SHA512 | 4948afdce16b45abed05df9d093ce7286637beedf7fd5d1f1915638914ad1437321128b125653849c27161d1994acaa8a648207a326af922f7a4d59740d94d48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4cdbc5da1aeed35ed3d451aae6ba8ffc |
| SHA1 | 26f2111acba4cbba275f237ea5c519c502b4245b |
| SHA256 | 5b7745e053414c827388c52083867d854f0916f6d050b2d98820c8d47206a9d0 |
| SHA512 | aaf92f21ef93cde9af9fcc483cd9602471cc99a03e504319d9dd8c773b4012790830f77b91f80bcd2dc2e0c46c08a336de267a9d3cae4d6471b688ff361f389a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cfd13f1b05c0239ba900c53a2d17bd8c |
| SHA1 | d8acf7b238ec410b28353f19185e8d161a85880a |
| SHA256 | e02920dcc84fd6ca4c368953c213880f1074580deaf1602a15e2feb8b5d79dd2 |
| SHA512 | 3136a1b44581f28d703bd0d04690c88f463c931ccd813111da8818d2361eca9839b51fee4286ede3d82afa65fd297cf1b3a4ba0fbee94fe5e0f281474ca3f0ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c0a0.TMP
| MD5 | dac9ce43fd5ec12a49caa07a653d767f |
| SHA1 | 0335bc6cdd4e64ea63564c6afc41effe9afc7981 |
| SHA256 | 08083b8be2fc3f5acedde73ef4352257938dce72a0eb4f1867f042314abcdc83 |
| SHA512 | cb5599048b7ec31500804e2983bc1875215cb2127fb2c3a6723d9a01643df0360139d42fb60845e3ddc6d73c9bc3690690450adccf0ce6cc6c3304a7e82476b3 |
memory/5616-204-0x0000000000F80000-0x000000000100E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cd1b4b3a1bc50df4cf197a997552d877 |
| SHA1 | 3e3ac34e9fa6f077034ecc3f32a9bd94edea4ee5 |
| SHA256 | 7e9de3141c1c1fbcf64361a91dd268caece59aa2ed8ef03b1362c781136cd87d |
| SHA512 | c50fb69073d04f3d3e98cae81be313f2c603b7a63c9b22bb212f8e317c3dc15ccb6bd7e025c07f10253ad71a1e81ba90ae1888a624ab2d6db97c961602c4ea94 |
memory/5616-210-0x00007FFC9DA50000-0x00007FFC9E511000-memory.dmp
memory/5616-211-0x000000001BCA0000-0x000000001BCB0000-memory.dmp
memory/5616-212-0x000000001BCA0000-0x000000001BCB0000-memory.dmp
memory/5616-213-0x000000001BCA0000-0x000000001BCB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9e6a4bbe1d270bf9e712d178023a9440 |
| SHA1 | 33249fdbb954ec512383bcd0bd74e87dd5cb1f8e |
| SHA256 | 741b8d7e0208b33cdc1f0caaeecc16cb0d5be3d09205d380167ac8d06cee790f |
| SHA512 | 3668d490dd87dd82d261c3a320199dd7b6eb407eb6e5cc0002e197eda1fa7f7bb60a56ed7d28173af00c60e313b896b0b0b3276085c7d91c8be15ec7c480dc0a |
memory/5616-241-0x00007FFC9DA50000-0x00007FFC9E511000-memory.dmp
memory/5616-242-0x000000001BCA0000-0x000000001BCB0000-memory.dmp
memory/5616-245-0x000000001BCA0000-0x000000001BCB0000-memory.dmp
memory/5616-246-0x000000001BCA0000-0x000000001BCB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cc4d73e34e4e3f8e986a319af7c94bb6 |
| SHA1 | b0340d1365533d7e2e943bcc91afd9563af194e8 |
| SHA256 | 0b4ad4ab83c5cd2828bd8c66c76d18b77b8b6157409a6cbf1704bd793d3b4e29 |
| SHA512 | 6ee164ae203e27226a00cb5790b8f66726589c191ccdc6c8e7d612fb47b8aecbcb346dfdb40b488f837b46d090b113f88379bb877191258ada8c07c04d285f9a |
memory/5616-278-0x000000001BCA0000-0x000000001BCB0000-memory.dmp
memory/5616-280-0x00007FFC9DA50000-0x00007FFC9E511000-memory.dmp