Analysis Overview
Threat Level: Known bad
The file https://mega.nz/file/HccTVRRR#vN0cUJcILuzE6ziZSDbruaGqr8fEbvJSNnbg_5N_3g4 was found to be: Known bad.
Malicious Activity Summary
Phemedrone
Reads data files stored by FTP clients
Executes dropped EXE
Reads user/profile data of web browsers
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-28 12:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-28 12:16
Reported
2024-06-28 12:21
Platform
win10v2004-20240508-en
Max time kernel
330s
Max time network
325s
Command Line
Signatures
Phemedrone
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\lite.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\lite.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\lite.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 251678.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\lite.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\lite.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\lite.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/HccTVRRR#vN0cUJcILuzE6ziZSDbruaGqr8fEbvJSNnbg_5N_3g4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d954718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4804 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x428 0x2fc
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6100 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6768 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\lite.exe
"C:\Users\Admin\Downloads\lite.exe"
C:\Users\Admin\Downloads\lite.exe
"C:\Users\Admin\Downloads\lite.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\fruvan.exe
"C:\Windows\System32\fruvan.exe"
C:\Users\Admin\Downloads\lite.exe
"C:\Users\Admin\Downloads\lite.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7270962896693581004,355705968122558372,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1052 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.124.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 13.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | gfs204n071.userstorage.mega.co.nz | udp |
| NL | 185.206.24.31:443 | gfs204n071.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 31.24.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | get.geojs.io | udp |
| US | 172.67.70.233:443 | get.geojs.io | tcp |
| US | 8.8.8.8:53 | 233.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 172.67.70.233:443 | get.geojs.io | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 95.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 172.67.70.233:443 | get.geojs.io | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3352_LJWMMXYJEWLKVJIG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8cfd7f504576adb8939ff8addc39bea5 |
| SHA1 | 591526156618313e007d947907560396cb5367db |
| SHA256 | 50fd55ac5bf33dd0fe76d8ba4c17e414754c5001c1681464db24520c7a16a767 |
| SHA512 | cf70eebf6be8a6db288993e1e5120e1bab92c8a2b1352b13a580a9cbdbf431eb29c279d2e1b7ff202140c2e87e96ab447617ef6a2b5ddd0f4ddb577ec5947102 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ef91dade6eb8a76dfe2473c18a65291b |
| SHA1 | 301648b537ced809ef91869f315ec8e0e2c05478 |
| SHA256 | 853444d80db7d5eb9598e0111335d1aa3ec7aca2305eaea7ad997f2583b940a8 |
| SHA512 | d587337d516ee6ff4051fd0edeab6f4aa8fb4f0225c66cdc60d921c1e5a612e1bb1aa974a39f7952ce3ffce33df6c1cc216a95a2b33bba79f4cdcde52b64512e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c91902330d3108da73ac5798b781ef07 |
| SHA1 | c73436e3cb1835a5dbfcbe1fb97dc0ca970ae901 |
| SHA256 | 0d23c1d5b002a204a780bf9bc1e8c785544a0b528f48b216132c650452b6257e |
| SHA512 | cc25d9332498fcdbfea2181ceb7268640f1562268b93169ef099e56d4968b2df1c42182f09c0bfcc0f57f0dec991ea679d209f3720c081a1418d3c6e4204f1b8 |
C:\Users\Admin\Downloads\lite.exe
| MD5 | 9957ff72b98d2fd3819a1c3a5bb7c266 |
| SHA1 | 27ee49406e1eaaf4ca84e9119baf83d79e199df3 |
| SHA256 | 103b15ed69b33225af3886c39dca69d542aba6907567bea4f4854a80fe9ca34e |
| SHA512 | 52e8cb098534a39b7ad5c251db05fed8b414012f824ced61ba6dd53e29cb8f08e870c19a74906112f2fa3ba60abfcd1d7f3170ac27481a918b1b818bebcb251c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | be0c65c38cbe341827b696272bc70632 |
| SHA1 | de7a5de896762c7e6e075a0f35186259b688d778 |
| SHA256 | 3484a7114548acdd8545170a7450d9a5aeb6bf4015a862798ca8b669275c8531 |
| SHA512 | 5bd09b5cc2ad5a563f8450d85b184c0c50a3591b175bb65a31b1d00dc1fb1223c46f49f97fefd23fe1044cf1af35d9c3626b748c15239046bb0bebe9a17a0d99 |
memory/5596-180-0x00000000007B0000-0x00000000007D4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 09a751265e44e5c324b80edac5662ffb |
| SHA1 | cfbdd99c9ec990a3149b4a7ee0c04234389c0067 |
| SHA256 | 060a7008afab7b2d817de53c88a6c85375a6672844afdb962518cd296e9a6155 |
| SHA512 | 0c3357a80250ae12f6b24aff001c3fef52193f6ceb614e83a2e23fbe1142fea7369e5ca2e44fba9f1e55440925b028508d467bee19fb77e6bd764364dbc15e84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 5d7e9825ed6706cbe986bc0bb85eb2c6 |
| SHA1 | 1037b3b2cf7fa13c6833473be3235e5bfe5a7ccc |
| SHA256 | 7a28659bf259f8a26aac4dee5f89031dc389cc30c70458533760802e28199b89 |
| SHA512 | b37fe546520f5005a0a918d449338e130e8eb0b3d8093ad6e6de4d7bad37cfc9f29cc795285d0a41dc03325252531aeb63817f592fd8076ca375eff611866c21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 0af9452dbaef76870b03bdd9f206e8d9 |
| SHA1 | faeb85fa3d4d169891a169285c87956991e01b74 |
| SHA256 | b87f01eeddd71c113397e702d1a775db2e0d3c58c762bd35814d3dc081ed4b1f |
| SHA512 | cc37022c52df6b7c25b5b0553bef468bc2cb2bc68221218d57e5eaafc5965f37c0f430245418390ee9545d40bc5b77f86e1db90314fd2cdc925d5e6fe45c0faa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 56c8c08ac3ff0a9f6bd518c09708a5ec |
| SHA1 | e334cda275306be166e395aee64d2f5f73ef9530 |
| SHA256 | 6feeccc076c94788127dbe56b759b7a9e5e3c35cd05ee75b79c4e74cac82b013 |
| SHA512 | cba4f7d4fade651e1161d4aa729075589069d3097af07d146b8208e15fd6b24de11da7622793b200c9b28f7ae77f3a63e6c5dfc3b5f99685754f02177cac9fcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 7a3141576b0879ffe013930292970fe5 |
| SHA1 | 4ee50c8b6b0945c9dc024a4369c0ec8b3f5ce3c2 |
| SHA256 | 10a11eb520e1fa95b31aca1f2559402202050e8a89630bdc85bd30047a746f05 |
| SHA512 | 71e6b422a56c145b4f1c59724fcfb4f807f5d1df4b69a2d69ac78771867755ec9486a851a834797cdcbf459bc6611b112fdb79736306b120876d170745a323e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a8f2.TMP
| MD5 | bb3f4a4aeb91fcbf91fe5762dfdce53b |
| SHA1 | 009e3c397ebcfcf17bfa28ff0c6d979ac7becd62 |
| SHA256 | 5ef21c320375aefa85b0289a77ef93079296edbf85cb8657d0a916c01fb125eb |
| SHA512 | 14c94008404f8a7e06f14ac17d42668d03c01479eff9e8bf0da3b15327cae4c9a0270f6228e8a52f2f395783262854b08b0931dcb9d6716e8229221a89e411ac |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\lite.exe.log
| MD5 | 4272497d3c3536eb06331f00a9c5ad96 |
| SHA1 | a63406b354c660c8284a07f9812cc953968ce5aa |
| SHA256 | 181052c912dc4377b7debfbd342ad17da67d7af140026c008988af728c0bacb1 |
| SHA512 | f0c37354f03f9133b9b38309e44cccec9b982d6868daf36600d105530015edad3f8ac5fdbbcc1e3845351ccd2d8043a5b3e12045914e803d33878ae9d4c8b8d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | 64f86a30b11b6e056e067156d43a9659 |
| SHA1 | 5cb1316fd329af0fd376e69d285534cb73b29ee1 |
| SHA256 | a78837e138efd2a5c6763343e7c1eadb39f855419188c1a84fa8c9da33bf1ee3 |
| SHA512 | 5f125bd492284ba9e949b627022217682a67e958a9519c2d7fb5beb62b204bb53bf9f2b24a5769fe0f31b7ffcf1fcc57d0e050b9737aa86d4b25c77904324605 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Collections\collectionsSQLite
| MD5 | 2b65c5d1ab0aa3f3f57c635932c12a5d |
| SHA1 | b532c837537438e591d5d6adbf96a5dfe5c40eba |
| SHA256 | c111777e9b9a42cf62b06900b847283238af63d15033c40577cb10aaa58c084a |
| SHA512 | 7d75089fb928c23c0166a74bb2baa3c1245bb23012d30ec2cf1fe71f8412700d354d4b9b8070309b23a5b003e37727ecd00f9ffaa018ffa5bb67ad1bed58e175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase
| MD5 | 69d11176b29eaf13adafed73b2d328c1 |
| SHA1 | b37156268ad718f52adc9e9d0793f648ce459a7f |
| SHA256 | b4feec07e7d55c1101bb41b6a22632ca1892a4b4fdad0c0720e63d3162376ec0 |
| SHA512 | f70d76edfff443f4a1048e18b71a71df41fadfa4b502c4b2b3ad15f9ba7a111038f309a934549bdd3bafefb531ad044bbd8692148d5b241fd32915d6d84b55e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
| MD5 | cf4b0a74bdc68a111bd7ccbd8569daa5 |
| SHA1 | e567e83b8db5476018dfed63802d0f60690c8139 |
| SHA256 | f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d |
| SHA512 | 4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | 7519acc37195f8226c6e828faa9af29b |
| SHA1 | b490eac705709112aa16d00e9a2961b47207e97f |
| SHA256 | 3257f9a50b8c3f8811f7729ce7c147c9d8b4147e415ba2d85b0d475a25f474ee |
| SHA512 | 2396ca89ee94f15f68ae2e95938cb0f2b606854c87a3bfe62f6626aeeb710595e9e67125a349d103822b75a3904a72418ba8108a09817f22cf24170295e11792 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
| MD5 | 031d6d1e28fe41a9bdcbd8a21da92df1 |
| SHA1 | 38cee81cb035a60a23d6e045e5d72116f2a58683 |
| SHA256 | b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da |
| SHA512 | e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364050579389389
| MD5 | 3be99ae2c1e0da47f175b7e7a3036ad6 |
| SHA1 | ef79503360973ce988fe8e0fd4db13e52fe5d8bb |
| SHA256 | 841f02f9390b96fd63414af5405a95b604f34843c6ea092809843596c6ba602c |
| SHA512 | f1bfd0bd3488a933a078eab39b8408f02fdfa4cd02dd7ae58084fd6f341ff3191a287f253ca0551392232a465dd871fd79317fba82d92bb5896887795ad64e07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
| MD5 | 0d14e7c17dc4b66f609c4311c64b6948 |
| SHA1 | ba8d7ad8149b63ee62f47722752ee2902de9ba74 |
| SHA256 | 1f82958aea8170030be4341ef23a3d4988ce59ea13be923aca9e021242ca9de5 |
| SHA512 | 3bc7023b58599fdd00f37b86a984711f0c58e84ca46965034b594e69e99de3f92af70bac547e982efbca8eb2e461f12f20f5d0ca20e017c7e84b88e26b6859e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
| MD5 | 9dd85dfd3decc61de97f35e337282df0 |
| SHA1 | 9aee4be298a737e26e61d7382c06803d1e7cdd93 |
| SHA256 | b463c2e68f385c77bb680c436fdfc4c01121484376b84057fafeeeb15ebcba14 |
| SHA512 | 2479b37fc6ac1fbeb157ae5e8adff605fbd5ea7c227057bb2c68d08a0d9fa35df70cec70fba54c77f7ef0cc8c1f09191c89f38c5c02ef53c5e50701dbd2925c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\000003.log
| MD5 | 32e05f766c6d2bbc5e71da313544ceff |
| SHA1 | cd561c791bd82bd0dd1602eda3fda926d5a7bcae |
| SHA256 | 92347dd590b59085bc4b186607a9702cfd213977327ac30d76bf44c08b5a4d95 |
| SHA512 | 5093cca292f783cb0b5ec5296c3f67087dcd7ac4a218c1503846c2bdee16bc36eaaeb4e9ee2a60121d8bc49e69f5bfbd48c758b837a9c33cbaa7ad59a48f99af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364050579193389
| MD5 | 93f4bfb8587fee945f10c40acd240c1b |
| SHA1 | 52c5c718d4b8376639823304f10590f3f5acf0a5 |
| SHA256 | 82defb31734e8aface61b163cf6681c6b1d786aca1f8e95730e8497c9ca11ff9 |
| SHA512 | 64e8aafaca518809d7cff75b5f1b4964e8c4cdc0acbc870d135048446e8d74327133170f661961c4d4588b024454036a004912b0ba7577690379fd79df96431a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
| MD5 | f52b3e5685c4f2b98461bb84fe93ab55 |
| SHA1 | 89d471548ded09933e4180cbffae6b54f3227173 |
| SHA256 | 4ed3ecc79883e5c9a3d3aec94acd8d00cd5d88c311b5101e82639c258a2816f0 |
| SHA512 | 2f1652f4e2522276f0b1c7dcb9db117ceebefd3df146222102016993ade3442da03218b35f0bd3b487327a09094d28cebb80d3afe258be2048b330c1bc1c9912 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\LOG
| MD5 | a439ffcc5cb0ff35b37c7d859506dd14 |
| SHA1 | 14565dadcdeb7dce23a09f822a9687cf17c4426a |
| SHA256 | 9e9eecc4a035c70d85dbabd4d3d3a52768be2deed01aae1e3a27fe1c0de4e573 |
| SHA512 | 467bb2a3f9d8c4473d8f3051241629dd84295e2de01eb274e4584c3b936c05dc4084b34c413919c231f8dd5876360717fd3ae0831c34813f2de88c4dfcc0b120 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\LOG
| MD5 | 58babd491c86e71c938d85252cf7c2bf |
| SHA1 | 581afd2a85f2552158d750ad693414a4d5daea23 |
| SHA256 | 52d69ada6414c3e9fc208db06e55a9147100b70747c4ec24574628abdfe7b103 |
| SHA512 | 7dec97cb6e8d7b3a4cf9f4e0e78e31856bec43d438f4dea55a89cdb0a1e90edf6c1a8f53ab3ff24dee2e1f76a3b46331a766dcf50f05e89b084e1a12140b3bf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\QuotaManager
| MD5 | a8b3c335d6cdf46014d41ce9c0738cbb |
| SHA1 | 5ae66a7dce348c67705201304b55a7e680358620 |
| SHA256 | d1b2b719220fe02c65a983b1fff016af361b1eae4bdcf285a054f42d3833a78c |
| SHA512 | 0675c26a2756eb41e19444c4db32be06aed21b316178e63573cfc8d0d3c7429829a3ee8e9b8c437ef7edce61be19cdda80642f52e91e6bb4ce5088980b7d35a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\000003.log
| MD5 | 7967dc4224c4fde89093b2f09fd68005 |
| SHA1 | ab860a4f12e85cfc4f91ff293a935454972bf076 |
| SHA256 | a1b3a75262e8436e8a0c90a4b3d5379ea0d8e8a42d447970be029b07c8633cd7 |
| SHA512 | ab19ef44579b38c64ee2cfe4df8dd68f2664555b0bbc49eef227dcde444eca4b0f6a366db91fba30b760cb621ab6ce1e70410dbd7869377046532180104580ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\QuotaManager-journal
| MD5 | 8f8b0a9daac181aa77550c295ab400ab |
| SHA1 | 17c7bba09c4959f8f7469e237487a4116f02c80e |
| SHA256 | 31a6656bbe3d7f4fe76d3be48ac88de29db73f5027da6f5e87a01901aec3b570 |
| SHA512 | 526d025d0b8fff8a6597f064a7d14990d9790bcabdc1247c605f0204efe9cfa66ce07d7f188235f7fafdbd84c6293f7c0c0e3174d51812f360d7b7e961d2471a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 4b2c2509fcec57b6021341f330a039c2 |
| SHA1 | d88cd727cdebdaba56b20181028a9429c6d069c7 |
| SHA256 | be9472968d2649a59e398a0411569932c4a24740387ec7c1517beb46de4b0e66 |
| SHA512 | 31c8a4777a910d4f8d0c841fb47cf8ce59d81b0f065e2fdb60b07d00a365e8073e3aa70a6a7eaa77f8ad11cfe36687604cd380f61ad536dfcd184e9bbba262e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 791f50eb5320bd3afab35c2d061db547 |
| SHA1 | 71e1a71b3c3a98f06a4aa73c19b0039d64deaf12 |
| SHA256 | 0c59fa71a1520104fed36a3ee70a17d385705af5de52e07191d2d8088000cf48 |
| SHA512 | 7f6b73cadb37727895d67dbee1768cb9d61e44c4a09ccf22ff4e08f16756c195887e9ec6174b345de6ee458f021eee8f086b7e1949a190f9842b69c3d85ff4d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 814ec7623380ee8a7080829e008dc217 |
| SHA1 | 9bba433b3c93a66c0b9dfcc3c7f3a609d1675f2e |
| SHA256 | 91a6eaa42a6f394cb79b04a124d55243b1e6eff881a8600f07a2d28bb5fd72a2 |
| SHA512 | a95a659e23a0d8a30e59af9ba63973e71420bd748021623bd4f5fd0b78a1d73c11361e143b12a1ec606eac94ba8992efaca90722479d0fc28c5ae464bc8d831b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 1bd1c4bc9fa87990262f4a9a1111a65a |
| SHA1 | 2538415b6a6c0a441238aa4d9568e335dd02af47 |
| SHA256 | d0bcc1e7d64f86c3adb8de3ab115f33f77e4f02ecd04aa9ce5005c793e0e870b |
| SHA512 | 6f3cecaa559934a97d62d84de0655c6d0f7146121a9a7122df03cc1a2298531558c679358add4542555a127c71d0d276fa65e5495c9e11a57272ef717ef8ed6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 39033122b4fc8527bc5167c6d3cc732f |
| SHA1 | 4770f09a6d804523857b01dee97da7c85ac37f18 |
| SHA256 | 4cb0da588b4c31be11b3609a717170df89274b1e515b17683174f42ca618db23 |
| SHA512 | 4944e3b0385c8ed7c034cf5c1ac3efc03e97bb53147c26d3787198889c02ecb369fa8a95f356e5c87bdb4d82b2e2303816605a18405dec45eafc727980b4723e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 903812ab6501865551562164db5aa396 |
| SHA1 | 668d412ca98f0acccaf60778f376e684e46e33cc |
| SHA256 | f5f3bea225a949f5af6e5e26b5f2a0de1f60ffc5225f4437eab8494dcba9dc6e |
| SHA512 | 530d2f438c46cc29416feebc0c7127b4800b1b7f230986f9c4817227a4028019d386953e3b046201f9c35e5d1b086e342d942523d81333fa831f0c89b9bdd858 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 643989d22262669bb4de04edce8ca4d4 |
| SHA1 | daa4009a53ab0a72913ef56beeccad14b5fcfce0 |
| SHA256 | debdb96f4275992324db7c55d44ae1066cec825fd6abbeeb79263050022cf3c8 |
| SHA512 | df10d0670a114c52d532691d16d4d3f359030d80a28261ae16b54f12dbb8120c7ff93813d791a70fad8876531692e4de2fd3c7db0af0142afb342b3d4e9a44b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 1d065a772aba413b9105eebb8035df23 |
| SHA1 | 77e849262161fdd8d0bf186a2e307de9872b9b44 |
| SHA256 | 5fd294eb71a45bdc116bb64fd25e694bdb31f645737be504c86c23e404ed39af |
| SHA512 | b9cbb342a6d69cb661bd7497c40840397e8c2867fa9408e9bcc1abfdaa4f7207218ceb6ab126cf0d7836de2849d7e27c05b88ba2b5d85d786ec80945d2f01621 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | dd9c7f72e429b76b8e94cb6ac7d3b052 |
| SHA1 | 8f5c736ce0f99f8ca9a79ad717c9acf5fc33f0de |
| SHA256 | e20c3102e082a79e862803f38fa9f44ba0d9a369b763fbfabe1f9cadfd62f3ca |
| SHA512 | ce3ef3646d48ce4b94223b5d8bf482f5561bb11db48fac65edfeba25932bddb6bd361b196b5867e7d2d6e6cdbfc642efe101db223dbecffb24aa29b57ef9f365 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 27f806c893e3ca55986b17677440b303 |
| SHA1 | 270750d661c23bde9c015d46cdbf9e382214c720 |
| SHA256 | 1c214772c4124755eee1d4989aba7c9ab09601703e75a7d06687aa7952a0ab4c |
| SHA512 | 6a4c37fac3a9c03977279c24e4925c0ab29041f75e945583f3ea649c9c8417b36bfc94f65bdefa1b7864a068ed13d886196d944e2e146a2ec2c1016f5eedb3de |
memory/3424-715-0x000002C00CF50000-0x000002C00CF51000-memory.dmp
memory/3424-714-0x000002C00CF50000-0x000002C00CF51000-memory.dmp
memory/3424-713-0x000002C00CF50000-0x000002C00CF51000-memory.dmp
memory/3424-722-0x000002C00CF50000-0x000002C00CF51000-memory.dmp
memory/3424-725-0x000002C00CF50000-0x000002C00CF51000-memory.dmp
memory/3424-723-0x000002C00CF50000-0x000002C00CF51000-memory.dmp
memory/3424-721-0x000002C00CF50000-0x000002C00CF51000-memory.dmp
memory/3424-720-0x000002C00CF50000-0x000002C00CF51000-memory.dmp
memory/3424-719-0x000002C00CF50000-0x000002C00CF51000-memory.dmp
memory/3424-724-0x000002C00CF50000-0x000002C00CF51000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8a5d5926f43886ba1e7681ef9d3ea07c |
| SHA1 | e6d9da517edc03c85e21fc6a1410d1009934607e |
| SHA256 | 86db62bd497f818166b0ae00a1b7f118fc452786319b7ea97411e3c45bceb190 |
| SHA512 | 0d2ee432f8259a231888d8246e08dfe674cd4ffa71e0459d2b413c395341f1da444ea1ced01e5a4710137da2801c58d3630f37d7ac2bd707aa67037b61b7336b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 008114e1a1a614b35e8a7515da0f3783 |
| SHA1 | 3c390d38126c7328a8d7e4a72d5848ac9f96549b |
| SHA256 | 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18 |
| SHA512 | a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b |