Analysis Overview
SHA256
b4d41cf83f3d337de9166ad65ef9bc7cff2c35191ab0538109fffbbc82c7d53e
Threat Level: Shows suspicious behavior
The file PrismLauncher-Windows-MinGW-w64-Portable-8.4 (1).zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Modifies file permissions
Checks computer location settings
Detected potential entity reuse from brand microsoft.
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-02 16:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 16:10
Reported
2024-07-02 16:14
Platform
win7-20240508-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-02 16:10
Reported
2024-07-02 16:14
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -Xms512m -Xmx4096m -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/link?otc=8VGRJ24A
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb37c46f8,0x7ffcb37c4708,0x7ffcb37c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13840731044744909840,1041054733758823215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i18n.prismlauncher.org | udp |
| US | 185.199.108.153:443 | i18n.prismlauncher.org | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prismlauncher.org | udp |
| DE | 3.70.101.28:443 | prismlauncher.org | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| BE | 23.14.90.74:80 | e6.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 28.101.70.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| SE | 40.126.53.18:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 18.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 8.167.79.40.in-addr.arpa | udp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 198.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
memory/1904-0-0x00007FF7017D0000-0x00007FF702485000-memory.dmp
memory/1904-1-0x00007FFCB8620000-0x00007FFCB8C43000-memory.dmp
memory/1904-3-0x00007FFCB7870000-0x00007FFCB7BA3000-memory.dmp
memory/1904-4-0x00007FFCB7E80000-0x00007FFCB861E000-memory.dmp
memory/1904-8-0x00007FFCCCD40000-0x00007FFCCCD6D000-memory.dmp
memory/1904-7-0x00007FFCC8560000-0x00007FFCC859A000-memory.dmp
memory/1904-6-0x00007FFCBF310000-0x00007FFCBF371000-memory.dmp
memory/1904-5-0x00007FFCB8620000-0x00007FFCB8C43000-memory.dmp
memory/1904-2-0x00007FFCB7BB0000-0x00007FFCB7D83000-memory.dmp
memory/1904-17-0x00007FFCB4940000-0x00007FFCB4954000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\prismlauncher.cfg
| MD5 | a6dc16331f06bc5831e5ddc9799284ec |
| SHA1 | d344f83d549df8c3e2c959182ba37f8c81d885a5 |
| SHA256 | 9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807 |
| SHA512 | 43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14 |
C:\Users\Admin\AppData\Local\Temp\prismlauncher.cfg.lock
| MD5 | 98fc98abd38cf5c7c25d8a80467f2800 |
| SHA1 | e72201511bc82550f0221e4745a8b6dfca97a9bd |
| SHA256 | 49993d4ab763217a170ec9c0fe44375774b08574df2b0f8787f9b9cf75f5a3b8 |
| SHA512 | 88d688c2697eec6c22b8f945c35df974525d67790bbf85392db0cf91d27cc5233c4a0712d8ca45d51605063a45ce226a0877927c9c95d1f6310e735b9a90066b |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 65da1f88185d3338a03e1522cd07fc5a |
| SHA1 | 62582fdca52d770342f9a991b359e2d0d4b6e85c |
| SHA256 | 20e59ed60a380e56cae946844ec8e31fa3bb9725503a182ef0a5774fece88f88 |
| SHA512 | 6c7e5bcd6c4453ce7817d38d6788c22c93d8e4c1f87a0e97033d348b9a5016d89c04f5fdc603a187917bb5234dac687c6516d48ac51bff5dacadf54079145eb4 |
memory/4772-87-0x0000020A2EF10000-0x0000020A2EF11000-memory.dmp
memory/3404-86-0x000001B544880000-0x000001B544881000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | a2769af9b5c61d3ca2d8529c32fb712d |
| SHA1 | 3619859d08489323d3edab7cb5745e866841cfb5 |
| SHA256 | 7cd1e95e717f2c8e532875da83841007896aa04e325d5aa12c4ee85a9ecf8db9 |
| SHA512 | 88c8ec1b63214a5505135a4d1eb38ca9f78175a5dc5addccb4527e8a87505f121c916d0f40b4ec43cc2cc740a9d55ebc115531c581b17a335a81c2d58d631ece |
memory/3792-89-0x0000017CE31C0000-0x0000017CE31C1000-memory.dmp
memory/4648-88-0x000001671DD80000-0x000001671DD81000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 5dbfade63b0f48b8c1fb761e9233d04c |
| SHA1 | a2e288e4c60275eadc64d8909410485c484c21b9 |
| SHA256 | 1faab8e056037bc9a9b4e55826482f827e74f980df94ff01cd865dd2bf4c6d5d |
| SHA512 | 38561975bbb3c0403bd5f48a324d8cfd6159c31fe5818bf4b0c95e21d7c260ee820dae644d276c0a7b25f1398f3f9ffcd004a371abe7e6071f54822543ad2123 |
memory/3920-106-0x00000236CCD00000-0x00000236CCD01000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_3892_UBYHXUKUGXSTSDJX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 92c8ca9d0fc8ce4d2e05753728ab3616 |
| SHA1 | 8a09138b044562cb5b04e7c1f42f6155463fd1ff |
| SHA256 | a77beb5f7c221808154a25b9b8ab4d54327426611bf42e1c5bec15cae7510adc |
| SHA512 | b4af288f08e6ea562cbaa5be1d9e93d2eba19a13a2c024d6bd05a9dbbe567352bce59192ce5ea258f278215f61a8e432e476fe6510e78e25de3a1b945634c7e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 75f75ec4491a843c7ec1a36dab5ef0e2 |
| SHA1 | 43b55f9c9c253a7f581969289cd2f25ac88fa2d3 |
| SHA256 | a3c6be8148e24b6b3cfb21fde5dbec0814b9620d2eeeaebc4993bfe61c9dd8d9 |
| SHA512 | 1ba422d6d051e6e8f9a02d71088ec2d3478163d9b30ce38088de7ec648113270e48ec9ff12a223a167cf595d0cab3444c6dae89d32f5735261f01a15fc20de16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 06d91881147cc2fc4a910b2505812998 |
| SHA1 | 0d3e709d8fac47635ae9678949dfe336454e1fe0 |
| SHA256 | 617c28afa2ae9b33c158f926a9c35155e8b1303fa155987b219d8253d752fef5 |
| SHA512 | d910657bfe66bff5078e265e54e49d5fd4020435627e0ae15a1fbcfab480ce5a57517798b674357baf875299742a04eb88d19c60a81650cadfc198900ee6df3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5845af.TMP
| MD5 | 3c73f359101108398780d1de1c99af61 |
| SHA1 | 16f0cb16723bc89daeb29a2822a05719129f59a1 |
| SHA256 | 39542b194adbe7f1cb13d7f09096d04d8b64d4a450ba8167d9d77a50deac4101 |
| SHA512 | 85b68db385b58397750f85d84db750da1d733af8b1934bfb6839467c5b04b8c59a8094cf853f15cf321fae7cf1c41fd54280729a621e3d24fd563f5ee31a6ed2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 29b86157da71139ad4199d163598bb6f |
| SHA1 | ab7c03f31a26041c5e69c914c94c0c360b04ab88 |
| SHA256 | f0fb8ad98b9cda1200a6ad0b9dca833fc4aa2560b9eaf59d71383cdac29583da |
| SHA512 | 03cbd4af28d9421200d61a1e2eee6b87778b6b446e3a3625985cd7c400d9b2eb2b85e5e82901f77502f6da5ac90886363445567b4ec7f5760d6152798b0f8853 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c9597f701d011c72caaea13bc51710a3 |
| SHA1 | 9b33244f82c4c39d8d28f3f9bb50c760e326a6b2 |
| SHA256 | 1c509d868989412819b98932b62d722be4fd88be59341c7a0651737800dafe2f |
| SHA512 | 0965ca3b12a42c095f2196378eb986103e5a9aa501bcd58837e2d35d984d77697470d4f05b865fab04897bf88b938d8f19b5e5f9f16ced5a0879a45922299060 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6272d8efc5973258ec201d62917c7944 |
| SHA1 | 6ff8aa4629a9cbc9249574b78689ab74b605f91e |
| SHA256 | b5cbf9ca992092228e368efc7ce97a3e0e64d83700a1beb979807c98b6645809 |
| SHA512 | b011780bde18435aabe27de88c436dab58d640dbe3fb0a7ebc3d461efde86f98531a6bdca581b5e80d513148e7f273ef701af8c87fdd0c99d6df24c6b77a5573 |