Analysis Overview
Threat Level: Known bad
The file https://bazaar.abuse.ch/download/7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e/ was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Executes dropped EXE
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-05 22:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-05 22:29
Reported
2024-09-05 22:31
Platform
win10v2004-20240802-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Discord RAT
Executes dropped EXE
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bazaar.abuse.ch/download/7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0d7746f8,0x7ffa0d774708,0x7ffa0d774718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\" -spe -an -ai#7zMap27390:190:7zEvent2548
C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe
"C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe"
C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe
"C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12608955915706892052,5148738657484746329,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6328 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.130.49:443 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | 49.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.27.99:443 | www.google.com | tcp |
| NL | 142.250.27.99:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 97.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.27.250.142.in-addr.arpa | udp |
| NL | 142.250.27.99:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 94.102.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.130.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 162.159.130.234:443 | gateway.discord.gg | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2dc1a9f2f3f8c3cfe51bb29b078166c5 |
| SHA1 | eaf3c3dad3c8dc6f18dc3e055b415da78b704402 |
| SHA256 | dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa |
| SHA512 | 682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25 |
\??\pipe\LOCAL\crashpad_2372_NVPOIFAWBYBOYKNI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e4f80e7950cbd3bb11257d2000cb885e |
| SHA1 | 10ac643904d539042d8f7aa4a312b13ec2106035 |
| SHA256 | 1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124 |
| SHA512 | 2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | afd4ea82dc138058b4e13977475dfe08 |
| SHA1 | 22fc9573c025ff5e0cb4c3b6a615ff82b15301e6 |
| SHA256 | 20db758033e05861ee020193ed3a5b4e4822d039a33ede1f4489d75359df025e |
| SHA512 | aa48b8682fa6a3ddbba7cb5742b131fa2aa299e2780fda14ceb4061351c23878c31346ae424397a5b9f54b93242be3574c439061642b86473fb231d0078fb03f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | e7226392c938e4e604d2175eb9f43ca1 |
| SHA1 | 2098293f39aa0bcdd62e718f9212d9062fa283ab |
| SHA256 | d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1 |
| SHA512 | 63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4815f22fa2a642a20077952c8b1c5017 |
| SHA1 | 9b75872b645780bb0c4797ba659dc216a62301a5 |
| SHA256 | 501a14d127a3ffa295bd2e27d1da38bab5050172ed813e3eb7a0435a076f3c70 |
| SHA512 | ea9fa46f495fbc5ef620b57f2c27813877964439785dd3f4f90a45fe97b75eca755d40b1d6f44df8bc6267638bf9b7dae0507e755472d6c1a902b266544f1f31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 83886a8a696bd07d5a14edfaa0793ee4 |
| SHA1 | df7a7a65de2f81c826299710821b5659f32b0e6b |
| SHA256 | 3d6b8b2832c189a215690677317895002ec0ea15bc66862037b888ec11cab3db |
| SHA512 | 5134102196b3cf115bf4793dfab01a398d3b3002be065a561a7888204ede3f99cd29d8a382977d797ec0c1bef3ecfbbdade1717d9978adbfed53605480a93a8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 767fdc92b6c4461124bd8b209b529a49 |
| SHA1 | 29cdb1ae8c0a0f1e2b55eb6413ce310c0c96247d |
| SHA256 | 85d73b523f9e8db01ee25e076b0f3644990885c3c0c74b23fd3f9d3f1ad0d8b3 |
| SHA512 | 04db31590776bb64f9e88ddaaf67a93b33d7517f64d014152ebd2a899363a3f92bda6725f68dd854d7a06940b1d06aef12880a320207925850247f0c605d965a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d63e2136505316c449122d7663e3a91c |
| SHA1 | 241d7fbc6565e01ace82eee3980747db43f1df86 |
| SHA256 | 9ed4d0432713d3041bf0fa0e8d5dd93ec6e5528f12b2114fa38c7244ff8afd4b |
| SHA512 | f351d03d6b5831c642b31bd1ced8e2c5491fec9a5aecc1ccb5272df6a049c2b5daebf316f3550dc1ad5a7fcbeaf5ed0e4e04a2e8d37470b238457ab43e1f9541 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | be08514fbbb17f2d5e9acc2e0522014f |
| SHA1 | a4befdbcb39b9671da5f8b7f18dbea38a8b42c06 |
| SHA256 | c1827a367377046d14ed4ed0bd38d9edbbd297cd7feb683c55446728fefd714c |
| SHA512 | b17995f913ae0910e53f182bd9fe7dbdb08583261570b666104ced0e1541a14a8ca015f87507f32930770615a67eea9b4f6fbbf7cd0efca4fb916179f1d8dd31 |
C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.zip
| MD5 | 645437b685db954ab24695726ab9912a |
| SHA1 | 058357f7fe64adf945e1404969076a84bc41b559 |
| SHA256 | e27a918435c4210ac6b17da6dda9b9dfc7f1a9b86388d88ce11d9241781c32c6 |
| SHA512 | efac60ef1a596756b7fb13cdaacf034b8db56ad254732752aca8b3d4b06dd6e65e02257e5a11e51aff055f1df38aed0f8f5a18ef90bcd51febd3e606c473488c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c910b54e6bf97b8113b40ffff3505f9c |
| SHA1 | b55514aba052635bc1f9478272ffcc66c32d1eaa |
| SHA256 | dfa9b77bf7510494c7ae09ef304966173fb950cb9896c2695617a192a7fc1ddd |
| SHA512 | adf72db99cb9ef5309bca685ec8239fd5547c4fff490ed8079bd2197ecd1c87c2d91423dc167afc4b2ef40713f294427f23357a6336cbe4da3527b003ad32188 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 488f24b790c861a971335407408cfdb0 |
| SHA1 | 9dc0f1be78a6b1b96c244d1ad1bbdf90d504c527 |
| SHA256 | 9d5cf3efb49a7162866d800ce026c362ce8a788d79dbd7d337923a62ae9fd60a |
| SHA512 | 58aab3b057dbbead46caf3be5c79b19aa141eea7d0f1d7e807191b06fc29c4e1c4b9b354d1068667f61e10f34c2e7687890fbb17d0ab944489ae3a47c4ff19db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59065f.TMP
| MD5 | 010d090f21c366ca57e5a05cf914f095 |
| SHA1 | e92b68f720daa02f57c56e091007b32c67c0c4a1 |
| SHA256 | 6eea85b6cbf06e265403ce3ec575641fb3d0f0064a2366650d1d4a14b756e4da |
| SHA512 | c88bdb68a1ce0e50bfe012db7f59ac0652b5f4429b0112bfbb6592e05ae9d23c6c5e08d86f81df48f81867b7bbc3413b5c1b6cd823452ca3782d02d69568b895 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fdff7ede4971ee6ecff1003d4d49dcc3 |
| SHA1 | 6c2901b06dc2e84307f413c2eb1e7c6588bbac47 |
| SHA256 | 6077cd0e64bfa55f53031b4802360f9be28666ff747b3928efbe37b70c399ad1 |
| SHA512 | 3feff131207b94044c3711abcab908979b14defa361f38acfcea2911efcbd14e56f01389f35342c93d9fb93a4bef565fb849489be2003fa8ed9cbf13a3d778b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 880a510ccfb5defbc817a512e0c1f270 |
| SHA1 | 37bfaec125e3738e8068f5c028fd53a6ea75d186 |
| SHA256 | 7434dbf46dd4c740ffe2a25ebd8ac08f24917678fb1b072821ae02ca947ff347 |
| SHA512 | 32dfef478eeec4e66c1a584c8f60d83ecf10a90ac99235b4ec0108e2f9d12b1654e12b7fbff064cf4d8457b82c110fa0f8b2b4bd132e7b3a376a7bda2e08bd05 |
C:\Users\Admin\Downloads\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e\7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e.exe
| MD5 | e90737cd3bfe5407b6a79c0cd491a2fe |
| SHA1 | 5bb9667c0f18fe6aa36b7a9c6035110a5efbb541 |
| SHA256 | 7388c664fecd46ba3176b1e55a873b5aff6d0713144ee3431f2269af4bb1868e |
| SHA512 | 85c4be4deb507525b5c78df9d029d2fc7805f1bab2978cabdf541b2f24bbc32a8b310553a0802a8768673ca08cf4adf1938659cda95019b571c54a8815bd50b1 |
memory/3968-248-0x00000139549E0000-0x00000139549F8000-memory.dmp
memory/3968-249-0x000001396F030000-0x000001396F1F2000-memory.dmp
memory/3968-250-0x000001396F970000-0x000001396FE98000-memory.dmp