Analysis Overview
SHA256
61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
Threat Level: Shows suspicious behavior
The file MEMZ.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-11 06:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-11 06:55
Reported
2024-11-11 06:58
Platform
win11-20241007-en
Max time kernel
124s
Max time network
125s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected] | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\MEMZ.zip"
C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]
"C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]"
C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]
"C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]
"C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]
"C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]
"C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]
"C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]
"C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc49f13cb8,0x7ffc49f13cc8,0x7ffc49f13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1768,3145324567595569133,16604325015628486310,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1788 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1768,3145324567595569133,16604325015628486310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1768,3145324567595569133,16604325015628486310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,3145324567595569133,16604325015628486310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,3145324567595569133,16604325015628486310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,3145324567595569133,16604325015628486310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,3145324567595569133,16604325015628486310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1768,3145324567595569133,16604325015628486310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1768,3145324567595569133,16604325015628486310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc49f13cb8,0x7ffc49f13cc8,0x7ffc49f13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,3145324567595569133,16604325015628486310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,3145324567595569133,16604325015628486310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zO89DCD597\[email protected]
| MD5 | 19dbec50735b5f2a72d4199c4e184960 |
| SHA1 | 6fed7732f7cb6f59743795b2ab154a3676f4c822 |
| SHA256 | a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d |
| SHA512 | aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 051a939f60dced99602add88b5b71f58 |
| SHA1 | a71acd61be911ff6ff7e5a9e5965597c8c7c0765 |
| SHA256 | 2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10 |
| SHA512 | a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f |
\??\pipe\LOCAL\crashpad_1532_JGVNPHRDTLINXQFC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 003b92b33b2eb97e6c1a0929121829b8 |
| SHA1 | 6f18e96c7a2e07fb5a80acb3c9916748fd48827a |
| SHA256 | 8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54 |
| SHA512 | 18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0967bf4ea2b719687da818e2f5f16d28 |
| SHA1 | 52e23aab2db25a08281d064846247c1470df923f |
| SHA256 | 45eeb9bf5a306eb4ea47d80b2fb1d2a905ec92f593bc90b4a0fb622052330599 |
| SHA512 | a2b565b294ad7f168fa23e84480c1cab2f9201fba3b65023f5d3f1c2d9f007b678f3eb62ad66ca2241ec800248193a6963ca6e2c27dd7bb57a17d29a0b4e17dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fc0b9ac3d78a212196e8a1e5d27d7e0f |
| SHA1 | 805e10509362d26a07519e752d76355d2b1511d5 |
| SHA256 | e4cfd79c285e67073bb66231fdc4d6d1109836737ff9c1e9dc25e23c38c8c20d |
| SHA512 | db3dbb0386b4d1b992696b2024b78468f15d945beb0133bf8ecec221f99843f5372608904c82a70665402a596b200d95541ebcc34cd4fe8ae4c8a66d9b546039 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4ad99d4a8538f489f260bb785dc3a830 |
| SHA1 | 09e6a6fd56190525fa9684797b9df0cfecec4819 |
| SHA256 | b88503b3b11b8e2a1265cb7846aa0b28dc3c4a8fb734ff38cb16e330f786bcc7 |
| SHA512 | 0f4044c1b4580020795ca2ffcd5df19ef40a883d24c988384429b1c220cd755d976dfbe9043427e978512c598bcf5a3275d393e44d0d3704becb68e407f344ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 10866187f5675415df2ed52c5e210c6d |
| SHA1 | 0fe4abc882bbd537acf4044d18e9afaa04ef2abe |
| SHA256 | 60b395b02f574c2fff532a0a4618e5e925ce7784e7473291d9f9c310d5442b8a |
| SHA512 | 6e0ddac3b131e9a059ef94934f38547bfc42e659e3c7ed2eac44f055e42607924c9c57f6fc29793bfd859a887e63727b0fdc156f34144911ee4f0e281581c648 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8a33ed26d9e3079df24288c85e9235a1 |
| SHA1 | 061ecf7086aed7f1d946fd4408aceca30724ca83 |
| SHA256 | 20847fbb08d78f3044d315938d568e65c14f7e446036a8814f3ea9d897cebec1 |
| SHA512 | 21da10fe5154372098c4033fc4acf5b31f85b427828c3832174b7026eaf6e642a07ce87038718658b032df73910118bb9e8a0b22fb054486cf77f3740be64843 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a3a5cca2e54003e7cc4781fa24da09c0 |
| SHA1 | cd70c79e1b4fb25538aa3a100086554e8fd3b542 |
| SHA256 | 4b0f740234627f7d2d2989ff7f636452cbc6f4df62bc5fe824ef25d2b3a2f5d8 |
| SHA512 | 0c7c3affab876c1abe94123a327234d43567c8734e0334eee71224514dfbf73c2e31416037867fc18f29e9bd593f8cf12b2a12c94799e18aaee6f76319476fac |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 0113ffc8573c06753aae15c98b7f0751 |
| SHA1 | 51d4030b440a718052441c75b403b6bb52ef3c73 |
| SHA256 | 1e093ef3935f1682417c4c535a3b3abcf858399b8715dda70e510edb7117848f |
| SHA512 | ce3e27a752c2a0e3fd6410066be5b8f2ddf753d19457807dabb89c89902ab34210cc2440f6d746b190c0a0ca6d4d41c38fbc4dea626ae202af1deb4ca17584a5 |
memory/448-168-0x0000000005940000-0x0000000005941000-memory.dmp
memory/448-169-0x0000000005940000-0x0000000005941000-memory.dmp
memory/448-170-0x0000000005940000-0x0000000005941000-memory.dmp
memory/448-174-0x0000000005940000-0x0000000005941000-memory.dmp
memory/448-176-0x0000000005940000-0x0000000005941000-memory.dmp
memory/448-179-0x0000000005940000-0x0000000005941000-memory.dmp
memory/448-180-0x0000000005940000-0x0000000005941000-memory.dmp
memory/448-177-0x0000000005940000-0x0000000005941000-memory.dmp
memory/448-178-0x0000000005940000-0x0000000005941000-memory.dmp
memory/448-175-0x0000000005940000-0x0000000005941000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b83b7932833539b1aad7898487db92b5 |
| SHA1 | eb9cabb933cc3ad91e8d7164a0fec479c3f7c039 |
| SHA256 | e8100fa5f98cf395e6c261716b07e93516df8a3caef9f67a082ce80103b64e8d |
| SHA512 | f3d43e8ef9fb7316d3dd21f2216daaedcdaf9d73e22ab488263a2886860d6ed5d191f3a57697eb3b7f0110c7e9402345efb1e1563522425b8395f13756b91ea1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4819b4f8ff7308540de36274fd7784af |
| SHA1 | cfea1e6e4033cb11ba16d399cb33f9f0d9798a89 |
| SHA256 | 91b1172cf9beb04729edebe1f9a1ca8bd092bcd684504996d8626344021d8672 |
| SHA512 | ae7fabfb572ba027281b4bf360647b55e8abc7da6cba163b802f264b40ed15b4e9d178817b8842d3b5c26a22f9505c224c8ec29338bf01a5f1360f9a7febd669 |