lumma | hxxps://improvisersmissionjuw[.]fun/api

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://improvisersmissionjuw.fun/api

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://improvisersmissionjuw.fun/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
5036	msedge.exe
5036	msedge.exe
2948	identity_helper.exe
2948	identity_helper.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 3984	5036	msedge.exe	86
PID 5036 wrote to memory of 3984	5036	msedge.exe	86
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 2404	5036	msedge.exe	88
PID 5036 wrote to memory of 3160	5036	msedge.exe	87
PID 5036 wrote to memory of 3160	5036	msedge.exe	87
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89
PID 5036 wrote to memory of 2992	5036	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://improvisersmissionjuw.fun/api
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba97846f8,0x7ffba9784708,0x7ffba9784718
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4906007284361217634,17495110996282115808,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
16a87928da68635803325e025a022928

SHA1
b7a98739a5f10af1e2a78d02ca8457f6351d103b

SHA256
b139179b1c857beb566bcf08c974436501503591a442ab780e556e7603f4ec63

SHA512
8a1b796aa0f05680ec37e8f2bddbe7391912dc2b5efb5e6553bb434bb5b15a83f8affb5e94e4d21e630481a4fa8c04d7ce30dc4175140a69a78bfea7c8e6382c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
566B

MD5
cf2178cca09c9be07f4144b8524a3bd0

SHA1
df985cff2d1e123439c2c8c08ef27c29bf4d4b05

SHA256
2e0c8aee5edd79449fa59807fcedb30c73c266d491b81a7c56005afab1041613

SHA512
7a1a629034974ea18aff92d64541b7c9a5b695a0f71266899a9a08a596d2d015d2b24c8f25d807659ae8c011bbdca131ef651532a6e90f3674c5c9302b07861b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eadc7170b7290a95c860571c785cd835

SHA1
21347912ebec8018f2662f527824a4473e62d284

SHA256
369d2e3baf685e7ad576d9b5c53c5c7873b5371eca5a15984170e68b5f33e0ce

SHA512
22cc7f3ce3403437a1d74a12773cb0461e8402b6f7c09a1b5b5915d8478583e69f38bf21d56769c77b5f8dc77725a06f2add66d4fa63b3649e9ce7b8437b774e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b06fea85076599802f4b05da0737199e

SHA1
151f42b5f58e18e5f1584986a02e065839551c9e

SHA256
05e236a2e2bc6d7179a620368e5b1f74e3391bd01bd2f5d92b775460477101e1

SHA512
6d623e3220aa4fca3b47e56ed70563ea6bd9e94b8d10b3abeb3f4edd2a2e2ce7f2dc125179474b328a96f799922d20a8147ec494eb651f744e70128ab9b119aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
579f7238aa82c42647abeda6c60428b4

SHA1
d1887d0eee07c8f380719fb0848f96a3fac19e32

SHA256
2b353e9705a804b9552e4fd46979eba6d0ae19b3cac867a04dde5fc097c1c1a4

SHA512
2049d908a0d10db6e1d91fcc3d21cc2d3edb933b3496992b4cca9ac90e6da2056120d220dc34c0dd0f19597d60dd6d24f7d2827c7d45179ede8d0879143d0434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4034b03f53962f424dc7b7c52dc5c2ad

SHA1
0c3f1f27ca63feee139c433c82329a1b6619e7b2

SHA256
df4bc3878c7c80a46c433df51006a92b5ff45d7296b0f01c99366c14fa360e4d

SHA512
e8281307bfae498006cc1a785bd1b667f451f327bf893ae3143e6740fde1708e91d93d217907aa0cb5cb3d2ffbc30bcf1f10aafa3ef4f903dc5b56f077225bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3f5a611f3121eced8dea0f14a27cbeaa

SHA1
81b13626c1dde45dbd242d66a7eeb2851f1402b4

SHA256
357d70226b43ab6eba9763007853eb2470e3cddd1a0dd7ff6cb4705a63202111

SHA512
9a5172c85411dcaca446ba2b003d68c0ea21a284ad40e3a5782b58324b41bf6e4c6e3c3eabbd2f90ce9a4450fbe93d68e4aa68db74669d1cc372f1a66905d04f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ff0635a27809c9c6528776c94c0de95b

SHA1
8458ae77fcf94669274b47cdce9fca9ad7967eb4

SHA256
b5af77de5c3718bfb65ed53fcf3c3d624463eb9bbf02618ac27d743215299bc3

SHA512
ec6007ee8cfa0094ee07522f6867b1b17f3361c3f3a8eb47359960a113caf9063f6969b45cd936c74536ba5b0848382c6a0bf8295ba5c010b6122ade2958e7cd

Download Submit