Analysis Overview
Threat Level: Known bad
The file https://github.com/valinet/ExplorerPatcher/releases/download/22621.3007.63.3_1517de0/ep_setup.exe was found to be: Known bad.
Malicious Activity Summary
Detect Lumma Stealer payload V4
Lumma Stealer
Downloads MZ/PE file
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-21 21:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-21 21:38
Reported
2024-02-21 21:43
Platform
win10v2004-20240221-en
Max time kernel
114s
Max time network
112s
Command Line
Signatures
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Lumma Stealer
Downloads MZ/PE file
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 430559.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 229215.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 504955.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/valinet/ExplorerPatcher/releases/download/22621.3007.63.3_1517de0/ep_setup.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa607d46f8,0x7ffa607d4708,0x7ffa607d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2564334332846967860,15483215196349818535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 25.63.96.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 4.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | feedback.smartscreen.microsoft.com | udp |
| US | 23.96.1.109:443 | feedback.smartscreen.microsoft.com | tcp |
| US | 23.96.1.109:443 | feedback.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 109.1.96.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | securityintelligencecenter-eastus.azurewebsites.net | udp |
| US | 8.8.8.8:53 | assets.onestore.ms | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| GB | 104.78.177.227:443 | www.microsoft.com | tcp |
| GB | 104.78.177.227:443 | www.microsoft.com | tcp |
| GB | 104.84.71.30:443 | assets.onestore.ms | tcp |
| GB | 104.84.71.30:443 | assets.onestore.ms | tcp |
| GB | 104.84.71.30:443 | assets.onestore.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.177.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.71.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| GB | 104.78.177.227:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| NL | 20.50.88.244:443 | dc.services.visualstudio.com | tcp |
| US | 8.8.8.8:53 | 244.88.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b9e3e150cfe464e9ebf0a6db1aa5e7a2 |
| SHA1 | 3cb184e2781c07ac000661bf82e3857a83601813 |
| SHA256 | 2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc |
| SHA512 | f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039 |
\??\pipe\LOCAL\crashpad_4536_HJGQAWEPIJDNYFQD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e189354a800c436e6cec7c07e6c0feea |
| SHA1 | 5c84fbda33c9276736ff3cb01d30ff34b032f781 |
| SHA256 | 826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427 |
| SHA512 | ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16ddabb17b632f510a5c18cb926e76a8 |
| SHA1 | 164a2fdba9c983d8fc129b9c4ece4905250d31f0 |
| SHA256 | 6ba1c5cb5cd629d195a2a34d9e0cc8d419feafce8067cef18c92ca24ec68cd59 |
| SHA512 | 37d1bf929ad0737b82802f8bf7fef0de0d1b8cf0a46e86494783f684736f0550be3d28f12eb87172993fe2554f688c96f06c786a6dcd77b2638b37376c6daea0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Unconfirmed 430559.crdownload
| MD5 | 1c4d3a61c9fd1d7ef30201b0f22c6c26 |
| SHA1 | 69dfbdd4d3756eeb27f8f845a842b6bc57c83388 |
| SHA256 | 0826fac1b0083f50cb1e09f2e36c292372b93ed52ef9cf3c23eda6c4943fd8be |
| SHA512 | 99adede47f6030bfafcf5fef9d3f0059a6094e5987e6c82d73baf44f1d65e4cf55ee49d6d31e72ecb562cc0432589d45a202595ce2b472df89d4ab6e3cee9fb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d1a9c674c8f83c902f9c158fa3c55af0 |
| SHA1 | 1cfc4f726b984bb21b8c5a399571992e71e0a18a |
| SHA256 | dfff5f07f5eb3a71f5850e68dc0318ee3b906cfc66d44053e56e416d3efbb3e4 |
| SHA512 | 2bb201837cbb5387c906e43afb0cc310dc855cb3baca305e0d40660a83b508277122dfcf58fce96fdb62fd52d3633da23b4b6cc5d1c2e54049055ec2b4587581 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68d2f2d46b869192e74b4b9f44fe461d |
| SHA1 | dd226c234be9a91d8dbc66f1f47e9e54d3a63bc1 |
| SHA256 | 32c402f0fc80b716c1a75d74a88a77ea29d893b5896f98a3d5a657256bf22f7e |
| SHA512 | 0ed51149669d44424ea66327e16f9aefe7873e7f69b890986dc7eb395c4badde704c90cda3d3f9b0fc7c5cf58640871e58d8a5f32076a5ab1108f4ae6061ed71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 18a948bf098e5f34110e6db3ef01172e |
| SHA1 | 29edb9991a1d1a6bee3b79ee6ddab82984b2769c |
| SHA256 | 771331fd0702193384b864433e9e5e01ec0b94ee60b37ab96788da90976bebf0 |
| SHA512 | 295952bdb5df70db5328034086a7a4fd2306fdcd81cc793604906d3fb58d2726fb1434b4ae31436e5df34172513e17114e11805fac3cff2e59d69b01d92d45db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b26752f82245cf92f5174e7d1894ebb7 |
| SHA1 | 314cd0847e5c16c321a575bf598ed9619b08f31d |
| SHA256 | 86d9e1678c542b27118cfc751f4cf51aaec95e2e22946edf4ecbbcdcf638f488 |
| SHA512 | 225e9be50312b80281b1a1ac9629d9124a80855734ac4f3162740477af5a68ecd093c61a3cfc2fc682b68fb390358cbf4d3dc019dec785e0dc4223378cb2c84e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2c9645bd9f7d840d5980194a5fa507c2 |
| SHA1 | b7a83cd1fb1b4236f5d92ab8f632f06cf863b0e6 |
| SHA256 | 916aa32a0f9cdbe6ed0afd524b54d74cccdc98b8a54d53221918fd03e9382b38 |
| SHA512 | dbabb5621a57f4901da3885e64c14e0343d54915f853655d088e2122d6c83eb65e278c81fca28fab1252c8db48b98abcaac76e70ca977f72b9b033655601deaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ecb5dd59441df63e01df1d171f022683 |
| SHA1 | 694c4af099c5f4560ace7a1963af471e5d8d706b |
| SHA256 | 88342cae26631796cf63343dc73c498efb42f65cb0f4bc543425858c3a1089bf |
| SHA512 | 1d3b3edf7feb47a12db715530b46c9d308ea9e69e2307bedb5cac2ce52be33e224d1e8d625138843df71524c5e6ed0e1d9dd3af832a83d1d12fa52c96105c592 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d38eea0bc81a6e09dee05a9d78ae1dac |
| SHA1 | 9faa3fe5f9992183cef53b4ef1721158d8f937a4 |
| SHA256 | afb2559245a53a4da3f38a572d96a1072ca0fb0b049511499492ddd2063945d0 |
| SHA512 | 9e89717d76403b4dc66d7a9f1e7c2f91879a1917509c80e58b6ceb1eb3084ccb54efcb5a5b14ddc078e64df4cf38d6a354556a66c035cc6f92b34a6816fe5036 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f5cd008cf465804d0e6f39a8d81f9a2d |
| SHA1 | 6b2907356472ed4a719e5675cc08969f30adc855 |
| SHA256 | fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d |
| SHA512 | dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 345b355ae75be905adf8c1e02efeb699 |
| SHA1 | f42176b434b58fa4a6bb73478418a54dbcb730dc |
| SHA256 | ac30e4a51b424d938e21ea9d5c6ac25699542537682351cbd78d6fc6e9924389 |
| SHA512 | 76663b0019d67930b6d33c670cb17af14c910bf0f179139bdce4ec5387834221ae4281cb9677bf80ba9d7d94ac2273ae0a99ae785e5c2130979bb161b163e43f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7a638d41c9e1adc074beeee90b2b15cd |
| SHA1 | 7adb50d06209e6b34061c25547d39b92182079bd |
| SHA256 | bf87db23255f09358dee8d7beb9a7fb36a73f2b21af47cd8a47e3f311b707bd2 |
| SHA512 | b9790c386b5ba4e933f95fc36fc19507c351a6bb85d8f6e6570d599d5dcfd0a6a066fbb7a24700faac7a55d1f99787b41127c525b071bec6aef418e49cc6e749 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ffd477ee9c7c42e749f905b133d8226 |
| SHA1 | 57d7f1a0f3a010e78e90cff34be317ed1e6e772f |
| SHA256 | e4116431b0d1463b8b65547948c97090a315d158915a5842a4550e187e79771a |
| SHA512 | b008d2ca1f657a34787271fee759c52432ae41cd5f86e0281b653105568aced32614a4f1e5f4163102aac125ea178a752194679007be8182171b38c8005e845a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b0642b1ee52c9bc7d558feaa27790b4e |
| SHA1 | f183d74cb470710fb0237bbb5b8d963836fabee7 |
| SHA256 | 781a50e41240a26573d4b09b9b446ba96c77a82dcbc4861eb64e2c78ee6b92b1 |
| SHA512 | a04fbb58e5548255ef145d6ec73087bf9399e2b58c29e85fc6d552ef9e0c14a13918499af779ddbc78c0bc94cd8c2dcc791efcc567410ddf6db98500e19bd0fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 40db8cb7374dd39a9ad117c0f1ceeb32 |
| SHA1 | e9fdef95e7b5b7649d9fe92ddfc74f98bd06f667 |
| SHA256 | 6d54d055cbf71f6daea56acefcc9b4bd8e2ab1ebddb51d56b3bfb987e1f10654 |
| SHA512 | a88bcd5741983dfa72b6c8f0e9d81e834197ab94681063f858ece26e6feafb0b8a3c03bc97d56bfc1c950ac15b1fa7d642e8f79720345921a41d6a794e5f5659 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cb92ecb114f192e8c64515b63b6f3c3d |
| SHA1 | 7534fd5964262bb656f965d34a65a1f9523a5bb7 |
| SHA256 | 643c1074999bddae3edf8bba30c02bfcd41078519d552d54a7c2f0413dbf4e15 |
| SHA512 | 566b8f9dcb104c49239321b16d4e4b86412110d99b7530a6baec614f62e8382c7b96a71f224e76de61f6d04c0acbc53ab130952c0d3f74cc4447d644176c380e |