Resubmissions

25-02-2024 20:08

240225-ywzztsbg51 10

25-02-2024 19:49

240225-yj4r9aag68 10

Analysis

  • max time kernel
    212s
  • max time network
    222s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-02-2024 19:49

General

  • Target

    GENP4.2.exe

  • Size

    104.5MB

  • MD5

    52d11dbac46ec385e0a0860cc4f4d5ea

  • SHA1

    1f7ef23ae7036105f4408de7ad3d7ff32ca5d824

  • SHA256

    4e756fe5adb15ac6a8fff1a1c468e1335cdafd085fc749c177b3ad792a289cf5

  • SHA512

    2f2b218fccef32e743ed2fb9a1d40b99a8c75b5de3dcc315bd63cd4c5d825402aa41f1806d372ebd6d94668958b7f8d7b39bfbe600f8fe4b13a7efceb8f4d4e9

  • SSDEEP

    393216:v3zalStgJgk4BmIlKNTFhVDnE8xqq1qgi7AESG7AZ9bmqvg67Mbv6H:v3zalStzk4gIiTF3E8xqTSxZCLbvs

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://legatorypluralishrtw.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe
    "C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      2⤵
        PID:3448
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4044
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
        1⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3992
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8701a46f8,0x7ff8701a4708,0x7ff8701a4718
          2⤵
            PID:480
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
            2⤵
              PID:2768
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:3596
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
              2⤵
                PID:2788
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                2⤵
                  PID:3828
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
                  2⤵
                    PID:3584
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                    2⤵
                      PID:4796
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
                      2⤵
                        PID:3712
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
                        2⤵
                          PID:2440
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
                          2⤵
                            PID:3560
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                            2⤵
                              PID:2284
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
                              2⤵
                                PID:4816
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                                2⤵
                                  PID:4088
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
                                  2⤵
                                    PID:3648
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 /prefetch:8
                                    2⤵
                                      PID:3336
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5768 /prefetch:8
                                      2⤵
                                        PID:4736
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6312 /prefetch:8
                                        2⤵
                                        • Modifies registry class
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4536
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
                                        2⤵
                                          PID:4936
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
                                          2⤵
                                            PID:3124
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
                                            2⤵
                                              PID:212
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:548
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
                                              2⤵
                                                PID:4580
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
                                                2⤵
                                                  PID:4320
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
                                                  2⤵
                                                    PID:2096
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:2100
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:2920
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:3112
                                                    • C:\Windows\system32\AUDIODG.EXE
                                                      C:\Windows\system32\AUDIODG.EXE 0x2c8 0x2f8
                                                      1⤵
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:4496
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:3712

                                                      Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                        Filesize

                                                        152B

                                                        MD5

                                                        9cafa4c8eee7ab605ab279aafd19cc14

                                                        SHA1

                                                        e362e5d37d1a79e7b4a8642b068934e4571a55f1

                                                        SHA256

                                                        d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166

                                                        SHA512

                                                        eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                        Filesize

                                                        152B

                                                        MD5

                                                        3bde7b7b0c0c9c66bdd8e3f712bd71eb

                                                        SHA1

                                                        266bd462e249f029df05311255a15c8f42719acc

                                                        SHA256

                                                        2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a

                                                        SHA512

                                                        5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        1a0a227239800895757ceb2eeae254e8

                                                        SHA1

                                                        c227cf2a03438ad9b20dd7683b5089586a831d7a

                                                        SHA256

                                                        869474e34ae43bfa31181590e34f4c1e03051dea8e6d3965b61dc2805cdc7921

                                                        SHA512

                                                        188904d00dd9d8c66cdc51ce169de2208b992394eeab2aa0cc186af4e631b3141d4660218b1db8513a588b0b393b010c2918a0d0c97d30aee53bda9817897ead

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                        Filesize

                                                        111B

                                                        MD5

                                                        285252a2f6327d41eab203dc2f402c67

                                                        SHA1

                                                        acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                        SHA256

                                                        5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                        SHA512

                                                        11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                        Filesize

                                                        2KB

                                                        MD5

                                                        49b692904d4c47fef374b71e21348927

                                                        SHA1

                                                        fc0ea95b69b61585cf79ae633c83f0666fefb861

                                                        SHA256

                                                        d705fbdc3c679171dce5b083b5cbe06ad0ecccbeafaccd33ab0aa51ec8792ddb

                                                        SHA512

                                                        cff84bc7522e1da34467ff6612c9b7ff26020136d46a2e66b96d1e10f5674dcb331a9c7a613c989b19753637f94a3b996a7bffedd99f4aaecee5c42886e7d278

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                        Filesize

                                                        2KB

                                                        MD5

                                                        46f6e6867447c15c8cff8d74e4eab0fe

                                                        SHA1

                                                        5c66cb180e40682ffd7e76c071996a44170cc6da

                                                        SHA256

                                                        c97c92f4d24ae7bf38ba139ecd9e456e34d2f54af9db8d6efdb26c5a0e6fe902

                                                        SHA512

                                                        1531f864e418902c1453fe2c56756dd47aa5e7ced1963e3a9e487a68e743df4287783000b35bd3aba3c65f591657352cb86ee4e90470b80e5eb2cafaac985d55

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                        Filesize

                                                        6KB

                                                        MD5

                                                        b800ac48bf6ed3eb2d05bed6f31b51bc

                                                        SHA1

                                                        964c2cb1a099ccb6641b8025ff0958e6d793f62e

                                                        SHA256

                                                        bfa69bcdac94967b078cffe95701e2c63800fffa3b7c99642eb90cec77d32368

                                                        SHA512

                                                        fbe3e37c1828ef9be6952b4c7acf7e0f6a062deeae916c53de71b2e3b0737272f8c394528004cd79d4ed842661ceace665ee8d1e161df5417fef3481a8b87e76

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                        Filesize

                                                        7KB

                                                        MD5

                                                        15aac5a30c0d73d1cab012221f39b2e7

                                                        SHA1

                                                        2480a5c82856a196a60e963b3e68e3b7006205ef

                                                        SHA256

                                                        b87281b8d97523afca4f8de14f67cb9255c4187617bf5ba9f1befc31dcdda5d4

                                                        SHA512

                                                        a5c0d445cf9f882568f8056d6ec870856e8af2eb32c165cbddf2c4e76cd58301a2b32f512f0e8d2d016eef18c9891c15f759dbdf412fa7bc8a78f3224737ff67

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                        Filesize

                                                        7KB

                                                        MD5

                                                        7b43da8a0a1b1c9e44abe83ae04e60a4

                                                        SHA1

                                                        eab3e3ef924b457ae2785c0fbc6b07f12101f028

                                                        SHA256

                                                        eeae182fc8dab53b5afc403763813739c07fd3758915ab382576e92c0c3d37d8

                                                        SHA512

                                                        2dab6af1ab2739e52ab093e3cdd98257ba6728c257afbe93e83b18b7720842edbf71dd4a06df0ad83ed6202cdb7cc2ad50a9578aa38844667dc12166ef3f67f6

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bed638b6-757b-4d7b-b6f5-e954df14a35d\index-dir\the-real-index

                                                        Filesize

                                                        2KB

                                                        MD5

                                                        91e8804b7d9bc089d4c9c1191e24ffac

                                                        SHA1

                                                        e28525993ed14a25a3430a52b83ae7b618e13cfb

                                                        SHA256

                                                        b3af3f584bcbeac2acff8765035f9e9809381068bb55cd289981e76c3fc56faa

                                                        SHA512

                                                        6ac2e9892505e533dbe1c6a59468ae0bd5e598fee5bb80acf87f344795e67332b205e62211bd6b048b76a0d141da06e3ae8a5796dbd1fb5a2be0a32cb4ab1006

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bed638b6-757b-4d7b-b6f5-e954df14a35d\index-dir\the-real-index~RFe58f8f1.TMP

                                                        Filesize

                                                        48B

                                                        MD5

                                                        30a044caadfc306a047a54c3e3823551

                                                        SHA1

                                                        a5afaacecaf735207d4034e2ed49f2edd9da5fba

                                                        SHA256

                                                        1a910536276d1f18da3f31e59ca13cc0d8efd3882bd7f371a520297a0d1d7ad2

                                                        SHA512

                                                        c4aab05c7111b4066458ec711cd840180dc22657605e2ac57e93c479ced9bf667d19eb695c6f972eb7ec38878ba13a6626ff674027ec282e37674d3c3a2b959e

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                        Filesize

                                                        89B

                                                        MD5

                                                        0cdf9f5cd8afe39eba9a50e89d053447

                                                        SHA1

                                                        1daad419b49040e0d3734d4a9a2e64cbf70abd7f

                                                        SHA256

                                                        33bb120a27e6cde3632ddee24100b1c633f80beb9d802d20cd5de5ebb04c195b

                                                        SHA512

                                                        dd33dd791fd0ffea306f386ea5c3673af429ea825d86457d78a5d0e6541478f1cd0425007f72d299f98aa57c42bc40695fb9e96ecdcf77953768931110014a99

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                        Filesize

                                                        146B

                                                        MD5

                                                        98ca56d959127bb2ffc73f99c3b6a767

                                                        SHA1

                                                        928b89cce45911ce344db7286418482761aed70f

                                                        SHA256

                                                        bfcaeebf703672e37b75ac0540255c49ee7fac10c4b2fef2869f3682063d7b15

                                                        SHA512

                                                        53af8d9d78110e22a820edb9c4f1c4bc4a3e81f803f01c1d00fd47def348037d56fca0a497138c5a9db249e07c2c1d23d1f3ac00dafdb73473ceaca469041bed

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                        Filesize

                                                        84B

                                                        MD5

                                                        1c808298711b33b1adbd4e08aa8fcc32

                                                        SHA1

                                                        b8cf1bc810ef4ab8cff97de71505662fda943bab

                                                        SHA256

                                                        1f5893c1c8c0a50ed1e0e69dcb331c197cb88fb5577eb3ff806f3e40d45fe7fb

                                                        SHA512

                                                        6b88a30a5a0ee491f0c696702a746101c572adf2375ddb32c124480919806b44155b701a4008114afcf91551c7cb3509eae53268b04b945cbbb1addcca2c5740

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                        Filesize

                                                        82B

                                                        MD5

                                                        34cff2adc0026f347fe78eda2cb9ba88

                                                        SHA1

                                                        9ade755a4eb14cbeab8931fefa8ff73ad23e9574

                                                        SHA256

                                                        863057deb52e5249123eee73d42381bd73666e591cb44b631853475d2ae08e1d

                                                        SHA512

                                                        57560816c92a94cc848979a82ecf206853419c479f482a74e4cb403862d127e3c4076eaa1aab54d5ba77fb50ce59260a3bd0e2b100059eee6381255e9bdc7269

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                        Filesize

                                                        16B

                                                        MD5

                                                        46295cac801e5d4857d09837238a6394

                                                        SHA1

                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                        SHA256

                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                        SHA512

                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                        Filesize

                                                        72B

                                                        MD5

                                                        7fe9177b7fc77d6262c1b96fda042c14

                                                        SHA1

                                                        9cfa1dbe909e77c58709bc5046cb5e52fe543386

                                                        SHA256

                                                        dcae465611a72ecd21487169fab272f1a3aef6371e19f975b64ab039b9dc62c1

                                                        SHA512

                                                        4f63aaeb27a7c0df338d82539e99eecf69b1a0c4a434bf83caddb2df32740738beedb5de63f31436e2d671133130a80917e2e5010752281dad2d691a6a1a977c

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ee05.TMP

                                                        Filesize

                                                        48B

                                                        MD5

                                                        4e2b0eaa5d20234d94f70ce976791748

                                                        SHA1

                                                        50ee90d6c1fd66ea009601894661e234c1c79d94

                                                        SHA256

                                                        61384472dcae922e3af371e1de6fd2d36422e697ae8e156586fff6aafc85f765

                                                        SHA512

                                                        05669b5480ec62345b6838ff927aad5dc6b601d13e48a4c140ac2548f07b2230fc94dc6af6d2b69d00dc6d931c6f9a2ff7ad1af2d2ee8a812fcba55e58c1e2d0

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        aeb9bf351578fb67e7ddfba5cc20e5fb

                                                        SHA1

                                                        8616bd28299345bc4e5593f0006fe4f376f930bf

                                                        SHA256

                                                        a35818488b0308a508d056fc5fa067f98eef3bcd31527b700b67eef49992c4c8

                                                        SHA512

                                                        b4c32fdf90720e85080dd2968e21504e3f4dc39407bf0b69a38e78156c17d9834698ed61ff77a7d68d611c351e1eb364edce2228560feb955fe8ef3597295ce2

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dd2c.TMP

                                                        Filesize

                                                        869B

                                                        MD5

                                                        b6207249aeff203abdd820dba4c3f7c2

                                                        SHA1

                                                        ebc4a1a9f4cc2dda5e6f3d3a45705b627329006d

                                                        SHA256

                                                        a2551980a71e858bc898e8ca48fe86d847cd588302a34dc518448df2da561567

                                                        SHA512

                                                        a5d51db040f8c4acad42f536c3a5114a914ec9d4b9260457e6dcc83da4397ad319562878e9788be506ecb55ed25d0880c04197ddeb33c1fd8d0a15de3e8f92a0

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                        Filesize

                                                        16B

                                                        MD5

                                                        6752a1d65b201c13b62ea44016eb221f

                                                        SHA1

                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                        SHA256

                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                        SHA512

                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                        Filesize

                                                        11KB

                                                        MD5

                                                        1a6634308bbd28fa1bec056d74812c06

                                                        SHA1

                                                        cd2140dbad9d1bec66060e9ac786105c29509c53

                                                        SHA256

                                                        ddc49fb5b35f4d9bbdbfab336217378f2ff2490d6b7d5991c843cde9e09f4cad

                                                        SHA512

                                                        c6b863a7313c1ec32e2b6baba244fc0d3f938d923ee7a2e669952ba0b6e3a39c454068a40c0dd8ccf99b7220cebb0016caabd52e1240671f5cedd85ec5b2e163

                                                      • \??\pipe\LOCAL\crashpad_3992_NTJTXQZCKXPPPXXW

                                                        MD5

                                                        d41d8cd98f00b204e9800998ecf8427e

                                                        SHA1

                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                        SHA256

                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                        SHA512

                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                      • memory/3036-0-0x00007FF65B9A0000-0x00007FF65C9A0000-memory.dmp

                                                        Filesize

                                                        16.0MB

                                                      • memory/3448-17-0x0000000000390000-0x00000000003D9000-memory.dmp

                                                        Filesize

                                                        292KB

                                                      • memory/3448-16-0x0000000000840000-0x0000000000841000-memory.dmp

                                                        Filesize

                                                        4KB

                                                      • memory/3448-15-0x0000000000840000-0x0000000000841000-memory.dmp

                                                        Filesize

                                                        4KB

                                                      • memory/3448-14-0x0000000000840000-0x0000000000841000-memory.dmp

                                                        Filesize

                                                        4KB

                                                      • memory/3448-13-0x0000000000840000-0x0000000000841000-memory.dmp

                                                        Filesize

                                                        4KB

                                                      • memory/3448-12-0x0000000000390000-0x00000000003D9000-memory.dmp

                                                        Filesize

                                                        292KB

                                                      • memory/3448-10-0x0000000000390000-0x00000000003D9000-memory.dmp

                                                        Filesize

                                                        292KB

                                                      • memory/3448-8-0x0000000000390000-0x00000000003D9000-memory.dmp

                                                        Filesize

                                                        292KB