Analysis Overview
Threat Level: Known bad
The file https://bazaar.abuse.ch/download/22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055/ was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Suspicious use of SetThreadContext
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-09 23:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-09 23:11
Reported
2024-07-09 23:17
Platform
win10v2004-20240709-en
Max time kernel
316s
Max time network
313s
Command Line
Signatures
Lumma Stealer
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3948 set thread context of 684 | N/A | C:\Users\Admin\Downloads\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\!ŞetUp_64851--#PaSꞨKḙy#$$\Setup.exe | C:\Windows\SysWOW64\more.com |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\!ŞetUp_64851--#PaSꞨKḙy#$$\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bazaar.abuse.ch/download/22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb2f846f8,0x7fffb2f84708,0x7fffb2f84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3878929041492490022,15048341844229084388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6128 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\" -ad -an -ai#7zMap8001:190:7zEvent28783
C:\Users\Admin\Downloads\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\!ŞetUp_64851--#PaSꞨKḙy#$$\Setup.exe
"C:\Users\Admin\Downloads\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\!ŞetUp_64851--#PaSꞨKḙy#$$\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Users\Admin\Downloads\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\!ŞetUp_64851--#PaSꞨKḙy#$$\Setup.exe
"C:\Users\Admin\Downloads\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055\!ŞetUp_64851--#PaSꞨKḙy#$$\Setup.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.130.49:443 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 49.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bittercoldzzdwu.shop | udp |
| US | 172.67.134.113:443 | bittercoldzzdwu.shop | tcp |
| US | 8.8.8.8:53 | bouncedgowp.shop | udp |
| US | 172.67.214.52:443 | bouncedgowp.shop | tcp |
| US | 8.8.8.8:53 | bannngwko.shop | udp |
| US | 104.21.81.196:443 | bannngwko.shop | tcp |
| US | 8.8.8.8:53 | 52.214.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.134.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bargainnykwo.shop | udp |
| US | 172.67.146.97:443 | bargainnykwo.shop | tcp |
| US | 8.8.8.8:53 | affecthorsedpo.shop | udp |
| US | 104.21.6.254:443 | affecthorsedpo.shop | tcp |
| US | 8.8.8.8:53 | radiationnopp.shop | udp |
| US | 104.21.68.158:443 | radiationnopp.shop | tcp |
| US | 8.8.8.8:53 | answerrsdo.shop | udp |
| US | 172.67.203.63:443 | answerrsdo.shop | tcp |
| US | 8.8.8.8:53 | 196.81.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | publicitttyps.shop | udp |
| US | 172.67.134.88:443 | publicitttyps.shop | tcp |
| US | 8.8.8.8:53 | benchillppwo.shop | udp |
| US | 172.67.160.230:443 | benchillppwo.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 88.134.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | reinforcedirectorywd.shop | udp |
| US | 104.21.83.48:443 | reinforcedirectorywd.shop | tcp |
| US | 8.8.8.8:53 | 155.143.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.83.21.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 54aadd2d8ec66e446f1edb466b99ba8d |
| SHA1 | a94f02b035dc918d8d9a46e6886413f15be5bff0 |
| SHA256 | 1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e |
| SHA512 | 7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994 |
\??\pipe\LOCAL\crashpad_4912_PAIIVCCEVPMZRBSN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2f842025e22e522658c640cfc7edc529 |
| SHA1 | 4c2b24b02709acdd159f1b9bbeb396e52af27033 |
| SHA256 | 1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e |
| SHA512 | 6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d2756051db91ccb06debeba74a79dc5a |
| SHA1 | ca41f50e876fa3abc1deb1d3e3a48fb0747413a7 |
| SHA256 | f176da2edadc3280e20fa7dd473e5cfdacb65af8ddcdc988c34147b401153676 |
| SHA512 | dc1b0afc9819add84d8e09293914e19715105f6bb7f603f24c62d88fdf54cc222fa5478e5504674aedac44c821694940b9265e97c08bed9cbacd3cd3bf61ab99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2ecbe7bf5bdbe41771cf122073a64720 |
| SHA1 | 26e9061f28e13835011e68f10849f6a13ceaf3fe |
| SHA256 | e5e728fdf2750230dacb6defee2d96bcafed5712d6888c4f3f3763af51f0098c |
| SHA512 | 1fe420aa3c56b5adbc68a1e101a30fde1180d6edacbd336e5e2b8ee8a40e90ecd033b7755630eb8bb739305c3946e4e5bbcd13106c94a005f001cc95fc2aba03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 161ce220532a5e16ea57433fa9667834 |
| SHA1 | 7868bd61f14eb5462070e972ec403a31f5fd1e94 |
| SHA256 | a38eef85bba732db35670d73fe61991b2d128342747dd2641950fa234c368c04 |
| SHA512 | 4dc918fcc4b990d3c55aeea06820f0c1579a6165b1671f09a54523d1b353682f457e938f174ebd66cd521d852faa2d226b73415f33bfae85023b2ecec2bc74b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | deaae9d5a77bac9e929ba60dbdc4678a |
| SHA1 | bb44cdd9e4dd7d3ef7acb4a6da5793e6a45dee38 |
| SHA256 | 7e2149cb6836cfd693c36a8a345e70a8832686ba6a43a7827007b623f9e3ac05 |
| SHA512 | 9b9d1b6a8bbb0222d94af04eb0b142fe590c061f717ef2991c222125e20f61ca5a2ffe835ed4054212014d4e65983deabb66084adff57861a1c72eda092e5c7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 24a4df78729ba441b27323ea3fc63129 |
| SHA1 | 0fc32fcb0d7446462618b6f15a82125647997218 |
| SHA256 | 0fb860f85e2257b759a9bb76cc9c90a7725172a643a8af14468f03349fb81a0e |
| SHA512 | 44740ac0e275d55431e9ea568b4fa95b5d384e1b754b0b2e9f0b4c5789dc4b7bd79fa150cd8e022a687574c57ef519bb32db104dfc3df37ac28b12cc7b888d21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9d63283cdeb97414d445a9d6879aa375 |
| SHA1 | c7c51b7d43459b487cfaf20f1b083cad6d845f56 |
| SHA256 | f016eed3757ffb8e16b3166cae0f9ab6cc0ebad83a7c83653440986a84ea2d8f |
| SHA512 | 610c63ba1a2b5ac348920e237db99eaa7b029e3a224670171a55fc9f27714c31e5bc028cba0a702b5bbc84051801cc373031d23d22073f81b35a0c91a32eb630 |
C:\Users\Admin\Downloads\22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055.zip
| MD5 | deeedf1d72636db669de2416fdc2a8c0 |
| SHA1 | 50b0fb5857752475aa2aff13d338990ab13bd140 |
| SHA256 | 729af78bfe9c43cfac88fdb6a6244279923ca48605016a942d8f1ef8316ee220 |
| SHA512 | 3a18eae01eaea5885117f0f612186354eeb8d0e7f64d1c31e64a669326854e9d0fd0566c89fa5e4b227f5b8f89cd83371397cd3eeb15f3dcd49f89e103ff5893 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b60d9b6dc6cf6552ae801a7e5c83d70e |
| SHA1 | 8cb72a287162f1ec7d86c1e28e12ad3ae9561624 |
| SHA256 | 44c4416e922e95d4b79829dd94c72fdb0f4e2e93e4fc9480dea0e5167164012d |
| SHA512 | b0ec7b2a1893e8cd73085947f39343499116d2e22c897918a505a590a5959338cd6351a3efb6e7524db72849c273e54b2fe593d0a8dfd0081895ca4c23c0a71e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e3844f68ad4720b51c9af19f1f8d2296 |
| SHA1 | 45d84881a64e04457a6973188eed6683f6a24d35 |
| SHA256 | 233f99cd7cd4c0cf5308cd4ca127fa0264d56a3894b646d0a7b92ff300ee971f |
| SHA512 | ae127821a4de0e6be8bc52011529edfbda5220fdd96b58e7be2a3094ef9f7f7e2e16de8e66ed500d70b600803099ea74984092577623a133f1da5e2e9a9862e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598a16.TMP
| MD5 | c670f98482541567b7087b672a1fd2b2 |
| SHA1 | 12619e9f440a32ea199b5dc248546c8ca14396b1 |
| SHA256 | 8724fb2e215b41e120613fed5b9a0e640cc23530ee1d791692209234b956233a |
| SHA512 | df00b72083281a971e9ebe165d0384c7a508366d1bc60ece570075bc642c76851cd7c41d6f4c0784afd8086e9844fa41e9e4fe26373c6da49c09625d46b6f70e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 712d34a2b9951e84f9aa14ca52e7239b |
| SHA1 | 92dada7cc3e63c0eba1844fafcf66f7bd62367d6 |
| SHA256 | fe2f793e3b7add7c8d1458cae56ba58703fe6fa74c0314322530bb060c2b3639 |
| SHA512 | ff162c29a84a11ef5f54376e915a08527295a707e1e9552edc14732927a66addacfa300a79e08b74e1e824724d710618840557be49ec2eae2e95337f385fda1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 36e4cada9d4d8d9cad8b51397ca0b229 |
| SHA1 | 7230c6cd781007fef824c4fa5ed8a285a826f6b8 |
| SHA256 | 69f6d4b12915a8e269a30dc848e4a9cd20be7a232e36cbea1b23cba757885c2c |
| SHA512 | 22e269061007efb4d84dfd704aa4e3e6f5e640413dfbdb1c368ea595f928085006ce58c3c10a87c4c092d4a702d442fba686a19acf132a612bcc43441b2d648c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 638dcd699138d43d58bf6c50bef62ea1 |
| SHA1 | 424224f3059f1e610a76308cb973e7d492b9d98f |
| SHA256 | bd7031de9b7f8e119115726d076e82513aedf0095f1d5c9a95ca8fa5f5c3ad5e |
| SHA512 | c1e48689817ec76f2eea1bb939365b240ddc7d39f94628b8b73816954844046a7f409decf58d0246f8af08a571e7b1da9d11aea917643d6229d2f4c968ca04c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8f09e1af0ba5fe3915e78dfad7474fe |
| SHA1 | ad2d67a1e59560af22ed5f7f8b52fd11896e8fd1 |
| SHA256 | 3c288e14b75bbc3b53445700dc4c928fcabc244150ff7e7f420b01c683f3766f |
| SHA512 | 0b4e574b36a5276cbedcf741c15bf1757b327d1f9ee3a488b816d81dacbef20c03151ba474b5e894679148ff7bf34b4da0f3598277f5bcd3dd2b0da4d2352181 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 57644f6182cfa8e267e57843c317270e |
| SHA1 | 07cf5892260ee452a688b92fee81c80683965bff |
| SHA256 | d11ad74b571ae7e60911a9d726d838d67e92f0669e9578f2c1b86ba8515eade6 |
| SHA512 | 9011999a46e93a81d568477d7ff15b94f59005a07e1da335a73872b26cc5cfb2065afdf66d1828a150801f3240630b438109827d7f70e20c2113140b1500d180 |
memory/3948-362-0x0000000000920000-0x000000000097E000-memory.dmp
memory/3948-363-0x00007FFFC0EE0000-0x00007FFFC1352000-memory.dmp
memory/3948-367-0x00007FFFC0EE0000-0x00007FFFC1352000-memory.dmp
memory/3948-369-0x0000000000920000-0x000000000097E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\96627e0b
| MD5 | 3b4b5fdf978b4e09afbb76aadfcbbb75 |
| SHA1 | cac33cde9cb3f52b5e09ee251a71f9ad3b8a2aa7 |
| SHA256 | 5131318e757adc1f616384d46f5d4f7310f936ae2a9a8034a84ef90653ee74c8 |
| SHA512 | 7715b02abba5211524259f9f95cedd1421b1d46cfc3099971862e07bb037c0087ac78707bbd22920be335a87b367ae4d350635412db164187b9ab37c17a4c1cf |
memory/684-371-0x00007FFFC1B10000-0x00007FFFC1D05000-memory.dmp
memory/684-372-0x0000000076D20000-0x000000007715C000-memory.dmp
memory/2176-374-0x00007FFFC1B10000-0x00007FFFC1D05000-memory.dmp
memory/2176-375-0x0000000000980000-0x00000000009D3000-memory.dmp
memory/3756-376-0x00000000007D0000-0x000000000082E000-memory.dmp
memory/3756-377-0x00007FFFC0EE0000-0x00007FFFC1352000-memory.dmp
memory/3756-378-0x00000000007D0000-0x000000000082E000-memory.dmp
memory/2176-379-0x0000000000980000-0x00000000009D3000-memory.dmp