lumma | 6b0bbd68dccfcbf2ba81793b581e0fbdd5bddc3bf15aa21567be5f0a204ed2d0

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MetaLab/MetaLab.exe
Size

5.4MB
MD5

8b0c98a6fcc3ed6a56d86a129c2b12f4
SHA1

1c8ffc12daf521c21c8cde172df5f7685e5b17d9
SHA256

b0e239df43f6033bc786f5ff49c30d126c19c2a151d207e147024d3cc5a0c098
SHA512

5ef9595c1bd4f6cbe6fc0b7039583a30457cf615a3c24d3f7e9e9ea65a57404da278f1ad8003e1e189443a4c72f1300a548f92af7417a270d097d8478af1a316
SSDEEP

6144:6hyjHjZ5AdTMM2Wyjb48JugzIucxyIDH/juuwHGuaGM6Ty+mg5JED6VNKtPeUToV:64jVqxmff9X6H/jZwmlGMS1cD6jIePvt

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://admissionfaccen.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3352 set thread context of 2172	3352	MetaLab.exe	84

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3036	2172	WerFault.exe	84

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MetaLab.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
680	msedge.exe
680	msedge.exe
548	identity_helper.exe
548	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3492	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3492	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 2172	3352	MetaLab.exe	84
PID 3352 wrote to memory of 2172	3352	MetaLab.exe	84
PID 3352 wrote to memory of 2172	3352	MetaLab.exe	84
PID 3352 wrote to memory of 2172	3352	MetaLab.exe	84
PID 3352 wrote to memory of 2172	3352	MetaLab.exe	84
PID 3352 wrote to memory of 2172	3352	MetaLab.exe	84
PID 3352 wrote to memory of 2172	3352	MetaLab.exe	84
PID 3352 wrote to memory of 2172	3352	MetaLab.exe	84
PID 3352 wrote to memory of 2172	3352	MetaLab.exe	84
PID 680 wrote to memory of 4164	680	msedge.exe	102
PID 680 wrote to memory of 4164	680	msedge.exe	102
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 4000	680	msedge.exe	103
PID 680 wrote to memory of 856	680	msedge.exe	104
PID 680 wrote to memory of 856	680	msedge.exe	104
PID 680 wrote to memory of 1496	680	msedge.exe	105
PID 680 wrote to memory of 1496	680	msedge.exe	105
PID 680 wrote to memory of 1496	680	msedge.exe	105
PID 680 wrote to memory of 1496	680	msedge.exe	105
PID 680 wrote to memory of 1496	680	msedge.exe	105
PID 680 wrote to memory of 1496	680	msedge.exe	105
PID 680 wrote to memory of 1496	680	msedge.exe	105
PID 680 wrote to memory of 1496	680	msedge.exe	105
PID 680 wrote to memory of 1496	680	msedge.exe	105
PID 680 wrote to memory of 1496	680	msedge.exe	105
PID 680 wrote to memory of 1496	680	msedge.exe	105

C:\Users\Admin\AppData\Local\Temp\MetaLab\MetaLab.exe
"C:\Users\Admin\AppData\Local\Temp\MetaLab\MetaLab.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2172
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 584
    3⤵
    - Program crash
    PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2172 -ip 2172
1⤵
PID:1544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff954b346f8,0x7ff954b34708,0x7ff954b34718
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17207406466178009979,1308129528551139294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x154
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
232KB

MD5
d0d4767f42cb41cc5c20ab630bc113d4

SHA1
2f409f8d1cae157840644a854e3aac4d28d50f4d

SHA256
73e8f0664de55310906226260fb2081be330d5dfa9aea6d5029fb696beb0e3dd

SHA512
2ce1157b59423139c136012c52ea85971954e44b842910071ca225dc715d89e97e808769c777b6d032fde0a1dcc8786b84fc696b593f7a8ab604d3f6130bc6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
9a95465d3764f96b7999c7c0f30f87a6

SHA1
5d2f08cb28acc8716afc6406beec43120b5737df

SHA256
425485dac92e5a7f24fbe3c728977bb245cd9425ddfcfe51352eebbd8bd2c0fb

SHA512
e80de30197ce9460abac1f3831a85da660aa382afbebd41524b448dc0e092c0270e5758c6b5e67992d3129ac6e3bf55f5a01316c0515b241a4aa88044af59913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
47KB

MD5
02bac54636d00b4059602a7d04ee6d41

SHA1
181ea605fbf32bd2895a9170873b6356dc37748f

SHA256
28ba0b7e3fa6070799b7d8a5a166a1c05751948059604b835c7a9e53e5668fd6

SHA512
be83074f59ae14751cdca5ef08b5e4422754dd013a13f1071e4a58981d0accb17449f9764a0fc33577980b4f7ad67a8e6514162f761d91eafa5d17f22b27edfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
606KB

MD5
0006988b93617e3bfb10431ff5cba93b

SHA1
12b24f8a0858ec3c46d3e4004d798a45491c6fbf

SHA256
1d8d83e7614f06bf13a4a367a2772504afa0bc55a4edba6dcb86b20f9cb24373

SHA512
328f8d73261e8bee3962d31dee9a9d4341059f040a591c2170a4e8e2d72fb67fa2b6afa68efb16d923f11312d232a4d31c7b7da5632ca816be6429e1cc8d2009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
33KB

MD5
99d93d3ca03456ffbbbd0aafcc5a65bd

SHA1
3be6aa42e95f453cc52713a3777ac26e034fe84b

SHA256
bffce50998ac477e1e31c190baa7540c7008d781627d336c6748f608682e88f7

SHA512
abe42116c8aec376e78ec5c1db362f6716382174affb9dfda3a11252b09d5fbb61df1e528d9c83ea252c9aace74328f64f1eee2868a324b5941b60d36d00c8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
32KB

MD5
19cf558a8599f8e28a1c0893c2ed2964

SHA1
797d96a4f20a40870a1eeae74f19c86f65e91652

SHA256
534d397f9c0580f3229516033136b590789216fc3b1f66e3d72286ca78b35b4f

SHA512
7eaab2051e7435daf3eb32a2a4b4981977b22ba96f1bf263b1b3d9bf553235a3c1a5d77b4f3e6d6054f5e1e5d638d06ac18a889c70d6231ca9fda8d64293570d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
03a62e9311563f68667fdd0a904f4088

SHA1
5d21eeb1f26cfc59a0518e7c3962c5637d4ffd3b

SHA256
74aeb42f2a27c374995ce8b9835d1f9d290f9207fe8372ebee283de56d06e679

SHA512
837255a288dbade9b1859563cbad7da9f102821ead1d8a0e83dd672d61d6e4bad8a415fedc01ff897ead1a2219b7d909aed35a94df5dd32ed7b8ebf6171c52de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2f06aa1f1d5975beda3b278ce1e47c99

SHA1
38e032c8803cf5bcd6413d6afaa457dd598511f8

SHA256
de6e996ec4d3fe3f223fa7da297a322ee439f1c8b607a3c3f90e1c02c96b07da

SHA512
4b819853ae9a78901063aac640a02fa3d0e1d69d5480739aef9026e5e5d9829407e9529c8a3edba91ed2b09fcb083e25824e49008672d236e207520428334fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4be8bf867eecbed6a44e531d909d03ba

SHA1
736acc372a55359e7845c664d6527da193492b9b

SHA256
241860bf73ee3c1cc8ac98cd1ab915ce4f1da7442183103933900725609b72ab

SHA512
634418a5f6525af318ec74e4c0ae9e8c8ef0e38c1dffdf19ee5bfe5e7e608eb0344c3f15b580a35b6e780d3573fed1047f256b103abd99d2413b2a7b9ed8d984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8501ecb1d1f6b29b13815d0add56c9b5

SHA1
d50867648efe6f10c379c5613e40f2b3ec35c992

SHA256
26a1eb349e9947c31602aed53aecbd2ff0f24f7990923a385d85ec643a673450

SHA512
40e71742ae72d655efb99e9ce20900cc01720bede1e469f429fb019c8937600333e31d724bc4a805249ee35603b49e8d9c4315e0e4cefc5bb118c82f734c7937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
433a7530bcbacf869fc5208e33f3c92e

SHA1
ba901f315ac148aabb18b30568e910d3be3ffd14

SHA256
175abf7738da04b6db6b08022c6bd68b01c8ea9314ee3486a8f589b286d9ae9a

SHA512
76530de59662bc43cfce44e7327dc229d51ea61acfd967f77e4523860de8d60ae5f976eca6d8d70fc9061b782d19d0db713d7b7cc244330f6dd999fe508f225b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41ab25e5-84b6-4921-b4b8-494b0dce5512\index-dir\the-real-index

Filesize
2KB

MD5
2f3204379bfbd9087cdab194d8997e6b

SHA1
7e16fb8b20a79df1c17d1beb6e0669d0bd446312

SHA256
f7f41062a82e4250da0ae1207191d5c29cdbdd4166928568cc04193ecd1aa10e

SHA512
a26251e87f4d173b6069b118b8c8d96fd8e7821f18b5f45b61af1c962cebf20e7e3c405f451b66c5cf9050d2ee1e0050e92842a2685bcf5c08ceb86aec72dabb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41ab25e5-84b6-4921-b4b8-494b0dce5512\index-dir\the-real-index

Filesize
2KB

MD5
40cab653e1c0f0fa6c6f4d99946d78ec

SHA1
8263f7495cdbf77b9e0ea0180b219ec3b62d07b1

SHA256
c5552682c12d1fbd580b5e617d5cc71039864cf53b770570fe97ce5cd484284c

SHA512
804d5fc734a631648bc0c120006be8a95e2a159a805d1a743c78750959e47619b430971d3261b15fbb1adfcd48ca2dded83523665cdb699e905de258fd1252d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41ab25e5-84b6-4921-b4b8-494b0dce5512\index-dir\the-real-index~RFe58d79e.TMP

Filesize
48B

MD5
a4f09710a45409171a3f2d6546ff23b4

SHA1
0be9e4f380391de6f64e649ac2275eb92f45708a

SHA256
46e9306203736d9806548cc2a0470d16d1e75beac4847cbb2ec4e2c5acda531e

SHA512
bd4b822f69283d62b9180de39a0e6a62af298b571d87d9cb008d1d1cc149bf7ae1f05b25a0166095e88af2fe3403c75a912d086be8ca75f3e242fa632aa74e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6ef94d48-b897-4c80-8b35-b780a5a20b7d\6a2f430b03ff0451_0

Filesize
2KB

MD5
242d42601a530e1ae3d8718c894fa2dd

SHA1
7dd7ee73894acd1cf6f70bf48ebd359119d42cf9

SHA256
84c5e2204d3a87937e3247e351a495d2b4e62477e7907464b2c53424a259f3fc

SHA512
ad3b0ef475d021ae1d2d14a5a06990caa410e747d96fae62c38139d8b8ea86cede948d1e9e8d763a56511026461c979909750d5c813798fdc2e7fa2fca43fda6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6ef94d48-b897-4c80-8b35-b780a5a20b7d\index-dir\the-real-index

Filesize
624B

MD5
d4e49f690ca9dfd87abf21dab683dda6

SHA1
a1aa0e9c9502e273ec4a0205cad5166d0658b85c

SHA256
e90d4d073c78ba45ec4f042250250baac7b2ed5150ffbc11dabd0a440ff74683

SHA512
add29b039abe4481fd5e4ecb24cdbffd48d35d7c1be2c3b7e40470a367a31e73e233fc195c0884fd9a918f6f5679f86473e1fee97ff50cf6adc9c4b70bed63b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6ef94d48-b897-4c80-8b35-b780a5a20b7d\index-dir\the-real-index~RFe593157.TMP

Filesize
48B

MD5
d1e338066b58a1272ac10c3a1ccf32e0

SHA1
7b7dcfb1f2ac2d52167f2d8eb4654a3977daf1b8

SHA256
ee5856325aa3c3cab032887ad0cb4edbd2a5735a6a12d19492f185b7f7dbfec2

SHA512
724abb5e9c41317f425176a06ec5e0ca4c2d064a1c3ca6ec01dc88845c6bfdfe0cf1f804e7b5d6600a1c08df38208be5acc0d3ee51b97f45f34b85e32f51ea9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e24817d6-ae34-4b84-9fdc-a243d9252a30\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
34b91acefea62cb2f5ee96a6dda2f54c

SHA1
1037ce382078de1dd3b311c9715dd19286a3fae6

SHA256
ef8435bda62bb86fdd8cde814a3b502f85ec2b84fb4f78e17f1a6f17cb549bf8

SHA512
20cd8742a0b8406bb6890f069d26c3446b82e73498a2a43e85d04cd9d6699c24685606cd27cc56c8403cc70724c2963ea4cd5787dc88de42a56d48f540279f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
8d581a5960086013c4535351c4f2ef0d

SHA1
b8cb381b9980da035e64fdefbba4128605bd9aad

SHA256
517226a44c5cd243987e8929e02d82804c793989e6d41cd80835af370882ea0e

SHA512
d182c513e33205cdca6ac2c17300ff391c6853981d2cb7a1fc1bb3b199f25ab6596c9e14cf646b2374b3fe67f81538af2029e7bef36ca5f9deb7d512622ef890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
ccce51a7a5eecc78f20f09e451f586e5

SHA1
3be63b7f4fe04de9e934bdf8764d80ab479e0f7e

SHA256
96083824b5a8de7185ae0a0c10fca165cec99eab613c113923bba4271e77376c

SHA512
edd6d3eec5fbd92044e115940bafb92b478b4fe11b7fea1e5a53a48df2a0887f02234c8d4be0e1042d9db4f5d568b1f37adb983690eade3ddbefc988513f37b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
98285e4f13edc0cedad9a4b395c73629

SHA1
4cb072a2d1d883ca72949a280718c3bd59de6893

SHA256
75df476d891b732fe74ecd764287d1408368a2eec4a34efac10c88ecacfdd7f2

SHA512
c7ef75ca06bd2d7f028519c72a6d4d22cb7dc5ddaa353f0642b8175ebd54bcb8946b1db683b22b9f0f548f26f433fb3413e51164de1b170bc480ab798592151a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f631d2a1aa096f9844481507ccdfc360

SHA1
2c9cfce5d487be603c3192346e66249daec28070

SHA256
3406dae643ac2c22a7a29a61ebc4979337bc4da604ae1168933223465fc3c2d4

SHA512
d3ddc6a4e9bf5653991a502a0511df59be237ab9dd89d887de6f6529a31c61086913e155d625924572c215e467c6553c2b91c4fb926c26619861858df764fbd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
7b415effb491425dada8d2830f9c2a0a

SHA1
1d071a584cf3c5f624b24e6bf6d4e8817d7e4be3

SHA256
97525f6141addeaca9e955fdc0ee710a18039852f20ca5be14a7be08eba23694

SHA512
c62cb6375cf50e22cef366b9bbf7c3e0fb4ffb7174e0ce6170d6ede874048704b605de2745554937e966beddbead686ff301257c41ad74c23a205f083c368d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
b9a0ef79a6fe89c10f0f9c98afa9f4ff

SHA1
2d8335355d5e5cccd5abd9c081f6809c6a959e61

SHA256
e63875aa7e1f49efcc23e121052cc788f4362bc67c0e1a26d2800a6d9a5b720b

SHA512
84cbf0af10ae887c02467b2c6688db34b3efbe68ff303494cc91fc9afa9f2b8b917eb942526020d43721ba44bab5513fe6002ea98fc723d5743de93d0168e3e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e6d496005182dfca02bd083ae541eb12

SHA1
f40acd599ef4e0a4bfff7bbd15a9a1b13c042d48

SHA256
84f165e1f1f96dc561ab2b246ebeac78041f8f31d60a9323a5dbca2d73634638

SHA512
f6ed0ba34086fed3087597f4bd15d8d9050bf3c762d5c6fb5c2f5a0800400017ec752f94a5c5ddba744f77d7f0e047701991a72eff2609d968ec712944c37ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe592b2d.TMP

Filesize
48B

MD5
f2b099da8b9760af248a98f32f5e22b4

SHA1
a388b98adbf89fc13045a96cc54bea4517ee61ec

SHA256
9f5f15531803e06a684a035761f6a4e183d56ead5436603b1e42cfeb746121c4

SHA512
719c7cc01a0bf383977e9143bebe371a7a40ca5fb49ac1222f226a42f2c7fbccf1be72651bdf9baeeeb4c88e2f3002809e633404b5786f01a87e257ed6ff92e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
54d4ef6dee275ccfb04fb44330f91963

SHA1
0559efe285d1fce47a312647fafd3871584470e8

SHA256
f120573382427ab62ad01d947d33da896d1d207d8d02e6563fe8420f0a9b7e2b

SHA512
1e6f7a64ecaf4e297809fcfaef88447831763772aa7220a19277b15aceb0be2ab1bdc59f858c2a9196e879c6016bbd56d43a504e7587d5a58efb8d819f3f4fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fe31.TMP

Filesize
706B

MD5
360640e89d4f7c7ea8b225f934fd47c7

SHA1
4d10e8aad82bd27f0128865d13db1bb6762a00cf

SHA256
25fc0ba5dd602bc591c7ef8e0e3e7aa4e961cc6076d97fc61dd9bc7d4e9f8bf8

SHA512
45519eb3e7c5029a3438202acf50aea8000321b577e76c8946b2819b13bac6f772c39e5d46bb673cf939235db01cbfd2a9b13e978e29cfe6e95551b17eacf4fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f163f78a-37a9-4c54-b6aa-c3c490c71565.tmp

Filesize
6KB

MD5
34748b512402f7c9209648d7f2028881

SHA1
14d07a3e6e6d3e6a4f2e6aaa04ecb91215e09e6f

SHA256
3cb77f00c648440ab4f43bf9e33d7c2dd9bbfb1763d981cf27fe8151bda9e7a4

SHA512
cc975175106c03aced3755bb640921eebde8955d6b12601a2eee64d2629ce06cf6e76151bbf1ebc8cc150df9743a1d32df125f0fa2b81ac3627c17a6f3ebc53c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2f0bf9dabfd50b18117febb15d737696

SHA1
13d6ab3231918a1ddc00d739c485fa36142e7eaf

SHA256
16a418e6498a895821099c6a8fab8b561fdd6b2b708574f3c2c27d18625b9257

SHA512
a13dd64bb6c8d310005782eede8a0dc518815299744f4b00d0a33d819e663e1eb79249be46dadaf8af33ac57fe522c74be371998af2211d5ee7ae243e8307da4

Download Submit
memory/2172-10-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2172-8-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2172-4-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/3352-6-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/3352-11-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/3352-0-0x00000000747EE000-0x00000000747EF000-memory.dmp

Filesize
4KB

Download
memory/3352-2-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/3352-1-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download