lumma | a0e68504a3071c3ac68c3488e163c948977fccb4b9a477658188ca2f9e668361

Analysis

max time kernel
127s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20241007-de
resource tags

arch:x64arch:x86image:win10v2004-20241007-delocale:de-deos:windows10-2004-x64systemwindows
submitted
31-12-2024 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[1.1.0]-Aрр-UNC-x64.zip
Size

24.6MB
MD5

14a8c2f7c0529f3cbee686b21004173b
SHA1

b95b447897b4be9b53c55220ad69cde184b3fa71
SHA256

a0e68504a3071c3ac68c3488e163c948977fccb4b9a477658188ca2f9e668361
SHA512

37fac6c8b9004385d98ce515f8d29fcc9615fdfe94408bee83f205fd68953231457fdc9e0f246bd343aba54599afe9bdb2b91d5351b6c2399aa8a61608940665
SSDEEP

786432:oQGJGrSgwP4FeSsW10/whM4BH4ksOQkW71BtN:oQS4nsRIht8Ohs7tN

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://begguinnerz.biz/api

Extracted

Family

lumma

https://begguinnerz.biz/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
160	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NewUpd [v1.1.0].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NewUpd [v1.1.0].exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133801524671661703"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4360	chrome.exe
4360	chrome.exe
1868	msedge.exe
1868	msedge.exe
1056	msedge.exe
1056	msedge.exe
5524	msedge.exe
5524	msedge.exe
5668	msedge.exe
5668	msedge.exe
5472	identity_helper.exe
5472	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2300	7zFM.exe
700	NewUpd [v1.1.0].exe
4912	NewUpd [v1.1.0].exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
1056	msedge.exe
1056	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

description	pid	Process
Token: SeRestorePrivilege	2300	7zFM.exe
Token: 35	2300	7zFM.exe
Token: SeSecurityPrivilege	2300	7zFM.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2300	7zFM.exe
2300	7zFM.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
4360	chrome.exe
5668	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 4740	4360	chrome.exe	102
PID 4360 wrote to memory of 4740	4360	chrome.exe	102
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3892	4360	chrome.exe	103
PID 4360 wrote to memory of 3912	4360	chrome.exe	104
PID 4360 wrote to memory of 3912	4360	chrome.exe	104
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105
PID 4360 wrote to memory of 4436	4360	chrome.exe	105

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\[1.1.0]-Aрр-UNC-x64.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2300

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:704

C:\Users\Admin\Desktop\Release\NewUpd [v1.1.0].exe
"C:\Users\Admin\Desktop\Release\NewUpd [v1.1.0].exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:700

C:\Users\Admin\Desktop\Release\NewUpd [v1.1.0].exe
"C:\Users\Admin\Desktop\Release\NewUpd [v1.1.0].exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:4912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff7df8cc40,0x7fff7df8cc4c,0x7fff7df8cc58
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4696,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3864 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3204,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4920,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4064 /prefetch:8
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,8591771815106522265,11223484977046257881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:5912

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff7a3646f8,0x7fff7a364708,0x7fff7a364718
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12734597336219335380,2022098776388895730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,12734597336219335380,2022098776388895730,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,12734597336219335380,2022098776388895730,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12734597336219335380,2022098776388895730,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12734597336219335380,2022098776388895730,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7a3646f8,0x7fff7a364708,0x7fff7a364718
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13360820184228713749,15435011598913228292,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c41ff3c75a7645390c5434e3dd1d4b85

SHA1
16f7d3f2b96666bf2878e03276415bcafef438a6

SHA256
088c9264b3b169710689cc5e9e7c90c4b6d160d22ca14ff325b529fab962107a

SHA512
f2423247cc7701b9dd47a3c50dec107538d1bd4e8f9a01eb5cd9ebdf70a824ac7339b823536b7e9fbad900460b640ead2671484909d3e6a63ee12c76b3bb80e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c6643d226d9ad4d61f490816d477c16d

SHA1
4f3d91baf4d44350d6705927167b6d67632035ea

SHA256
d37ef4d2f873ab6169a700430c365b6e5750b52a32155b060b076ae88c3a5068

SHA512
938b71a79bf0b5748e72a5555d37737b5d3495133d31bc62664dd17736f44f48af62f58ab8c1b73086ae451d1fb89edf4d045e846d87ba7ae7d82d55169c052b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
09f9936ce4dccbf3bf873111be75a93f

SHA1
4f0a5290284464eb275e43f55b19319dcd98811e

SHA256
3a960402e6c4c25c11f5fa935409d53ef6b74424d69885c97de7ac8f3640b72a

SHA512
f5fde8a157d294e4a70b31fa101ebaf93024a264198f0e39ccf734bc4b14b4feab8afaaf201c312aceab134febdb4e4ac7f4733fa15ab8ccca5e19bfef191232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
194e341cb8a3d49b692ed6ad3c129e9d

SHA1
31533f4ce19d3282fad94c9817a15058f593e360

SHA256
4bc0f714510242a2def1a5f4ed8f5c01fc29848a292a3c5e9bf91f92b4560a29

SHA512
0c55df613671c11b433d78dbec00809acd11010b5ebd18bb47c08a8066cec020f29ca20e8621988db9bd67aa36d13681b1f561a71dff7ea83e5dca00db1aaf9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0104c13f84f1db9f3940e4b34c02124

SHA1
f2e480fab94124a303a604da587e5dbf0f59a52f

SHA256
4be1e5440e5341d76bd3e895ef3391ef4af8a4db74d9b4d284b3407b48f569ce

SHA512
5fecd438c86e498cfc7a214ff5a4e3f4781a7094be91ddcc8ca0eb53645a4a4b048d1fe2e3856669dae2ae7763a0f01dc676e1c6202325236ceef5e6647101df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c3c07204cafec9636753c9580963a72d

SHA1
7ce3ef4d19e31c2dc88fb1ff3ca20a001c989ba3

SHA256
70fb21663c5e5ce2b5d4af90dfb9a8d0ca60086c394ed55abeaf93a2df0f81de

SHA512
af1e3bd9fe08d73960bbe8ed60e1962a4ae86cdd180e3acda301233cfc86293afb05e48490ba0f4aed6d15e7191420d5a9096be25eb5d346649173fd3d6a8e0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b48a6d52f1eaab5a0ebbefb57d2a6127

SHA1
eedf299874efb9ebc48e2c772a79ee84e4c735f9

SHA256
6bc66ae2f2181923d14d6ace41a0c7e07a8018ed79f0ac6e2aca47b1e9196dc8

SHA512
1e1456e7fe1ccbf57975d1a78350d580927be4041923f838b2bb620e67ad79dc0ba239e43903d01279c8077233d704d224e13b553d6afc938de69aa2a79df137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
794f864f76f23cb79dec9cf417f11632

SHA1
b5c2a6d491739ff497ac3ca36f83a1dd123c82ca

SHA256
eef6acdf568777350c51df380ca0d4be86ac949c9927c6285a499b382200dd78

SHA512
22acb5773010d06e74ed8e703cc6b05d639ed1b078822d2e110cf61a7c8b0a64b60dc6cd1ea411fcaab6db272723098a5dc162d2c6acc597a0401655c931f737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
f8cbf81ce45df883e52021030b0cdf49

SHA1
448279378c92125c22b81919d4d8eaf6d931c0c0

SHA256
4779467d0f3b8fc23b14c00288e36cf2304bd288dbebd21cffba19029080a5b8

SHA512
d8bc8873189caef9917ab3bcfa04af8d9fecd1015755886ce17736eaeb21469b39aed7e283af7f2da3bfadd8f24fac611882a93e70810e05d481a38b33443fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5d7cbd0b8a90d4b690aa892ad01dd3ee

SHA1
de2cef3a878fa892ddbaa2df84f8aec2cdff8fdf

SHA256
87fc7ca0067b8538ef7430673298e6acd874c6b24d4a5c62f6bc6ebb96e1789f

SHA512
18c53879e39f32f371313b6b99ea2e720c072974105940bae56e5a3c62557ce9a23fccfdf930dd3169f6b292b68b1c98488def111313407d289ddae9598d5ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
a7654bc3bdc14d5975d61c930a7d87ee

SHA1
feed3bb08a21cf34089f70ed0936f19e8ef19309

SHA256
f179e2bef762331a6a4d5c38aa173b4620102ed0d3fcdb20620889c38d8292ed

SHA512
3dc916f0d47fa844e296b705c10863247faf4373068dd5ce238e115c025c7845e47612e097ce8321397d5203686aac3c361ba2b1ca809c9052c741cfdb0b753c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d206cb2c216b4e55b5ad693bec21844d

SHA1
6c53ce987d9b7dc068bcfa8cdede124081a04510

SHA256
872a10eed148e8a06586e03b7b702c6b0c57f883fd38561c9677c5f3444ec339

SHA512
e96b157fc40677e95e859a013d3592cd90b93cb1df21cd7e7ff73424eec73454cccd12ee0a4c3bf03bf2fbef3979bc742556769dba213b626ddc121a7f3576a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ab790631f97a7e0784931b966b4564be

SHA1
7b72df6241069a7c26030262152dd9f12c0d94be

SHA256
ef72af1dbdb51a8c8811c3f38781bd42e6d31d8e9fb0da2c1d33664dfb88aa30

SHA512
f30d55861f27e9b4a407d67a2ae70aa4d36b7eab954573c9f85e214a7b474f33d1994baec765426a9c3b05f633c4b5b57f8b16192c2391fde66e525a43d91948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
a1881430c5cb7d127af5b8f8e95831b0

SHA1
3129fe8db393fa486fab60605e2919771115f0d9

SHA256
ceee66ff1a72c3931dbf6d0087242b4c0ea2393c89f9b7021086b04aa8d756b4

SHA512
4bf08aae5f1397b9158b72219e2c9490db676f62b6d7d51e06484d6f913e0db75cdf610dbe0da61a350d549150b126bda3be1dfae94fa630eb41b97678289f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
e06e46da75de6c7edd19e4ebcab1b4af

SHA1
6d10b82588408e2e41ffe56b5ed081371724467f

SHA256
4c0237d60ae772ec563005e08aaece299ae95d90798061cc2cd1530ee671fc32

SHA512
13a7f26d5b3c8844d6e0c34ab71705aebed96e1fa820919c035729cb80470c50e12d13fd430cb8cb7420415da2f3e46556569f3fff668599cd680041d6e89790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38653dc955617d680c93b691b038e2f1

SHA1
a9c2facc3017c3b180c7a8c1ba503f842faf0de9

SHA256
daa6dd6aaaa3d1380af7f0ec51d0c124799f0a0abb3eaef5c420e7e10ff08a36

SHA512
f3b231f800997bd2c0c0081a4ac6be6c3c772910020ddd069cc9a5c5e989c81306e537a4e3fc64f2ec15d410959a95648e52ee4ef18d3f7f063bcfdb5bbaf1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c08d24049444b3dac111b63c1f396974

SHA1
b6fa1e8c5ff7fbb5327dcd83d5d009476ae781db

SHA256
5dab0d6f675135585dd844b0067b79013363061a5bcf9f239db84b159b436cb5

SHA512
e212dccf7ac9ad2af0dba84b7f13f8ffbfefebebf264b79b2bd957fe79a877efb46c4610c11031e9ff447b4f5ed447d14ae686e1dc204b2110fabf5100597ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93e65dda037d9b88c896f76bd227a912

SHA1
b2a7e5cb8121bcead2d96dbb92eb1e0fead833d2

SHA256
95b17cf18de2a365bf0dc26883dfcd653ce25214703611887b591e590a979ff0

SHA512
80ebde57ae6d353de9cfafee3c7b3f8b829a5f21d834c2b8684300947f78dae7a61ccab374492dc79a6ba3796a6a1e91eb28b932d3a2cb4940a4f0b61004be70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e5160bc1a227dddf00e34ea682b644b

SHA1
343fa117dafee45a86dce979d25f930e64aab1b5

SHA256
215ad130f30be88978a8d67d895396d1a039dcedc7ee3004040b5970386947a9

SHA512
b87882f62217fbbea66a4178a01f09ea3413146c129273882e0d7ee8dd7c03282ca7689d806cd7aedf12c9f455a4136524355bb59a45aa6249316eeaf9f1dffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a4b96d1fe317b497baf260446e488d7

SHA1
403a164a9f43413b0069486aeb522fc06a82882c

SHA256
55328e51efa112db3e1dd8a3b0764046454777c4ee859fdd5d0a77b4511b2de9

SHA512
e47997bebcbd5a54664da2be3f2146c6e434be13b4980598b3683b8afe6a36153aee193f7888ad75fc0bee72e5de7916cddc980a5b53898fb76ddc088393a254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
09e270f9f0db3de28348ba4252fdaee0

SHA1
73ef1232124fdda0683ed2c1b9de8aac6e8cdd5b

SHA256
ce19185f0c8e4bb3e47be80d36bb96e3f185c30a6b4e0c09ed989ea63c2f2ae7

SHA512
f053842684886dd0fdc8a40f6a54a866dc108e6d5bfafaac284999f994a11be49dba8a89e91eec603671df98dca066faeaf15fd1a5b46c1758dcf9e27855939c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13380152466661986

Filesize
427B

MD5
f79fc9e850800c5fdc326c0c8969524a

SHA1
548dfd401d7bfc69d43338c0ec06738ed60c826f

SHA256
082b471445139763afdc2fc20eda038b0e4e1df3d9efd06f3f6aa7ea52c964a7

SHA512
53668bac28b3ac86ba8fa41f7a5268049a960f2db440286e687fde34a83df698caf08b6949e2648a7162956a3120661914e68ae0822fb8a44c5253631e2c0c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13380152466724986

Filesize
937B

MD5
709567fd794c4ec4674de9531fc971fa

SHA1
1d6e761faeaebf901f7dc073bb111910b6bfe829

SHA256
89f1513e395d470db8ad7f64fc10ac57c9ee373c9b84350654280d84852dbedd

SHA512
745b8400fa54d0bf640d108d7fba0517519a50214d42a8ad31195b362ffa237ecd2dd4f885d152c79e5b0cdc427096df7b5bd974ffec8c945e1d8a08f6e0430e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
54e5fff2ece6ce0596f65d76bca25dc9

SHA1
924e7c6bfcedfd67bc71a50926ec7520c178f245

SHA256
6818719eac407ffa66365818c1c1f946dbc018e13a1524da23358f634b6af9db

SHA512
5c9f3679908c8417079e94dfffab5c669282c2ea90c308dd1ba64ffadaf4dc6e94f9fc8efdbd95383b3ef66503054743ed725fa9c9ef04be1b64640a293725b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
aae6f415b017f23cabc390c2a1172dc7

SHA1
eac16d1de13522b7e7210554c33574842378f820

SHA256
4f099af8994e0dad331d03bc7ea0b4980e78554c9211becf4e68f7ff691cf2c1

SHA512
c14e19d2169c8c6b642810f7a9759994168711c0defcd4ae8db384ca14f095c8c8c2ab8d3a7acf7e471b8497e87837b414f5f2b7d9a45076ea83f086303233a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d6d58b96fb92ae9a970dceb4344d8532

SHA1
7e40500fcf9514809d6196f685c403852c5a00ce

SHA256
f68a3286d18d91379f890f575bd620a9b986df1a4e8b7a81b85def19b7d2de57

SHA512
28b95826156fcd10f922ba258756861a9289a9d3ecf1a71bf20bd1445e4e5c4e1c33c111979d76a14a0077a440e79632a6b16ea64d62aa7bb8667bba47fd7bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59189f.TMP

Filesize
1KB

MD5
26d9bec7a3b899d6e952a87122d6f3b0

SHA1
aeb59e328e04a0160b2b36fe1ed389590f0a799a

SHA256
273b27532377d0597fd4f17e4bdf874df878699ff266072090ed3d4d013de466

SHA512
e9da630b1513d6fd085e4b97edb4eb888cbedfd74b44b49c07fa3d5cbbea1284f20d5546ed19696f7e39e10479edac6081311e5c89c6f380c572bb282a81f0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
eef2d14f1fe17481e42255de224800ba

SHA1
fb4ec4f53d6a78bedf0feb070590748938758153

SHA256
bed4890deddc570cfbc2445e56b039ce31380b9daaa4810381078870d9c9d413

SHA512
5e719e9a9ed32aff1013ab470a65568cc40f98fe71c8555345fc7d3ca19f3892eff616fbd670e7e4e3ab4d6a2d6633ab23b7d1d2324aeede39119cdb87d37c6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
056a477f63f8ca9ea66fb526720109cc

SHA1
a32f7319b9560e7250c7536dfb8c36ad10a41352

SHA256
ac01c299798f75e27a2ed1250a26c5a7edee7705d9ae95b5ff4a0a0dbaa2fe65

SHA512
e6124a5049b7481e16aba7e5c7fc85b811873d46389eea35f3bd64da67220135692b4580602e83d8b227a218dc1171952206da373ed6b919c1f48bce0a78cf56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
15e274b02d5bbfaaa604451bc20f0488

SHA1
a33ef37843f3edd888bc6a3c267bf39dd6970bd1

SHA256
da326a17a5e5a151d29c597e2fedebdd34db4ca2a9fc68b8bd306ced67384f94

SHA512
c8fc65a78a80386c30ab3b0221bf533d5d42f0d682ee8b09ec8d7dd110aa3f663ea079b59476026f94b6f29130fa86a9183a8507a40302f65db68214d7b21426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
8dfd5352cb9ad14fdeca8fd47a5686da

SHA1
b6a830f59b7a21914eb7dbfd9c481414ab90fdda

SHA256
7a4433fb90b6cf30525b54191f8d753053832ac14dd906ca9f84309eed9bb3ec

SHA512
c73759f4b0e1e6a0c347d8ecbf67154b5bcde22c3f6c8f79b1bd70e00ed74cc561a0efd7209d24e5233b746a5e28e9d4a88d6242b8c013020ba413ce0947835d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1aceba6adbc12d76ddaceae5780b6025

SHA1
4dec27df60524e43e174fcf1d6c55a22632c9f80

SHA256
61a831f1b820ef6b7e82a214a58aba708c7903d2523f14e0cafab2a56ab678c9

SHA512
4e4055151f8cc5a2b7390b5bbd1408f38a1ea91c28aadb8bdc4bf72ebf9adb7a712fd6d2a8807ccaaf59d0a2f964972d4908efc917b1d34c10540613e71cc152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
4459bf26eebf0293b75c624cdf1c6b23

SHA1
2a0cf63d7d2a2a729b1b84e221955a5ab46f2e47

SHA256
2ddd13a6fc974d25f11c33a905c39ba8b6d266f7c58a93a41e5ada5975c821c7

SHA512
f9246c653ea54d90833734d359ebba743e97a7978639a8c48f64f2b026affed9281e65a44d12af2224e0493df1e3ca3dfd8fd101bd4c5170471b5dd6dbaf8f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
fd6d3fc7e46f5b9e3b4c0da1b4efc7f9

SHA1
5d3966e0c005829aa33e4a313774e4c1f39bfe6d

SHA256
757e4dee5f585da1c9d2d25bab2ec0e57b0917c305918889c454361da526bd9f

SHA512
c25c84498c7fa573756bea49090a54c84d9a06fed06f9d2d32e38e1a065ec9460a24e4e2fb388886d799e1c7e07c750bf8c9b650228786cacfb021f11b9f9ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6877dcd9500e34dc06473630b94ccaa4

SHA1
86a2b15470ac9ccbe3982dd48475242b1d81c374

SHA256
6c397dca2f8faa7e9b720958231c7b5fb8c185b44b0648f2721087ffadff8c02

SHA512
19d7bfbcd05dd1b138a8c99a0ed548b7dd657d5e86f0af725dcd82b189dfc3aa029df3606ad11be0bc9af7f54a7c2e02fc83bb84f1b948242d67b2b5ae8229fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cbc9d59e5d88c68021b2884c0be59ce2

SHA1
2ca6256777f38892c68b9e594754249ba6f12563

SHA256
edfca5e7d42af6bbf4064ae0a51951dfbb4db0c77d5b875c5fe587293d8bf432

SHA512
b6e43ae829fec8af752286e311361ee9fc2ac799677da34c234c4a30c7a39825701e80bc514c77d805e373d4afe54763abfda1cff6e8cfbf0b00da537a8ae372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
fbee4fd2a367b6f19401077d667529ce

SHA1
a413b42cff5fa2ae0aab614fb195c22b1e92b67b

SHA256
a3d8b33849be0a56257e4edfcc234e69f56ca0d6d3f5ad1253f45c8a7ab2e4b1

SHA512
c5944469f37675e85447a364d7562c49c084bafd378566d81cc38469a073cb3a735aca1ff4206998fc37ae064744e2fdbb92bb4e646f8ecf626c48641ad594ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
22c0b9deb49361fb88524ebff00475fe

SHA1
220443ccad412b5b50d4df4644619bb70349d878

SHA256
89ef849cc941b2adc4274918d613e4d922588b2970e4dafef035bc1b124c29c2

SHA512
0ddc6cf4fb9f3d1705fbea213999b3d5c2e59e33bc05f77059c5243120f7717d901182354b836c5790cf11e731c3a65b9664816fe8a45641b9b0df6123b8834f

Download Submit
C:\Users\Admin\AppData\Local\Temp\5570fab5-f67b-4012-b263-2496d05ee0fd.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\b898b38e-59de-4e0a-a053-2dc13e95e883.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4360_162340385\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/700-13-0x0000000002CA0000-0x0000000002D58000-memory.dmp

Filesize
736KB

Download
memory/700-14-0x0000000002CA0000-0x0000000002D58000-memory.dmp

Filesize
736KB

Download
memory/700-101-0x0000000002D60000-0x0000000002DB7000-memory.dmp

Filesize
348KB

Download
memory/700-102-0x0000000002D60000-0x0000000002DB7000-memory.dmp

Filesize
348KB

Download
memory/700-11-0x0000000000210000-0x00000000003F6000-memory.dmp

Filesize
1.9MB

Download
memory/700-100-0x0000000002D60000-0x0000000002DB7000-memory.dmp

Filesize
348KB

Download
memory/700-103-0x0000000002D60000-0x0000000002DB7000-memory.dmp

Filesize
348KB

Download
memory/700-105-0x0000000002CA0000-0x0000000002D58000-memory.dmp

Filesize
736KB

Download
memory/700-12-0x00000000029E0000-0x0000000002A99000-memory.dmp

Filesize
740KB

Download
memory/700-616-0x0000000000210000-0x00000000003F6000-memory.dmp

Filesize
1.9MB

Download
memory/700-104-0x0000000002D60000-0x0000000002DB7000-memory.dmp

Filesize
348KB

Download
memory/700-71-0x0000000000210000-0x00000000003F6000-memory.dmp

Filesize
1.9MB

Download
memory/4912-614-0x0000000000210000-0x00000000003F6000-memory.dmp

Filesize
1.9MB

Download
memory/4912-107-0x0000000003120000-0x0000000003177000-memory.dmp

Filesize
348KB

Download
memory/4912-106-0x0000000003120000-0x0000000003177000-memory.dmp

Filesize
348KB

Download
memory/4912-110-0x0000000003120000-0x0000000003177000-memory.dmp

Filesize
348KB

Download
memory/4912-37-0x0000000003060000-0x0000000003118000-memory.dmp

Filesize
736KB

Download
memory/4912-109-0x0000000003120000-0x0000000003177000-memory.dmp

Filesize
348KB

Download
memory/4912-111-0x0000000003060000-0x0000000003118000-memory.dmp

Filesize
736KB

Download
memory/4912-108-0x0000000003120000-0x0000000003177000-memory.dmp

Filesize
348KB

Download
memory/4912-21-0x0000000000210000-0x00000000003F6000-memory.dmp

Filesize
1.9MB

Download
memory/4912-79-0x0000000000210000-0x00000000003F6000-memory.dmp

Filesize
1.9MB

Download