lumma | 6f0df40928071c599955dfa09d5f4596a823ad68b887c228a8e810287d856b66

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2025 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NewUpd [v1.1.0].exe
Size

1.9MB
MD5

11009591ca02b389f69e8c8e34f3f0c3
SHA1

de3e14d918d6aa164112c7339f85f67e60291616
SHA256

6f0df40928071c599955dfa09d5f4596a823ad68b887c228a8e810287d856b66
SHA512

1ea9ce27abdd7d8ee4aa139ede7e856b3e7404cb30259e2fdd09b2125bbc0aade93e25568ce426e82bcf45167982cdff51432ed20d8db7e8b8e9d1c03ae513aa
SSDEEP

24576:woWteRKeZUihWNS0fLw0E5+VulD0UnwTpkFWjuwbnFjx+Fyq1OeHwWOTMes8:IdzE0E5+MznUuwJF81EXwJ8

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://begguinnerz.biz/api

Extracted

Family

lumma

https://begguinnerz.biz/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NewUpd [v1.1.0].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NewUpd [v1.1.0].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NewUpd [v1.1.0].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NewUpd [v1.1.0].exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
8	msedge.exe
8	msedge.exe
3644	identity_helper.exe
3644	identity_helper.exe
6024	msedge.exe
6024	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2024	NewUpd [v1.1.0].exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1280	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1280	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 3944	8	msedge.exe	101
PID 8 wrote to memory of 3944	8	msedge.exe	101
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 2392	8	msedge.exe	103
PID 8 wrote to memory of 1912	8	msedge.exe	104
PID 8 wrote to memory of 1912	8	msedge.exe	104
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105
PID 8 wrote to memory of 3068	8	msedge.exe	105

C:\Users\Admin\AppData\Local\Temp\NewUpd [v1.1.0].exe
"C:\Users\Admin\AppData\Local\Temp\NewUpd [v1.1.0].exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff8b1046f8,0x7fff8b104708,0x7fff8b104718
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=220 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,7874687435266320150,1110956113702642845,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5528

C:\Users\Admin\Documents\Release\Release\NewUpd [v1.1.0].exe
"C:\Users\Admin\Documents\Release\Release\NewUpd [v1.1.0].exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3336

C:\Users\Admin\Documents\Release\Release\NewUpd [v1.1.0].exe
"C:\Users\Admin\Documents\Release\Release\NewUpd [v1.1.0].exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5444

C:\Users\Admin\Documents\Release\Release\NewUpd [v1.1.0].exe
"C:\Users\Admin\Documents\Release\Release\NewUpd [v1.1.0].exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
239KB

MD5
8a3343997119f05f93edd44791b78200

SHA1
d5c7bea1b79beed509aa4a3b3d7d65c88a761cf9

SHA256
aa57d045f3ecac86d07df3a47acd0c952918c767369facba59b95f6739ef57b5

SHA512
fa032739277264c13a7616e930b170994f852c55650f3cf290c9c1802b36d8389383b2c4a2770a92c595ec356f21813eb87722c6bd85f24e387aa30080ca6f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
49KB

MD5
7ca090d5f0c1a9e7d42edb60ad4ec5e8

SHA1
7278dcacb472ec8a27af7fbc6f8212b21e191042

SHA256
4039fef5575ba88350a109b2c8d9aa107f583acb6cbe2ac8e609071567c4cc76

SHA512
c4f2d23eacf74f87de8dea6e4532b120253bb9ad356341532f5e1aaf2ce90d137f46b50df7de5250bce4eca1fbfb74da088accd7c626fa853dc524abad7bfe8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
635KB

MD5
b537ca5fec304dcf3ce3171edf1e8fa4

SHA1
52665eefc08697d21f82719269fbfef687a643d7

SHA256
50b93c8ccbf1304dde0b424bafadf2fb654597bf4a35def9f29356988dfeb2ca

SHA512
81ae8df536c60aa8eb9a687625a72de559d15018c5248e0bc12ce7ed45aa7b960e999b79a8e197c38ddde219aa942ba4534f154aa99386e5e242d18a7d76c805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
34KB

MD5
e85ac71b59dadc1488a1c888db91c5ea

SHA1
a4aa7fc9226bd867a978945a27fd78a0a82cc994

SHA256
7441da6812af01a6eb9afa5d602986b233a57700cb721343b0aa9830a15def0d

SHA512
2b4d952a258f9001c2d8a42402c98788759138669750667524df2031d3926e21836b037974ded859bebf88fd9296791a6a2de65561b8098f066f9cbb8ae719ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
34KB

MD5
6242c13ec6b35fed918ab71eb096d097

SHA1
691e6865e78afb11d9070056ba6cd99bdad7b04e

SHA256
b1c7566622f40bad557a6c5b7bc5b8ae25b4da191ac716cc7923282eef96034c

SHA512
52914b4ca7362e9ebe326ea89006f5cc096fd4d1c360cae33ca768af92fe6fdb5078d0848fb6dc092848ba0e3d3f51bfb20a292250c35e8bd2e79fd5a19dd7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
15f327ec699d233669e5af2c74bc4d14

SHA1
c7dd6f0bb7baf4a3c4ffb2dfc67403373d594ee3

SHA256
6a434491780628d8ede29273a2df1b9b628c053b15288a2a4473be9f823effef

SHA512
340bd9fe274b1613c17afa1cc5c6fa819996a4b300c6843de4ac69a1d9edb021e465c564773f0906ad48f462b47c6867c46b11243a1e96dd86c98801fac5e2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d0322bf70015be80bb3ca9e017d606b7

SHA1
665eb223bccff52bb6ef773064dfcadb2d420ee2

SHA256
5760602683c66667e85e16677fad9bf35a6a6b7cff5c9e4c601e36294fd5e39a

SHA512
6ab7848c1b3db91cd748aaccaf4ac976c368aa87604d0348bb551278ea4b438c00007108421e346ba61cddb0f67dc57ecdd26bc1bc94970d68be4e7b6ea085ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
83c418a362d77511c9f93d710fee9651

SHA1
c1357f5423f3b84f520b3c2896c7601259107fc6

SHA256
57b14880da8a848a2b6e270ed758f86c3fca5e884ad3fe8fa1992934f257a3fe

SHA512
bf64f71a1f25aa66675a552716d9e3e677af4b16434fbb9fa519b2e5ff9d175ad8cfff7906fdd231c89e4524dd41bd32aada8e7f06092aec4232c90d6eea1c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
e1ea6450d10a42e2023e2bbecf972fb1

SHA1
f7539ffe21ddf576422a6cb471b2208202cb76cc

SHA256
c611cdad023556bc923e0155f44ed61d3a6528955475f13f59719e58bb3e2015

SHA512
8ffa076fc01b1a4e03e72154c829d07f37f5d02ef8fb0185bdf74d57b9314d285cc5c83f272b8c0a0a7ce5a826eac22921a5f592589bafe082a34478b59c0f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65d9a30c0b3890b20d7c879dc097c6e5

SHA1
58d574779289541a5e4da9168c835f49cc6f242c

SHA256
40c6e9c02bdd50176f4f43cb78db43d8f5551cdf9fe16f8549eb2de8392a3602

SHA512
158a1c218c198ab67e3906efb430f74d2256fada69aab09bdf23ee179de0983b89e6b6f891ac6d721d5b891985e2fc47daf9730a6cd802df28abc4e81395b931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ebd8c4c1f108bce60cf624745971d3f2

SHA1
03fc4d3e27ef54a64f7761860edf3c5723b2a963

SHA256
2f4298acfa328f82684e3dbf3ae6a6ef3b989b6fbefdc0f416e36431091694d2

SHA512
36d69391b487b3920aa4c32a0c1b6d693bf257273c9d00a978ea627d3eaf348490903d0b267a518c5580205e1ab153b99718c12257a00a311c7b9211fc4f387e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
10827e8f2ed4f75eb112b99411aeb0b9

SHA1
16679b95eb206386d8651699664ad656ab73451e

SHA256
a1ab9ff5ff2f88f92d1bd75e381857dc910608f3e98d6e4a8c305e99c5581460

SHA512
a97caa90070797082a34a5b2e0887135ba02cf9cf5229e224c8272a90bba14772819d868ae75d3524c8c95f986d0e765d9725b7c4c3deaeb967e42c1cf31a0d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c1653fa087d9146902e196fa2b9b0fb3

SHA1
4ad25678b4656c043552395074dfc93a1fa40997

SHA256
d3203682d1fcbd7b5dc0cf981e1611bb67a2c0b94bde30be8edeff40d43e5e11

SHA512
f228bc17dd7e87a9e5cf49a17c9f3e7bdd38a72e042f9c044436d843a834d48194a9eddcba601833f9ababf6d8ebbbf5e86510a599f2cb0a893cf5f169bddf52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
dc282f5061d5c2efc90a9e770df3c346

SHA1
54880c6c87c6850e8d9f772fd08c2eaf2b70572e

SHA256
e27333bf404bb0462207e16a2188f1593bd3b9c083a701f48ceccbb3ab9fada7

SHA512
844c3d366fdf6000c1978a595bd06a3f2fd831bcee89b391f29a52593005f1a4fdaa4c1bfedd0f0e07bc5db1e378a95030da21db31798e0d083547fcb0824f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
34ad6f30e230280b8ba1f0fe1d7432d3

SHA1
9d99186e3979ec529a75f320692e1f9ed62a4573

SHA256
10fa16f05bb6c3dc9f7e149139872c8be02fc5fc15e79ecc1880210b51a5e612

SHA512
fcee982f238e8df40efa71a4e017129b6ca7875f2c86bd12d516477e5d7fa3c39531dd0f254dea99baa40bb78c09e7a3e4b1ab0c3d62878d96250ee086361d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\42282f53-6346-4f0b-8ef9-8433caa7a70d\index-dir\the-real-index

Filesize
624B

MD5
8fdced12edecedafd9b1c86a0caa33da

SHA1
172a01df02637ccbb366309629351469c2915b28

SHA256
2eabd0fb3237f76a84341110db2b040c977963f080c711c25dfa69814e78b047

SHA512
fc5715b7dec662266a10d364b774d1910c6d16dcbdb0815b4a8d2b9455c1712c5e3ce48b4481311d95e5a79837ac1f66b93898aa230698340c089347bab2d32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\42282f53-6346-4f0b-8ef9-8433caa7a70d\index-dir\the-real-index~RFe589dd1.TMP

Filesize
48B

MD5
c1a77c289ddc72cd31527d55aab66bcb

SHA1
6ebb3e0058827977e00a0ce8d023dc75764910fb

SHA256
c4ca6ac72ff2a9a8f522b5e5f23955b14bbc160cba918dbbdccdd386dd61411e

SHA512
6c7ac1f4e710146e6423242b802ed184ecb69ddf7ea670d38ecd7b8a5f5fa821f6c4a4f4c306569ea96aba9175eb2e8b1afc55cbc95b612f5a23829c33e77027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c2dea15b-8c02-4806-9efd-ab4b423a85fd\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fe910d42-5481-41c2-8ba9-7de2a610ceb3\index-dir\the-real-index

Filesize
2KB

MD5
c77768fcc918bd5ce1955256d920cc8d

SHA1
77511d1b6404d5a8ce82de129dc0e39bca116967

SHA256
4ce5f72daec2e63918eccd750148295b0cc23f37e8f96ffb27d69c3723fcbd43

SHA512
f6ad853061265d61f33d8e7904d019c19ed8e11b4333e198d9653a2acf6f2f1d39fa1741e85b33312f2ce448eadcf6a52cff80e00f6ad87ea0cd70939b18d4b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fe910d42-5481-41c2-8ba9-7de2a610ceb3\index-dir\the-real-index

Filesize
2KB

MD5
456263f130d6445389fe12e999421ee9

SHA1
a9027076589db13b268da5727e8b9427179aab3b

SHA256
aecb72bf11cd87e0d72a008a2691d6cda25e6419bff4f0bea5ec6a6cf6ca3360

SHA512
98f56ec96158e75e18eb46930d0e31cd92374d330e70fff190a85f3ea7d7d49e437fcc56b91e487c2c0884a1effb3449db09463e7429596eac90ed02c2214dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fe910d42-5481-41c2-8ba9-7de2a610ceb3\index-dir\the-real-index~RFe584205.TMP

Filesize
48B

MD5
160b19a7cc12d3a2e76a7ffa0a946d86

SHA1
cf3c79c6ad1cb2666a3410cf25d844ce48660079

SHA256
8fea84b94ac4ae9219dbd6a6b351c0a598a67d6e7df23f9712c18b70144250d2

SHA512
d159029ed5a4902fd1510881549390d97b9b02698c04bcf0783208bef05fa3252301216fa102700000aab4c6e07a509e57258785ee3a92ff20abcc31af9ab31f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
4d0d25784987769e504ebdaf576ce18d

SHA1
36858c10d332c6aa6082cf7dcbb3e6673b5165e6

SHA256
2e7294eada24899c2bad68c4a8255a9e593d98f2b3db5b2b1d192eba152980a1

SHA512
002f6eeca183ee8f4c279aca1465ec7be4eb6541f5b11cf4e845d6827d04f49c0fbb2def193471d9ba0e24e6e79e60eb0b8390f5ac856bc1d30de653a4cad9dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
79f1c6d3ac63de4e6636facd0283547d

SHA1
5a4296d4e9d588e9eb282563a7a54d865f49e603

SHA256
21818e2899ad63cbadc66779eaa0edb9d9c3ae4fe1a3875d7e380e7739572832

SHA512
8324b882d60a76131a29eaa36158a8a777860791294ed1dd556f763305d33110dc7fa945a3549047332cde792f98ed1b49735be0580978154dda100a4c45afdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
6159e6e405cb8c2372f38d44e9b313ac

SHA1
7ce6697f497c53c4b5778fdb546e4e1c2cca6331

SHA256
ef1a3da1c0f061aa78376a058daedac3f67330c09fa7b4108dbebc8d0375a8c0

SHA512
4190523ee79188cddde46d8142a100ed53632bf96e9475910b13b2ee19796fca7c3784ae0a4e21b494fab8ac9c28495e395861fdd700a2353d5e5e0e7eb8b835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
2fabab45d3b046f5f7bb08c1e3daf50c

SHA1
ef7b096c573e4a1c5fd55454c35cd741d7a0b2db

SHA256
510fcdf425228c15d297d1d23d8af539d277301e41450db46bdb25cc16088500

SHA512
1e4408433a46b98b0ac87ce1ffb0631b83cf45b254e821b75ad23eaf980a162b701a285f076915bb178f115d39cd573300a0dfbd4d09a79350a52a3701cf6df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
4c2082db2e197e60168138c3f9a9e317

SHA1
3d55e8dfb4c02366e8d430753cba6a99ce33c125

SHA256
ec1cd42640a66af744f0540173f16e9047539733d6934e15e85f2e283e393ae2

SHA512
6c5cf42f9b6692b71541d2f0295712416c1f1338c996e3e56062b333b0963d4986a06f7715c131f923a301510dc464f0f9ea8a972bba216309eb327fac97b9fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
1aab79c4c7404b5a20b30a55b55a526a

SHA1
2dddcd598d80daaf2eb803b5bfed68a82771def0

SHA256
8edf01c976d1c823814e010488825aa25a370fb6513364f1c2347c97fe3ff992

SHA512
e321c5f52dfe4a8bebf143d87fc153f0f524f84a58403d4e69d0bb2c4e6e07963c3335d16d785424b0ba965bef7c1a370ae3c8baa264cced4ad69a729722be30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
c47420db3062c9ba6beffb32d11a652e

SHA1
edccbd63bf1538d7b68189bd1c297a4693324f49

SHA256
024539548123a6eaff0463fea5f0b2f04a527c23dcbea93f73e62a5c5a07f622

SHA512
2a75635baebf77042de30a40aa14d677e4b065be71113555d814199ac6b06b956d74634e47ca35fbca46af7733b322a32416c4839bbe8d82192fb83eb2a1965e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
182941823bdc8b25fb38088122d14146

SHA1
8bbe0da7e374ce602d28dcaf7c581d226917bdc8

SHA256
be8d754873ded00aad761c2549d331a75b30fd34648483c6ab2d6c2ebb8e5786

SHA512
11d9989fc728f3d817adb992bc87ad23ebf7669cd80c9320d60972d22f7c8f2577912d2e3b3c50a147f02cc88e602418cc6d2a8e9f1730a236f6340d5038100f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
48fe064ca499debc3f114caeaa7c9f2b

SHA1
fa28cb7af4b4cd513af14346e5e15532bbf272e2

SHA256
77cfcdfcfb69ad5089584da0d1f5f2c8fe114d8b40a282ee3874d6181c9f04a1

SHA512
626af047534b030e56a6930608c7d72b9ef7cd167c350b3f1943d0567421e08dc7de05a08d5e7375b4f36b0f290adaee9c4540e7086588f78ac6d182982e729b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58972a.TMP

Filesize
48B

MD5
1fac499b104874332bf01ca3d719a009

SHA1
647a8d75be5fc1e9d2f0d4fa5f2f1d5e75059cbb

SHA256
9ca1e9fab0f18348c60b23484b325a3037c2427403b3636494b5c28221e5ff23

SHA512
1a7a3e749e428c59b5fbf93a926a5ee16f10329fb6b4cee88b5c6421ddf51fd047a0a8f53a6b815ca13beeeb07ed17d54ce868bb7f07644241a923b56521634e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
72ffff750885129f5dd3dc3bec08e3b2

SHA1
9bb0c3fa3c11a84181aa548bbbaa5d7a0a751f94

SHA256
64a0ea6a088d93d221bcf9af9fe3cebc84c4c0a39c99ea43bc4c618a40ab66b0

SHA512
dee3d278278e4e48501dacce0399cb6f8c1a4bb8a4de4894a4d1c41b2b31a6203f537cd7f4fac344871ede75a41ee26e812b09a4311383a14b21ad0f62bfc8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
707daa47d9adab15bf8560bd8b3b49f2

SHA1
502e25d359df0e80b71c10174259d1d2b93cb0e2

SHA256
a65a1bb8457f3957fdc6b0fa440bc649d337ad5da58c8ec9d88e43c6b8aeaacd

SHA512
11c59041d2170a01226607b86c9c7a68b0da9bfc2a4a83f79657e1748be327721919ca184b893be3bcc63448c35934c3f4cef8d2a789ead54d2e1afb38b15522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
aab8930b7f19a9372838e18e8a4ef527

SHA1
99834753d8445b76cd59ca542db6c4b07e0969bb

SHA256
8515f78056ab3d0c2d27e0a920cf4d6afa64e5fe12a316a477dbf31ab9ed663f

SHA512
25db5d589eb1c2f80234af4e8a7589ac77ea24522a9234081e04fccae20e16ca5ad77d87224df5fd57f4ffca96a6f47bdbed5fc3e868332938950a3d85f4a326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586fbc.TMP

Filesize
702B

MD5
a1800e7e8e7b7ab7f78209472f67d730

SHA1
cc9716be54a89e2ef651b43f3db06dbbd66f803a

SHA256
89d75a289088cc21f1b09591fd3769c125d54916d44e70161246e822d887fc79

SHA512
d7e228fb946804ed874931fc1500ae2779a6edb8d49cdf6eab545a0baa2928b1650cb6fcecbca5e782c18437162303a39ea1f504cddc29835f7aa2de89959aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb6e70114f3ecae3536b5b2fb3a8b6a0

SHA1
bad96eda4d3de6d9a992cf90899e9c6e2e9820ae

SHA256
5eed189a2343d065f9b6ae057305f05f43fc50361e02c28e433a2cffc0b7d248

SHA512
a511a2d17867f8128249b91b8009cf14962a26511bb845b552b9ab9d0a18add4659af499205d402511a2ca87f35a2a4aca512927b4302f21eff15c65764458b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fbec52c597f9e7e23eb5cf4a5c91ced6

SHA1
01dc61084c4c0de33da446b3a64dcc6ed1584532

SHA256
4123bb66b411ab2c89f4adb4e2e3b81ff99bbdc7b7aa04d5c6c91fd05b7b6637

SHA512
77452c504a99f46b390c3acb76d2aabf92d3abf601c68c147bbf676dead09cc36c913cd121776b52470a9b05da8f0519c6d9359e1e638df3cba911fd0ca8c25d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64.zip

Filesize
24.6MB

MD5
cd2b9dfc24fdad3ec94b0a3ba218793b

SHA1
db766bbf1063841aa5e3c6920ac6966de78f1c0c

SHA256
f803dbd0b03e16dcaec88294820770c7569a00484d785ff802d265a61c1a5c2a

SHA512
8dff27bc61a586634f1585ec7829bbb8223511121fbcbdc12e161e96a73dbcee7699715eb67832e817a59054fc43088d4244ffab598ac20d5377506d6645cf5e

Download Submit
memory/2024-2-0x00000000034F0000-0x00000000035A8000-memory.dmp

Filesize
736KB

Download
memory/2024-1-0x00000000034F0000-0x00000000035A8000-memory.dmp

Filesize
736KB

Download
memory/2024-21-0x0000000001230000-0x0000000001287000-memory.dmp

Filesize
348KB

Download
memory/2024-23-0x0000000001230000-0x0000000001287000-memory.dmp

Filesize
348KB

Download
memory/2024-25-0x0000000001230000-0x0000000001287000-memory.dmp

Filesize
348KB

Download
memory/2024-24-0x0000000001230000-0x0000000001287000-memory.dmp

Filesize
348KB

Download
memory/2024-3-0x0000000000040000-0x0000000000226000-memory.dmp

Filesize
1.9MB

Download
memory/2024-22-0x0000000001230000-0x0000000001287000-memory.dmp

Filesize
348KB

Download
memory/2024-41-0x0000000000040000-0x0000000000226000-memory.dmp

Filesize
1.9MB

Download
memory/2024-0-0x0000000003230000-0x00000000032E9000-memory.dmp

Filesize
740KB

Download
memory/2024-26-0x00000000034F0000-0x00000000035A8000-memory.dmp

Filesize
736KB

Download
memory/3336-1174-0x0000000002C20000-0x0000000002C77000-memory.dmp

Filesize
348KB

Download
memory/3336-1172-0x0000000002DD0000-0x0000000002E88000-memory.dmp

Filesize
736KB

Download
memory/3336-1160-0x0000000000CF0000-0x0000000000ED6000-memory.dmp

Filesize
1.9MB

Download
memory/3336-1177-0x0000000002C20000-0x0000000002C77000-memory.dmp

Filesize
348KB

Download
memory/3336-1178-0x0000000002DD0000-0x0000000002E88000-memory.dmp

Filesize
736KB

Download
memory/3336-1176-0x0000000002C20000-0x0000000002C77000-memory.dmp

Filesize
348KB

Download
memory/3336-1175-0x0000000002C20000-0x0000000002C77000-memory.dmp

Filesize
348KB

Download
memory/3336-1173-0x0000000002C20000-0x0000000002C77000-memory.dmp

Filesize
348KB

Download
memory/3336-1192-0x0000000000CF0000-0x0000000000ED6000-memory.dmp

Filesize
1.9MB

Download
memory/5444-1184-0x0000000002F80000-0x0000000003038000-memory.dmp

Filesize
736KB

Download
memory/5444-1188-0x0000000003040000-0x0000000003097000-memory.dmp

Filesize
348KB

Download
memory/5444-1185-0x0000000003040000-0x0000000003097000-memory.dmp

Filesize
348KB

Download
memory/5444-1189-0x0000000003040000-0x0000000003097000-memory.dmp

Filesize
348KB

Download
memory/5444-1187-0x0000000003040000-0x0000000003097000-memory.dmp

Filesize
348KB

Download
memory/5444-1186-0x0000000003040000-0x0000000003097000-memory.dmp

Filesize
348KB

Download
memory/5444-1190-0x0000000002F80000-0x0000000003038000-memory.dmp

Filesize
736KB

Download
memory/5444-1179-0x0000000000CF0000-0x0000000000ED6000-memory.dmp

Filesize
1.9MB

Download