Overview

overview

10

Static

static

10

rihuata-ma...sa.exe

windows10-ltsc_2021-x64

10

rihuata-ma...la.exe

windows10-ltsc_2021-x64

10

rihuata-ma...aa.pdf

windows10-ltsc_2021-x64

3

rihuata-ma...gh.exe

windows10-ltsc_2021-x64

10

rihuata-ma...er.exe

windows10-ltsc_2021-x64

7

rihuata-ma...er.exe

windows10-ltsc_2021-x64

8

rihuata-ma...er.exe

windows10-ltsc_2021-x64

7

rihuata-ma...ee.exe

windows10-ltsc_2021-x64

8

rihuata-ma...pa.exe

windows10-ltsc_2021-x64

10

rihuata-ma...sa.exe

windows10-ltsc_2021-x64

rihuata-ma...ii.exe

windows10-ltsc_2021-x64

10

rihuata-ma...sa.exe

windows10-ltsc_2021-x64

10

rihuata-ma...sa.exe

windows10-ltsc_2021-x64

7

rihuata-ma...lu.exe

windows10-ltsc_2021-x64

10

rihuata-ma...ad.exe

windows10-ltsc_2021-x64

10

rihuata-ma...sa.exe

windows10-ltsc_2021-x64

10

rihuata-ma...rs.exe

windows10-ltsc_2021-x64

8

rihuata-ma...wa.exe

windows10-ltsc_2021-x64

10

rihuata-ma...ad.exe

windows10-ltsc_2021-x64

10

rihuata-ma...ad.exe

windows10-ltsc_2021-x64

10

rihuata-ma...ix.exe

windows10-ltsc_2021-x64

10

rihuata-ma...aa.exe

windows10-ltsc_2021-x64

10

rihuata-ma...aa.exe

windows10-ltsc_2021-x64

10

rihuata-ma...wd.exe

windows10-ltsc_2021-x64

10

rihuata-ma...ee.exe

windows10-ltsc_2021-x64

10

rihuata-ma...aa.exe

windows10-ltsc_2021-x64

10

rihuata-ma...wa.exe

windows10-ltsc_2021-x64

10

rihuata-ma...aa.exe

windows10-ltsc_2021-x64

10

rihuata-ma...ka.exe

windows10-ltsc_2021-x64

7

rihuata-ma...da.exe

windows10-ltsc_2021-x64

10

rihuata-ma...de.exe

windows10-ltsc_2021-x64

10

rihuata-ma...aa.exe

windows10-ltsc_2021-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    145s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    05/04/2025, 12:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rihuata-main/mumirolepawers.exe

  • Size

    137KB

  • MD5

    a1589065a8e34c3f551031d41860a5fb

  • SHA1

    4829223737ff1c274f6a58b0f6be39af12ae9fd0

  • SHA256

    fb56c1ac1cc933ab05f02a39937dad20960bf71144358ac3b99262f5c1ab2493

  • SHA512

    1e81df29dcc8d09660defea508dfd3cbe954b20238f80e67d0207c5a1cc5318e243daebcdd1c46045ea71e589bc8d2c1ec11beb1ddbdb79917aea2c608c1188d

  • SSDEEP

    3072:aVvH8RuVrLyEj/S2CUGACcceJd/klDHa/R8mxu3s8QOPu:KH8RuRLlzgUd6a/AslOPu

Score
8/10
credential_accessdiscoveryspywarestealer

Malware Config

Signatures

  • Uses browser remote debugging 2 TTPs 8 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 40 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rihuata-main\mumirolepawers.exe
    "C:\Users\Admin\AppData\Local\Temp\rihuata-main\mumirolepawers.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5856
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
      2⤵
      • Uses browser remote debugging
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4068
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff838a6dcf8,0x7ff838a6dd04,0x7ff838a6dd10
        3⤵
          PID:1560
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1608,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2196 /prefetch:3
          3⤵
            PID:4620
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2052,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2024 /prefetch:2
            3⤵
              PID:4688
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2412,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2564 /prefetch:8
              3⤵
                PID:4832
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3008,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3116 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:4820
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3016,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3156 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:4912
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4184,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4204 /prefetch:2
                3⤵
                • Uses browser remote debugging
                PID:1840
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=1708,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4692 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:4960
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5352,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5288 /prefetch:8
                3⤵
                  PID:4136
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5436,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5452 /prefetch:8
                  3⤵
                    PID:5136
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4820,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5708 /prefetch:8
                    3⤵
                      PID:236
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5756,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5720 /prefetch:8
                      3⤵
                        PID:3104
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5676,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5808 /prefetch:8
                        3⤵
                          PID:6008
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5732,i,3394490123706739502,9693088942493380637,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5384 /prefetch:8
                          3⤵
                            PID:4352
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                          2⤵
                          • Uses browser remote debugging
                          • Drops file in Windows directory
                          • Enumerates system info in registry
                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                          • Suspicious use of FindShellTrayWindow
                          PID:3528
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x274,0x7ff838eef208,0x7ff838eef214,0x7ff838eef220
                            3⤵
                              PID:5804
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,8871844160502217739,3082318124513423236,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:3
                              3⤵
                                PID:5992
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2184,i,8871844160502217739,3082318124513423236,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:2
                                3⤵
                                  PID:648
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2500,i,8871844160502217739,3082318124513423236,262144 --variations-seed-version --mojo-platform-channel-handle=2696 /prefetch:8
                                  3⤵
                                    PID:4412
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3556,i,8871844160502217739,3082318124513423236,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:1
                                    3⤵
                                    • Uses browser remote debugging
                                    PID:6092
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3560,i,8871844160502217739,3082318124513423236,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
                                    3⤵
                                    • Uses browser remote debugging
                                    PID:972
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\lno8g" & exit
                                  2⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:2860
                                  • C:\Windows\SysWOW64\timeout.exe
                                    timeout /t 11
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    • Delays execution with timeout.exe
                                    PID:5768
                              • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                                1⤵
                                  PID:4696
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                  1⤵
                                    PID:5312
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                    1⤵
                                      PID:2644

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                      Filesize

                                      649B

                                      MD5

                                      ea04c4304442f5b5ef002d03c08c876b

                                      SHA1

                                      469bc43e0e3f4944129c6077b1a2cdfe339d6abd

                                      SHA256

                                      e6f6fa1d81bff4f7c95b7b519954b916ca7b3406f6db261f13b3848c2048d7f4

                                      SHA512

                                      fe30e20ea981d338ff938ac52430ed89d99c232a82d5e513bc58de12958ca3e9b063eadb0a29207e2daa2a4959dcc194d3f554c9a02ac1b2130a0aee81cd392d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                      Filesize

                                      2KB

                                      MD5

                                      c85a243363ca71a909fb5313dcddf44a

                                      SHA1

                                      547e56d464350c8dc7c28866cea54f8f3ff66f7c

                                      SHA256

                                      5e46b7c0b3987e05a94401000a7133ed860a551316240f5e6446ee45ef91a18d

                                      SHA512

                                      565409a978bc8c08b5ca1b438e2291c51cc62ab2cf7932785033d92c1e6879507115fbeb3b2d03c3247f771118e0c5080b6d33db40dbd55a0e932f267e904e12

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f5529e97-35a4-480c-b3a6-3a4067a8591f.tmp
                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                      Filesize

                                      10KB

                                      MD5

                                      b55613a6407a6ac541d87b20b45baa97

                                      SHA1

                                      9575ac5f00f9e1872ca2af5bcd38d09f52a20b31

                                      SHA256

                                      e66bb3c680efa9c86864540aedbc806e8a39094481388ce9dcbda0e622b28957

                                      SHA512

                                      c42bb647782bc96237fe0dcb81d757f653b6d1abb4ef3aef28a1353e529eaf8671ead88c4a04270ab9c95be6c54f7a2832dccd0cd28d4cfc6595e62480cb18cf

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                      Filesize

                                      18KB

                                      MD5

                                      201df86d49d0da33e29bd585b656e004

                                      SHA1

                                      eb68df64dbd6c3749f46632c3fe7f6246b17e5f8

                                      SHA256

                                      26bb03cc388839b8be570f05a03b915072b177c0564059d3fab88b0d7434ada5

                                      SHA512

                                      557bc8a056f978c575e120bdb428a3dc5af39668157e9918c2d46e2ff613943738e003074f0c0f4facfc7b0c12d095d9f39344c6099811a21291567851b3eb95

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                      Filesize

                                      153KB

                                      MD5

                                      3bf3a2839ce98cd83ec571314c9b911d

                                      SHA1

                                      8c0da9f7de3b1051ea09bfc2997efe40522ce8f6

                                      SHA256

                                      83351e0e2f21faef0cc08046e551525df549a5205ac74f7016f10dc10a7ad81c

                                      SHA512

                                      54f8ff710821d6f5c11b9a737fb841e8781c4eca6f658402474b129449e7935eda2e4202b8d5703698c61dd7e3e511b34abdd914c6658b94ae19229b35758bb6

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                      Filesize

                                      80KB

                                      MD5

                                      1d726e271e083b50f75a233e5cee1498

                                      SHA1

                                      d8ba53c10a8b1aade6e8cc705917ec0b480f4657

                                      SHA256

                                      eb5b930e40d5ef44b9cbc62889c38ec2b6a1636940c8aed376994d0f0a002f3a

                                      SHA512

                                      9c59db6ee47c087f1626792f2c9333ecc61ac8efc115b67a9f6489bfd79457d27fd0e8cf1dab3aff8ba9f077f53b2af61194aecd8f03465c57c0f60521e1b674

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      280B

                                      MD5

                                      77532bfc14c90e92c2c117f6625e41d1

                                      SHA1

                                      7ba952d5e18485d66976547fb8f47b2aaffeab80

                                      SHA256

                                      587fe94912145359072577e01c7fe95e0fd4e6972e35f0a6a4d464382d8237f7

                                      SHA512

                                      1b1b9ed2c3012cb6371b05681acf995a15feab32f0bc860bd4c441c1a1dcd8bd1a9fc7985fd10c16674ee7423a86c479a241dd5d1c843fb70962504db0eb82a2

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\60b34f44-5474-43a4-b5d4-58aa2af8012c.tmp
                                      Filesize

                                      1B

                                      MD5

                                      5058f1af8388633f609cadb75a75dc9d

                                      SHA1

                                      3a52ce780950d4d969792a2559cd519d7ee8c727

                                      SHA256

                                      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                      SHA512

                                      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5bea1764-b070-4aad-8261-2a922c58cde7\index-dir\the-real-index
                                      Filesize

                                      1KB

                                      MD5

                                      93d90034c7f022f29bee7d797321f6a6

                                      SHA1

                                      fe1f5823fbc5269dff19dac6671602c9aa769352

                                      SHA256

                                      7eb9441d42dd2884fc6db3bb9484524f8f41df3485d8b554c54dc720f50d67fd

                                      SHA512

                                      78da6779a12e0d182498b51388f9b356cced8418d0c3c4ad00acdf18ce1e1f87c52a87013bcb042d955cc64af608827f013852b6f9d17563616478be01db0ea8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5bea1764-b070-4aad-8261-2a922c58cde7\index-dir\the-real-index~RFe57f0e8.TMP
                                      Filesize

                                      1KB

                                      MD5

                                      9a72aa59412b182b23fb8c0db4faf5b5

                                      SHA1

                                      aa9e3cab2ba053bd65e8eebf5773db284cfde22e

                                      SHA256

                                      792f232e5f219269386f5a7e7b55bacbfcfb80c7127277a0c097ace188f6b708

                                      SHA512

                                      dca41a56be8105545287f6c2406aee27ecf2b113a1486e97479c58c4186dd05883a58f85286a598f41df1052f8a75ff638d6286b6ab0b5ea2112b2fdd4f6e959

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      40KB

                                      MD5

                                      60803af570f99b687264ba717b374bdb

                                      SHA1

                                      b5fe9ba266c0948d743de25b7776cfa6bc064ef4

                                      SHA256

                                      b18766ddc3609da118aa24ba7da86677252ebb6c6a0f38b0ecec91c9ef439265

                                      SHA512

                                      57d9cb442b997a99287ab5d3239c53f2f6cce3af1cbf418713954485659b42cee7beafaf68e2951bc05c75b00d4f01bc6c72876b67f2380c55c1b1c0d8b2ef34

                                      Download Submit