lumma | hxxps://www[.]filemail[.]com/d/ktigrmufriomthw

Analysis

max time kernel
88s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.filemail.com/d/ktigrmufriomthw

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/5492-234-0x0000000000020000-0x0000000000082000-memory.dmp	net_reactor

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5492 set thread context of 1236	5492	PASS-1234.exe	132

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3588	5492	WerFault.exe	128

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PASS-1234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PASS-1234.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2620	msedge.exe
2620	msedge.exe
2664	msedge.exe
2664	msedge.exe
5504	msedge.exe
5504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 4868	2664	msedge.exe	85
PID 2664 wrote to memory of 4868	2664	msedge.exe	85
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 1396	2664	msedge.exe	86
PID 2664 wrote to memory of 2620	2664	msedge.exe	87
PID 2664 wrote to memory of 2620	2664	msedge.exe	87
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88
PID 2664 wrote to memory of 1100	2664	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.filemail.com/d/ktigrmufriomthw
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8e1246f8,0x7ffd8e124708,0x7ffd8e124718
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,11823161662136936882,6090911092641743638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5704

C:\Users\Admin\Downloads\PASS-1234\PASS-1234.exe
"C:\Users\Admin\Downloads\PASS-1234\PASS-1234.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5492
- C:\Users\Admin\Downloads\PASS-1234\PASS-1234.exe
  "C:\Users\Admin\Downloads\PASS-1234\PASS-1234.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 168
  2⤵
  - Program crash
  PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5492 -ip 5492
1⤵
PID:5712

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\PASS-1234\PASS1234.txt
1⤵
PID:5784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
6dc3c224ef979be78a06e7c9570b8cbc

SHA1
6663fab59e297caee7f28c8344acafda6ea7e5d1

SHA256
de475a80bca2164f6b50558529fbb579fc67198b087dc532060bdf481d66c4db

SHA512
63efde3d73a45852e1fb058d1187ad97178c2277d440750d539728cdeb951cdff3c027d7a59e81313277373ef63f2d4129d6f7596695867d2399b97d5a4dcd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3b8e6e85afd0ff200e812c156315de49

SHA1
d753129fc963fc2b39cc1d9ef87ee9950a88e102

SHA256
05bdf5ef387e2c7f7abfc77dad961ec2dba20dd109a08f2a9c1a1b5fc9471b98

SHA512
a1e94cae316f5035acc9b2294cc082bb864054f0d3d28cb6824e161866c4ed76f43f5a6e6657feb7ac2a6c7b2805d41f7dece4da08965863523cce5ee0fe8acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f95de1001fc73638807ce6aa5e0038ad

SHA1
b7f2af5bf0378ee4f530afb52514c8409379696e

SHA256
59519441d0a92bb5bb460050295102e31275918e7a9d576213202b552a8ae8f3

SHA512
9ec9f1ae2c5ad2b8e8b761682566e66db8d5b67a5134468a2adec0696fb91239dcc9c2396b7dbbd92207e9291ea12d651c906f283ea12f078ebe79a78f0770a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
720df3b08a0c410edafc041131962ffe

SHA1
c6207aba1aa5511ce9fccfec2463626cc14aa16d

SHA256
f9b68f1225fc7ba138d5707ab5cf09afba68805f4e18c4fff7430909c5448d9d

SHA512
50892819712c76f97ea29b36c4dcf19c7e8ac1ee4be314067d923ee01ef831706a8ee1258d868d40157fdc0d8dd8eac557484b89770efb47dd499c08a7284ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3853ec4f3cea1200209e7113504b4ab0

SHA1
15330db7a95e0500c1802c64caab467dab17ab2f

SHA256
d297da2129cb7079da4a4484f7a974a15378556ae12ead3bae15209f96888245

SHA512
25df5160c15d045ccab1783500cc94cb55ac2369e9870b4b603fccd03cd6a7b52a83bc645be5f07fc052aa84f2ef50a863e91a6e2e3648b29fac6fe55087e5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ab979718c9d15ba0eca4465a7e5862aa

SHA1
2e850a6bbb328d7b56c7db7698b7acad6f7f64f2

SHA256
f7dfa1f8382499466fb93a533a573fe1e9bffccd7ed6650db15967615504a055

SHA512
1912d879c1dc3f7facc31798e0981848f957d756372614db57cd91bb453031742aba1ff61f8a485ce23f26d3727eb5e9a73bf0bb673e5fb24cc4c789802e362f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ea21.TMP

Filesize
48B

MD5
b6f01d210ccde8f9b37bf0787e2acc37

SHA1
80dcafd38ff915033f3a3c682915ef51c623e22d

SHA256
660f5cc87769d3defac34eb9b0b3cb4f0be1ecaa02b4af56502e2a11f039f2e3

SHA512
c1da2cbd8ebccfea85763ad44d48a47862f7a7eb2b8d734bac0cad27fab4bf87c22cd096514b202398246e17a049ea5e4333562baac5e70ea88c108889c80427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
476ec94ea101e602b84d80468d8852b5

SHA1
272b8e83dec9300693b157ed3a677166480657f5

SHA256
e3bb094aaf84e63392769d5fb1212f60718502674041c94da804370510f0891b

SHA512
77174108ecd87974e324304ea3edae7cf998e6181a170fa0b7f554525d4522541a68b389d19d001ebb8603dada928ea6f13c58faf7f6c14ac2c62d2f2873de91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
694B

MD5
740d1f0552b988ccedcd7a4f4f246b78

SHA1
22afdd7a4599fc7bbe1ea42612c4a558413a469a

SHA256
8b2cc1dd1852a2c68c8c7eedeed656afde68dcef19922ff2de797dea06d78429

SHA512
b73ed1b48b7d3f3ee539877c1693a22bd037a8d556f910e3f008753ff019e0ba572f906ebe3d527d5cbe65ef4233fa19e0d0f0e0de9592edbf79592a19e72cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
694B

MD5
14144f6d2c65e1e2beb3f6b794bfe0d1

SHA1
06af096f84dbfb7b8ff36d18effa89868fb30796

SHA256
fb5a1d52bb23fde8536f06e2b98cbac64f900e1a23e9f99877b05dbad0b04eae

SHA512
98185b19ac09ca1b757a461bf251fdb6a480d547854c51398a7d6a811f44e7ba4472e9dc964c6322e267a29566cdb44e47b090b240d5486e40f53c387b3e3ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f83b.TMP

Filesize
704B

MD5
80b8586168a7ff10bbe10c9e7e9c3313

SHA1
528a74fddfb39d3068e27cd7aeeaba0bd2084918

SHA256
cbcdaafecc406dff37b708cebe3f8f92fd7d262f44ecd09d83a527f14473dc42

SHA512
4089b34fb429b56bff6cd9c07199d276f6500df17383ae2b5b7f469ce4305ad6bcfc6c92d06397ec39127877d9605ecf8ce504d70f537098c3f836d3a850e2cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d92723775ec667b17eb93df767f02751

SHA1
75d7f6523c1ee5a85e52802e6a0737e57d7bacfb

SHA256
4117ee905eac8989e9e0757989a92fcda73c93ded16965861f9be73d36dc2b96

SHA512
fbff043fee82fa8d75e3c4729e99d4db92329e1457ce47893f0ca142f9213229f7c639c77ee5f631ff38c64d748017102cc2e3c9b9b757ba3306548cb6c8dbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5e3c99f69d0d4f1400b67bd55fe22e64

SHA1
1c4554be3d498cc734b1ef6059364315e6557a5d

SHA256
4e4864fd8d80bad195a8f34c4c5218e3963b7d8e293a4aae53b778b0dea28a7c

SHA512
209167588a458b03fd3e8907615e3629f81312d0ec5546dbb9d67469855c7fed17c23209a951bc6f7526d063dc05d38c290e320c0aa10b6b5f1c992e801dc73b

Download Submit
C:\Users\Admin\Downloads\PASS-1234.zip

Filesize
36.9MB

MD5
35c7317f931ba4a72ee40cc109222d75

SHA1
354553bde5f4492db7d32ce1edb0e29db5a7a471

SHA256
20dc8e516be4ba89b5a2221ad762682bea3ff3fd31417859df18109168e27f69

SHA512
82461d39ee8f1380b6335b87e143ead27e85508ed9a393c347d4d0531791f6a7a8055a45ceada158896d8092424a688ad0ad368effe93e9108952b019dd48826

Download Submit
memory/1236-237-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1236-238-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5492-234-0x0000000000020000-0x0000000000082000-memory.dmp

Filesize
392KB

Download
memory/5492-235-0x0000000004E00000-0x00000000053A4000-memory.dmp

Filesize
5.6MB

Download