Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.filemail...

windows10-2004-x64

10

Resubmissions

06-01-2025 19:09

250106-xtv3eswrdm 3

06-01-2025 19:04

250106-xq7xtavkey 10

Analysis

  • max time kernel
    64s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-01-2025 19:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.filemail.com/d/ktigrmufriomthw

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.filemail.com/d/ktigrmufriomthw
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:452
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d06b46f8,0x7ff9d06b4708,0x7ff9d06b4718
      2⤵
        PID:4232
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
        2⤵
          PID:4544
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4840
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
          2⤵
            PID:2920
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
            2⤵
              PID:4140
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              2⤵
                PID:832
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                2⤵
                  PID:3648
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                  2⤵
                    PID:4904
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
                    2⤵
                      PID:4300
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4552
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
                      2⤵
                        PID:3752
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
                        2⤵
                          PID:4796
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
                          2⤵
                            PID:3976
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5948 /prefetch:8
                            2⤵
                              PID:2464
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
                              2⤵
                                PID:4904
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
                                2⤵
                                  PID:2124
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2008,638430737681268541,5589517983623891546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5860
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4872
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4276
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:6060
                                    • C:\Users\Admin\Downloads\PASS-1234\PASS-1234.exe
                                      "C:\Users\Admin\Downloads\PASS-1234\PASS-1234.exe"
                                      1⤵
                                      • Suspicious use of SetThreadContext
                                      • System Location Discovery: System Language Discovery
                                      PID:3040
                                      • C:\Users\Admin\Downloads\PASS-1234\PASS-1234.exe
                                        "C:\Users\Admin\Downloads\PASS-1234\PASS-1234.exe"
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:5892
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 800
                                        2⤵
                                        • Program crash
                                        PID:3064
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3040 -ip 3040
                                      1⤵
                                        PID:6028

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        85ba073d7015b6ce7da19235a275f6da

                                        SHA1

                                        a23c8c2125e45a0788bac14423ae1f3eab92cf00

                                        SHA256

                                        5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                                        SHA512

                                        eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        7de1bbdc1f9cf1a58ae1de4951ce8cb9

                                        SHA1

                                        010da169e15457c25bd80ef02d76a940c1210301

                                        SHA256

                                        6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                                        SHA512

                                        e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
                                        Filesize

                                        215KB

                                        MD5

                                        d79b35ccf8e6af6714eb612714349097

                                        SHA1

                                        eb3ccc9ed29830df42f3fd129951cb8b791aaf98

                                        SHA256

                                        c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

                                        SHA512

                                        f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        408B

                                        MD5

                                        20b8be5bc92f55788a6e586f52c0baa0

                                        SHA1

                                        d66d6a890b555b8c5de8c6bb8d8c3c6b27970521

                                        SHA256

                                        eb4f22cab048dd00a27228d8bb7c234f78099485256d9c33da63fcca4ef49228

                                        SHA512

                                        730551f19b6b804b0dd4df030aa746b68eb290e6a4d08b24791516de5d4a888075aa3c61d47dacb027fa15b1bb866ce1a6f4d682e898fb00de27ae2bc1271577

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        7KB

                                        MD5

                                        c8616c9d9f615eac48c44f42a7e7fc0c

                                        SHA1

                                        f45e0890c1eea45039b98a4643986a5d534fcbf1

                                        SHA256

                                        e413c23eed9faf06bfa6c35247649b9d2290deef6913dacfb2e92002d1184a3e

                                        SHA512

                                        0a433bd60f9ce3eef68851ed5886c15a57bc40d70e7a589466b81ac76d420bba1b01cfd5a1133819ecea6a689b8a0d96099b500bb4cdf04d0b39bada389328a8

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        7KB

                                        MD5

                                        a5b87163a3d45f228a98860d16ff42b8

                                        SHA1

                                        bc0166a919d01346e73718dfa8b991a0162fd022

                                        SHA256

                                        7cca966e21a2eb06889c8d673a8452424f8cc242c1e2e3341faa62a6618e1bb4

                                        SHA512

                                        10ee0c9f8f6f1c9fd3999b602968bcd799373bd48ad8c8ff7058967271d187d965f8ba4a7c1b7ffb2dc23228ca7298cdd29d7697fdabae3efb0fdb686d24233e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        5KB

                                        MD5

                                        67cbb14c4eec9eeb5c0ecd64caeca594

                                        SHA1

                                        7bb7f5a7796d4e4a74bb292f7989ccb2f7468277

                                        SHA256

                                        a9d22a44a82eb2e82e2715475d89ba8c8acf1069fe2620f36d29fce3b9b6c97d

                                        SHA512

                                        109e08949e69c185a3d95e051bbec1a97e7964b77bac17d64f63824fed70317e9da2008482e9f6da1153d92342ac2708ce796e94d43bb5732f11fe62673fb5fc

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                        Filesize

                                        72B

                                        MD5

                                        c948763ef1d531b2a472c0d322f71691

                                        SHA1

                                        2cbb956272c9fc648e8bee23ac6933975c98c2ac

                                        SHA256

                                        4b93ddb3b747da14873d32f410de0cafcabb507081951b549634c1f0e4243937

                                        SHA512

                                        2a63f5a3faf42b92e5ed114595a95f9d1fb495f3bfb3fc5973938512ffc8904528ed5f1e82bd2cdc12df2680b3049a6fe602f889f1395a8595f35e6eeec69e67

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cd81.TMP
                                        Filesize

                                        48B

                                        MD5

                                        b5debfe683db6d1c17f2387641412b1e

                                        SHA1

                                        e74d90104c9fdf1994b5d61d650d591f5d197970

                                        SHA256

                                        b5656ab7fedaed9b34ce28c98779d455a20280d8182f0e7b4c9039a0a01385fe

                                        SHA512

                                        0907f863452c86ade718f5c63013ac9b7f3483353faed32973343c97fbd210b38ded7031b7300fae81d8fa8d28285358d1f4bfba2647eb0b4cf1fe53f6bd157c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                        Filesize

                                        704B

                                        MD5

                                        3910091f0ed6a805de58c46bf9a09879

                                        SHA1

                                        f5a6e9dceb9f9dddc5c6a58afddd012563283824

                                        SHA256

                                        11562247fd9d00ea26a96aa24d2c013e8de90b1b19414307268ff12198a5925f

                                        SHA512

                                        98489e4f7af7aa683af854ba236d4499814d27d3a76e9049a232146874dd51b7d54c9a01e5b843e85ce2ed68f8128d79e9673a54f5578e65159690804bb9ff14

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                        Filesize

                                        704B

                                        MD5

                                        2f9e788437a140beff6327b90ebd2239

                                        SHA1

                                        bb35597c53317f7bbeea5be503616f230817b303

                                        SHA256

                                        1ab63e530cfefa94aed07aabe0ec691006d4d2420bd5e2a8cca074cdb25af1cc

                                        SHA512

                                        970c0b8e6837bce40e03c525af3464dab2b06a60eb2f6bf35292357e4c0ab1b7484c1d8c105db52498265c6d8300f26df6f1b9adb905a4e8da2f37c21b589a9e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ddae.TMP
                                        Filesize

                                        704B

                                        MD5

                                        c90565d4aa4a71dd4053cc1ebf1f6cf8

                                        SHA1

                                        da957eb73e1a3eea02c8cb0aa748dc973c97b9df

                                        SHA256

                                        c155c320716892f28085975ba04dd1029840b6a269f57f32a3e900c61849a11f

                                        SHA512

                                        cd8e3cc648ef36c63bc459a3eebd5be6e7dc725d7d055d28e7eb80d9c5e0d65ae3dab845e6e13be7bbcdc8bc13eaa6d31d5f303e76aef1d65f866582a04ec9de

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                        Filesize

                                        16B

                                        MD5

                                        6752a1d65b201c13b62ea44016eb221f

                                        SHA1

                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                        SHA256

                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                        SHA512

                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        10KB

                                        MD5

                                        01abc7d7c040144eebf0c8431b3be923

                                        SHA1

                                        90cf9bc93e7a6a428e7247e2b647cdc482be5481

                                        SHA256

                                        2120438aa10587685d868ef8b0480e08f3b0a8e922d08bd33eecc438c15cfab1

                                        SHA512

                                        1394467622c2530b096b231cb3d4507a4c3f0d209cdf4c609fbdc5a59db46d55e470240da5ca6d1e8c0162b7b577fbdc1cb6a135203019102a198b1caba788f7

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        10KB

                                        MD5

                                        fffc5d6d12c700098255c9e58f9e8343

                                        SHA1

                                        9f2ed490be3d86ce28578007916752749bc86026

                                        SHA256

                                        3dd0f5940a24c59d44cba357326b9551cf7892e02655e7e8f219d73695d9eb46

                                        SHA512

                                        1ce2f24ef01a1fe0db2b38a50449cea80e0d855884861f60d60dbe3c55939c20fc3930815b159efd9f58360cb83159a965aab118b33ca02b10b5d557f026f1c4

                                        Download Submit

                                      • C:\Users\Admin\Downloads\PASS-1234.zip
                                        Filesize

                                        36.9MB

                                        MD5

                                        35c7317f931ba4a72ee40cc109222d75

                                        SHA1

                                        354553bde5f4492db7d32ce1edb0e29db5a7a471

                                        SHA256

                                        20dc8e516be4ba89b5a2221ad762682bea3ff3fd31417859df18109168e27f69

                                        SHA512

                                        82461d39ee8f1380b6335b87e143ead27e85508ed9a393c347d4d0531791f6a7a8055a45ceada158896d8092424a688ad0ad368effe93e9108952b019dd48826

                                        Download Submit

                                      • memory/3040-221-0x0000000000B50000-0x0000000000BB2000-memory.dmp

                                        Filesize

                                        392KB

                                        Download

                                      • memory/3040-222-0x0000000005A70000-0x0000000006014000-memory.dmp

                                        Filesize

                                        5.6MB

                                        Download

                                      • memory/5892-225-0x0000000000400000-0x000000000045B000-memory.dmp

                                        Filesize

                                        364KB

                                        Download

                                      • memory/5892-224-0x0000000000400000-0x000000000045B000-memory.dmp

                                        Filesize

                                        364KB

                                        Download