lumma | hxxps://roxplosx[.]ws/

Analysis

max time kernel
437s
max time network
472s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roxplosx.ws/

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fastysticke.sbs/api

Extracted

Family

lumma

https://fastysticke.sbs/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
4676	msedge.exe
4676	msedge.exe
1496	identity_helper.exe
1496	identity_helper.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4784	msedge.exe
4784	msedge.exe
1956	Bootstrapper.exe
1956	Bootstrapper.exe
508	Bootstrapper.exe
508	Bootstrapper.exe
2668	Bootstrapper.exe
2668	Bootstrapper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 4624	4676	msedge.exe	83
PID 4676 wrote to memory of 4624	4676	msedge.exe	83
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 3976	4676	msedge.exe	84
PID 4676 wrote to memory of 1228	4676	msedge.exe	85
PID 4676 wrote to memory of 1228	4676	msedge.exe	85
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86
PID 4676 wrote to memory of 728	4676	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://roxplosx.ws/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8df6046f8,0x7ff8df604708,0x7ff8df604718
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,4604367679868012272,14589623245254881459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1200

C:\Users\Admin\Downloads\Release-x86 (1)\Release\Bootstrapper.exe
"C:\Users\Admin\Downloads\Release-x86 (1)\Release\Bootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1956

C:\Users\Admin\Downloads\Release-x86 (1)\Release\Bootstrapper.exe
"C:\Users\Admin\Downloads\Release-x86 (1)\Release\Bootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:508

C:\Users\Admin\Downloads\Release-x86 (1)\Release\Bootstrapper.exe
"C:\Users\Admin\Downloads\Release-x86 (1)\Release\Bootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
21.1MB

MD5
16906fb6ff373aae05e62b354cf77f83

SHA1
14ee7ab502b077cc991866d27acdaee052c2d8ab

SHA256
10f2f9006054cd92864753fc0805c8623e7a4d135db0cb39c1c5c0f35f4931fe

SHA512
1accfb5bb3b6489fc4c4b0042bddf618e75860ffc82792e06a6671390aebf688f188be566cd246423f6728898cda23bc8f841d555a09e9ef362eadb44133cc79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ebb6423e735f13aeb081ea59daa7ee35

SHA1
3801594de4bc9c56a424aa11ed58f5ee6b13f568

SHA256
8154641bee6f4027919971fdb13f8ef23a8907983861ed8bd368c8f231eb1c82

SHA512
2a6c4921a41111d936f618deeaf0591dd7a6d25a47f535c5a4354f2dedd6b56f380175b422a5eefa6cafca361674222c3782ce0c004d3277a0aa8c776c39d46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
32af9890f3e4d7a13dd0238032cf565c

SHA1
49a81b89609f92cddf2be3603edfb35337dba9a2

SHA256
1ca34e30c134b5e0945d46a4f9ea460dde74b34ca49609c77a2c397ae72dcc05

SHA512
d022eb4e86b0eba107b5ce18df076f9fbb6fdcd1ad6c53fcd1effaeb0f0ae8e90e895914dafcd79b731f6ec5113cd39e42d5381ddc994e82d6d7162f808e5056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
01b2a047d657dcc37c95ff6fe3192172

SHA1
5a3abf2b2f0086e9669757d2fa497df4eea4a9d5

SHA256
c954c0dd8505010810028c6ecbcbabb39cc119b43160f4c7b7ef2f094c7494a2

SHA512
464be41f697a389d0695659b865ae4b494860008d527517ee61e2dea6fb63afdbadce1c343116572e8e38eb8b4de5e9a0949aa31f998f3b06c83242866a13fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d4678d60370edc034a30dfaf03e9b03a

SHA1
97eea19637b8f00331b259edfcc120303b765370

SHA256
2066beb1abb003fa1af38283c2b44d2220370a007af9bb0e722db853aa4dcd4d

SHA512
893ff89abec635e37163dfa6ddba1ba11ffa927a603901a00f4ab8a447f40b5832ebecef905fe05b7e07d4878dbb33ea4c08c7ae8707a1e0bd920c491c792855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6e7fa4ee019a3b71cfc1f3b00a805955

SHA1
998e84f7c5b019f62fa694acda2f89b845e45882

SHA256
587f09c6a6214efd0d18520525ae35b6726cc2fef439e5a7f0cbc0d2b8fc4e55

SHA512
0bd5365240da5a6127e972679618c6a9b6b26fd1474037c3fba3f5792b57d735e99a9bda88f278eedf9ea7166f4677cb7a36c8006a398b2fcf468c53e92ad333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
761c2d5679a8e6ff0a8d7eb0b9257dee

SHA1
3e29f6223ac2c10c3634c03a6a9934910fc4c16b

SHA256
776473832d08c855648611948f3b4c199e4c17155526129a2bd8183ad4772ad0

SHA512
4a8011de50fc6d32e60f7ef396cceaaa53efd88ee8ba886e8e46507046375d1ad720b56862a26426e4fbdefef3f1c4c847b4316dc64527fdeef61b3ba326c294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
95918d8d45f6e9d1c08625c97b3acc4c

SHA1
c7d8efcfcec9e865e8a5d3020bb15988a192b673

SHA256
6fcdef246e909de0444621eb7896f07f2c86da50d56652b502756ed935c831b7

SHA512
c62045f5af5983fa3dd3277f304d3fa236e5279879c0c6d432af324718798813efa39f6a019f77de96cfb13214a9a5168191bb4a242f1ac66c63bb275e1e05e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eeabf91b9da033ca9842b05b39ee786d

SHA1
07eae6f9e01cc4f64786cd3800f7c27f6d522051

SHA256
6996ff9135deafa7491303c0067413325ad3f933eedd716e3280ad2b3c6d5d11

SHA512
6aba321be7f014d21a7383e6885a74393d9d2b9aad59439f47036a235de3ebb4d155962d92704f2c1ffc632a5dbb39addbaf237db2ab02e604f8fd21d5ae33a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d931500204bc1b9f32c6019946bd0e8

SHA1
b441a2fd27684fae956347267e3834d91334f107

SHA256
8af2c3f721971174950d0a1fc399e7b2864bba1c7a782b3df8343b7d80201b77

SHA512
4ac9805405b6d86a44f7fd637e3750e0a26d5d6996cf41ccabb82880e931b27ef272b163659ca7fc7628e0df23986ced4c3471dd46f58c879bc225ce5bd43354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e6fe0f79fc28e555cad65fb00364580

SHA1
bed40021c7772979025fc29fa2b9c9165c339fe2

SHA256
83f95e4fae8a86870260446140ca38c624896ba8b63d38fe2c86c19db434ffc3

SHA512
e6bf7d6b806c855fda3655e14803e40dd2e4a1c11c2d7b9a2644a42a76b3fe64e2622753b618592679592b42ac540d0bfced9e0743ee2852db62ba00f55d9b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a2240ec6e5b5fc9a3198a29b4f55ca0

SHA1
a71f6e5dcfb16f8baff8dc73c985c45aaa135db4

SHA256
f039f6e0b8aac019c32cb4aee9fee3ab6aebd29551a619bbdef490c95123f52a

SHA512
2b33e9f01d5a97235a0f426bdd9599ea278dd61e319dd11193f3fbe8e1032c61b3942f9ad075d6d42fe0a715c40df0a170ead981e446955421810b76f70acb11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
268f54d26c0425873a0ada781ff7cc38

SHA1
8048c2bc981492020db9fa6ddf9eb8abb79d0049

SHA256
d6be27dc2b556aebaab35e8a6af35e306be76278f8efb2ed8ad903017cb6af26

SHA512
42d711d2135d39d1b4d37e7a8038b5d02581226dc8f577b1ecf024ef8c5bcbd4d7807c217c704c0d2b117c432695a1c727e58579d8791041549d9ad9ddb18341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ad28c6fba95fdfdba5c68e6d1aae06f

SHA1
e2c16ddf2bf0538bbe790519df5b94b44f5c7374

SHA256
d6237b5f3c9a16b99378bb0dae23c6d270d6b952255184d72f79daf429e6c3b1

SHA512
10d316c7192bd4533ca326dd7da173e1d90ca64f147e29469cdcd009397ee013f443d1b4444e3b30495e4dff6998917e79549dc3ac145a8d704c1f312449c256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9abfc1babff6e5ae7db8155e3c0d166

SHA1
24380d11aa90e3eeebefcd82912d1626d946f862

SHA256
c8fe206cda443fb47b43a0aac82d0196a37973b4e98b7b07d25aabd6cf1339e3

SHA512
3de80befa6175e3af5c09ab8424b6ffafbac7d828c98906427a1c6ff708ba06740b011a9faa415abfa6c0004355de85c1be220a5e9052fd17931150b4115befe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f5f9.TMP

Filesize
539B

MD5
04aeebe50dda48fc0c5fd50591ad53a1

SHA1
0389e1b2fafe788b627aed9bac89c61d66091d04

SHA256
bf2d4f361a4612dac7f4a4c19a3c4ba7c53dfce09b6cae5a4fa6a10594df3b10

SHA512
7022cc790103f4b58e233a18e3b62b17df126e5092ae2908d0ed4594b9766c39677c3f6270e3a662a3f69144390b4e18f8bbc895b4c38e1bf6b7d76ea2203d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
47d218db6e67fb11610239eb577e5cb3

SHA1
1a12c689871f6969f9e381551e446fd93286c954

SHA256
45e45bfafc1f8ed3472dd994e25d8714f3873296b2bee71c39b5693f0ad44dd4

SHA512
95b77d36d23ee93b5d159b32660ef9e8cde04564a31a3b031980fb807d371b0c5dc8b44b575ecc0a1b958ff4c6f0c4112c8313bcffb8dca8b4371a9048cbbda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cb46ef7723c56d69e7b30e54f5a89870

SHA1
86ce2413c1460d1553b8ddf2a09038854670ab0b

SHA256
c52f29061debfde01c5f3a7d272fd917c77a722931d337e55ceb620ce3b9f2df

SHA512
1dccbd9c57ab3c234ab51b2976c4beb1d22bc59bcda537e58c43fce091ac1b78583dda5f9f99b6549fec513ab9fbe25f567bb52960d287c6c6c3d502fcb6b291

Download Submit
memory/508-352-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/1956-341-0x0000000002460000-0x00000000024B5000-memory.dmp

Filesize
340KB

Download
memory/1956-342-0x0000000002460000-0x00000000024B5000-memory.dmp

Filesize
340KB

Download
memory/1956-344-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/2668-351-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download