Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://loaderaura.c...

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2025 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://loaderaura.com/s/aura

Score
10/10
lummadiscoveryphishingstealer

Malware Config

Extracted

Family

lumma

C2

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://letterdrive.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Suspicious use of SetThreadContext 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://loaderaura.com/s/aura
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3344
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb41d246f8,0x7ffb41d24708,0x7ffb41d24718
      2⤵
        PID:2272
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        2⤵
          PID:2440
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1976
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
          2⤵
            PID:3984
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
            2⤵
              PID:1104
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
              2⤵
                PID:3064
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
                2⤵
                  PID:3244
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
                  2⤵
                    PID:3956
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4192
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                    2⤵
                      PID:2692
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
                      2⤵
                        PID:2956
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
                        2⤵
                          PID:2396
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
                          2⤵
                            PID:2480
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6508 /prefetch:8
                            2⤵
                              PID:1036
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
                              2⤵
                                PID:3416
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
                                2⤵
                                  PID:328
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
                                  2⤵
                                    PID:4568
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
                                    2⤵
                                      PID:320
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
                                      2⤵
                                        PID:3664
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
                                        2⤵
                                          PID:1648
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
                                          2⤵
                                            PID:444
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7052 /prefetch:8
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:3844
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11504764238485603017,4610366530873581770,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7036 /prefetch:2
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:3228
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:4280
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:2768
                                            • C:\Windows\System32\rundll32.exe
                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                              1⤵
                                                PID:3528
                                              • C:\Users\Admin\Downloads\Aura\Aura\Aura.exe
                                                "C:\Users\Admin\Downloads\Aura\Aura\Aura.exe"
                                                1⤵
                                                • Suspicious use of SetThreadContext
                                                • System Location Discovery: System Language Discovery
                                                PID:5020
                                                • C:\Users\Admin\Downloads\Aura\Aura\Aura.exe
                                                  "C:\Users\Admin\Downloads\Aura\Aura\Aura.exe"
                                                  2⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:4032
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 136
                                                  2⤵
                                                  • Program crash
                                                  PID:3628
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5020 -ip 5020
                                                1⤵
                                                  PID:4440
                                                • C:\Users\Admin\Downloads\Aura\Aura\Aura.exe
                                                  "C:\Users\Admin\Downloads\Aura\Aura\Aura.exe"
                                                  1⤵
                                                  • Suspicious use of SetThreadContext
                                                  • System Location Discovery: System Language Discovery
                                                  PID:3724
                                                  • C:\Users\Admin\Downloads\Aura\Aura\Aura.exe
                                                    "C:\Users\Admin\Downloads\Aura\Aura\Aura.exe"
                                                    2⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:2324
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 760
                                                    2⤵
                                                    • Program crash
                                                    PID:2020
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3724 -ip 3724
                                                  1⤵
                                                    PID:4800

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    bffcefacce25cd03f3d5c9446ddb903d

                                                    SHA1

                                                    8923f84aa86db316d2f5c122fe3874bbe26f3bab

                                                    SHA256

                                                    23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

                                                    SHA512

                                                    761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    d22073dea53e79d9b824f27ac5e9813e

                                                    SHA1

                                                    6d8a7281241248431a1571e6ddc55798b01fa961

                                                    SHA256

                                                    86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

                                                    SHA512

                                                    97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                    Filesize

                                                    215KB

                                                    MD5

                                                    d79b35ccf8e6af6714eb612714349097

                                                    SHA1

                                                    eb3ccc9ed29830df42f3fd129951cb8b791aaf98

                                                    SHA256

                                                    c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

                                                    SHA512

                                                    f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
                                                    Filesize

                                                    20KB

                                                    MD5

                                                    87e8230a9ca3f0c5ccfa56f70276e2f2

                                                    SHA1

                                                    eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                    SHA256

                                                    e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                    SHA512

                                                    37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    54557bae39261a2d2567d8b6c55db51f

                                                    SHA1

                                                    5cf7a4c9eab93ce7636e2e316f9039442d0ca05c

                                                    SHA256

                                                    226e99e1a6f9fccea4579a7e9cac04487e85d87152b1cd0c5f2d9552b27c5076

                                                    SHA512

                                                    d9261ac80f7137502da7f0ee65bdc3377af820186eef8a197fe1609325f4dc5ae892d8cfae3b98f43ad66a4b8f15129990c09e78afe2d5243a810e41a9bce07a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    be9c06768a192ac277230e9fc42a95de

                                                    SHA1

                                                    317dbd520ad0c07bd993b560a48e934a33ac0b5a

                                                    SHA256

                                                    95559b38e33118ef0932c82160054435bb0eb3388b90a524d60fe3bc601c32b7

                                                    SHA512

                                                    093be4943ed2bc42da1b0c95dfac870a67412835a269655af540bc55eaf27eb593c4251df5dceab6f3455eb34e2fde881d3a3191548ce659349cb5b72416a0da

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    144B

                                                    MD5

                                                    b236271971a998825201931dc36454f5

                                                    SHA1

                                                    ff7aee696b3c8ff2a7c0df970be3d1683010686f

                                                    SHA256

                                                    15fda8865608d558371d5bf412d09cd4669bfa74ff225a1629e6e5011d98ed0e

                                                    SHA512

                                                    feb7d483c642017d4075862d2c217a547a307cf76c3c28a87d7797253c876dc3ef566e0ea5c40abc8740b98027f2e9dc4063809268cab9a66e56fce96524bbe1

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    144B

                                                    MD5

                                                    7d8d2286f992eae4348d13a11a6dcd55

                                                    SHA1

                                                    0b40202c2f15eac05425bb861f142eb9a309c7f3

                                                    SHA256

                                                    d84e7849ffdba93efedf684a08e223f9e39f6ee0ba0e17ca7004d00bc3926857

                                                    SHA512

                                                    04eb9927cada36ad41029e72091752ea98df06ca3532baf5c04666d701c3f08e4e9c0ccdb66eb8cd3f4d558d200cb72208607c4a70660db439428795059b3198

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    01c764930985f20610fef9e61a457d2d

                                                    SHA1

                                                    f75ceafffb4c208273ccc3346029a201181b0cd4

                                                    SHA256

                                                    ad4374c90c2b8094e5df2045dbc234a0289b280c512e5e0e3607d91acd82cef8

                                                    SHA512

                                                    5f3d6a1219236c3d93e4a7aba28f5b2d31abcbd05fbefc4462bb492284bbddd46dac24cffa9874d3cdb083f995ab84b1a02c7ccad6329688dedc83fee795bb81

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    3KB

                                                    MD5

                                                    d881317d73a4062af72f1a37601ac242

                                                    SHA1

                                                    1097be8e831cf17937f7bc086b7c2d7724563319

                                                    SHA256

                                                    0c7ada59e459d1556cac6967db3593eae77919a2a0e3a278d7543726fb9b0922

                                                    SHA512

                                                    e77e1914808bd1328b4841ffe33043afb54a602a1c0611998991eba9b341b9d90248958307bdae98b614362ea6633c368ab1e183da55a3413273002a2a4155bf

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    282138f50bf46453e27590119c417c25

                                                    SHA1

                                                    c0ca4bafb10171bc1e85b3c0cd6ee24b418c0940

                                                    SHA256

                                                    9483fea76c542cadbe0bff30393e8a19bb247dc9a34f7b2588939b271d87304e

                                                    SHA512

                                                    886b2249db97b2ba0419ab6ef50eb17be70679410a15230a60e972291a1307748ff561f561ffb3cea81384a954276fb5ecfdd086c9cf9c35d62cc62985177ad6

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    8KB

                                                    MD5

                                                    d0c7fcdac79aaaad1cfb3a3e8457cb38

                                                    SHA1

                                                    141c4e15e401c1f598c574940818568772704345

                                                    SHA256

                                                    656530703e1c0f8999f4579e30479c44f3241e9c807a374d23bd0273b9ca76cc

                                                    SHA512

                                                    a9f79580cc3c295c62f2f3edbe10d56054ba6c5e10fbd95a55ed2c18b3f2a64005dbff1efa59ebe842ca33ba7a50fabfb2c47361529cfc3f46cfb01faebc1905

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    5KB

                                                    MD5

                                                    9717e1a815f93a83acd559db2294bddc

                                                    SHA1

                                                    012819f01f787da6119ae0829be6ae67119a7c7e

                                                    SHA256

                                                    021206ea0492d0585ac778f2babe9d71391112cff1a2453d4df2401e8e753b74

                                                    SHA512

                                                    5a977e52c0daaf850f81642ab7222d63f57cb803061a258135569f325b0e28ca8dca7a290a64c8fa3242b70370cbdc21fd6c5aade585bbf731edd528e72c2f87

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    9KB

                                                    MD5

                                                    d1b5326d0b52c41ea17f3d20a1d98a6c

                                                    SHA1

                                                    a0bc5b7155c1c39bdb8edeb92a6477415d69e3ec

                                                    SHA256

                                                    51bb0241fa8d6f3d5572933e2b922087d1bde00eb9381758be97148aac41c41a

                                                    SHA512

                                                    df995b899d46e34c746254bbe575a3bb5524efab7407822a1abf2e35ff3e10a58b30b5e2c873a408ebb65547f6e91ff47a82cfe29fe2e03c77553386f3508594

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    d1a58bf013f706696ea51f1a65a1abad

                                                    SHA1

                                                    356de3754461fa0b4de26dc6ad9f75dd124f1e8d

                                                    SHA256

                                                    44acc3ffc6b8429892696393192e4a3140022e37e839bbb09999755d72769f2b

                                                    SHA512

                                                    73c66885ab8afb092f37951913997fc4903a6ff1ca6a6d4c4741eeb9479f874003194080d9c4a7e58067032d572546985201b15eafbfb4f23f5296028dd7bca2

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                    Filesize

                                                    72B

                                                    MD5

                                                    35ed857a8c6e1ce05eae98e37663c0d8

                                                    SHA1

                                                    71b0f8998444bae172df810f373601f393b144dd

                                                    SHA256

                                                    203fb11452e8efffe738bca3d39545c5e31dc128c50643865f8d2c11269a525c

                                                    SHA512

                                                    3b2f5436650737f65bc2fe15a6aed0b7a2696214b72a0d05ad64c23eedb4449b7e44f3b389669d04738b2b45dbb92632c3126b8954b1dea7310a6dc1d150a809

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f509.TMP
                                                    Filesize

                                                    48B

                                                    MD5

                                                    27507c6915e2e0704252fd3a6010fbb2

                                                    SHA1

                                                    383adc76620ca339ef14432ec874b2c5d931ec0b

                                                    SHA256

                                                    d979b2934f09633ad551dfab53ef07ae7151971363b94ee589abf0b036075862

                                                    SHA512

                                                    494b76adb116918f7ff1a7fdccad52cef75986cd67d6d89531c1cfa246e914aaa42a549ba618937f3ec37fd3b2926100008a800815aa868e3b0f9673cceaa3a7

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    c4b4faadbe65241c05267b8c0de18ee0

                                                    SHA1

                                                    8f761979c9df59ddf7fe7352c7ea74e63f14e71e

                                                    SHA256

                                                    74d2ffcfe424e45d7d54893e9e2e5d0b497b12c0d8ca0a1f8004712dca8bf19f

                                                    SHA512

                                                    b2bee3c81d9add4f03f87e4bc17360cbb9c9d97f4f404669688d67155ec717a97a3720e183ef3506f6ab40d8273d3a2269102276c9c71e73164644d00be16be2

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c58d.TMP
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    bd4beec57a2b4f4ec0dae5ca8c330ab5

                                                    SHA1

                                                    ec29eea0df8b94108d161706c0cc747ec8b59fce

                                                    SHA256

                                                    087f8e262ab7c8c39d131f7f364e83d975a845c7fe9d7420817113361feabdaf

                                                    SHA512

                                                    1ed659dede5b8e8a8d65fcf0c8d75736fb4eec4f20af47ab6d9700f27b79fb586e6559049d12fd6d35fe2d5f2a17e15a1c685225d06c0b079b54fa3c4a79eac8

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                    Filesize

                                                    16B

                                                    MD5

                                                    6752a1d65b201c13b62ea44016eb221f

                                                    SHA1

                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                    SHA256

                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                    SHA512

                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    11fe927dea05d870edce685d644468a8

                                                    SHA1

                                                    a4fab0c42babbb5a9ac73122133424ac99d9f627

                                                    SHA256

                                                    2acc6462b315808655da4a6bbdb8dde5d3d86937423d5168866aefa0253d4c60

                                                    SHA512

                                                    0128ce95e4bc50af41c8e518d21bbfd0f241c7301502b51bfcd3333c4281966631d46ede98df9bb31dc6a7a297c0e402625097596dcf66ce1afe1db1586b2355

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    11KB

                                                    MD5

                                                    947105176108162e57ceb25b18811b58

                                                    SHA1

                                                    64d2223a2eb0fa6c261aef20daf9b42b659fdb8e

                                                    SHA256

                                                    2c3818c1714e7c2f6d0a66c348036e7dabff36dd6e5830976411d4e9da60fb9e

                                                    SHA512

                                                    35e803ddc7aeee51804b02b25b12bcb7ae3a8b07896e95c98a83137fc0a9c06a8e3119be61280f45c72779398b2dfe9538adb401a34dac4c29b55681caf32d53

                                                    Download Submit

                                                  • memory/4032-505-0x0000000000400000-0x000000000045A000-memory.dmp

                                                    Filesize

                                                    360KB

                                                    Download

                                                  • memory/4032-506-0x0000000000400000-0x000000000045A000-memory.dmp

                                                    Filesize

                                                    360KB

                                                    Download

                                                  • memory/5020-493-0x00000000008E0000-0x000000000094A000-memory.dmp

                                                    Filesize

                                                    424KB

                                                    Download

                                                  • memory/5020-494-0x0000000005950000-0x0000000005EF4000-memory.dmp

                                                    Filesize

                                                    5.6MB

                                                    Download