lumma | c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2025, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe
Size

14.4MB
MD5

191294c00be02e5bf0807dc1cf52c53a
SHA1

5dbfe490dcc65b2107f9bc0461c9e6767463795a
SHA256

c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1
SHA512

7bbefd4dc19290e454e3f4b08eb5f7faf904639a441d96f74c3973db0302a240192e31cf55c3939c7a70e024199754f084eb68a2ecccc0aea803da6a46025bdc
SSDEEP

393216:8ZnXkkkXBPkVr/zc5Vk1LJG9+ydIaxbDdVUD5:8ZXJqkVr/zc521LJG9+ydIIbhGD5

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://p3ar11fter.sbs/api

https://3xp3cts1aim.sbs/api

https://owner-vacat10n.sbs/api

https://peepburry828.sbs/api

https://p10tgrace.sbs/api

https://befall-sm0ker.sbs/api

https://librari-night.sbs/api

https://processhol.sbs/api

https://cashju1cyh0.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe

Executes dropped EXE 1 IoCs

pid	Process
4456	333.exe

Blocklisted process makes network request 2 IoCs

flow	pid	Process
53	1592	msiexec.exe
55	1592	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
18	iplogger.com
21	iplogger.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4456 set thread context of 3456	4456	333.exe	85

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4456	333.exe
4456	333.exe
2636	msedge.exe
2636	msedge.exe
2576	msedge.exe
2576	msedge.exe
3712	identity_helper.exe
3712	identity_helper.exe
3456	more.com
3456	more.com
3456	more.com
3456	more.com
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
4456	333.exe
3456	more.com

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 4456	4856	c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe	83
PID 4856 wrote to memory of 4456	4856	c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe	83
PID 4856 wrote to memory of 4456	4856	c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe	83
PID 4456 wrote to memory of 3456	4456	333.exe	85
PID 4456 wrote to memory of 3456	4456	333.exe	85
PID 4456 wrote to memory of 3456	4456	333.exe	85
PID 4456 wrote to memory of 3456	4456	333.exe	85
PID 4856 wrote to memory of 2576	4856	c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe	93
PID 4856 wrote to memory of 2576	4856	c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe	93
PID 2576 wrote to memory of 1064	2576	msedge.exe	94
PID 2576 wrote to memory of 1064	2576	msedge.exe	94
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 632	2576	msedge.exe	95
PID 2576 wrote to memory of 2636	2576	msedge.exe	96
PID 2576 wrote to memory of 2636	2576	msedge.exe	96
PID 2576 wrote to memory of 2308	2576	msedge.exe	97
PID 2576 wrote to memory of 2308	2576	msedge.exe	97
PID 2576 wrote to memory of 2308	2576	msedge.exe	97
PID 2576 wrote to memory of 2308	2576	msedge.exe	97
PID 2576 wrote to memory of 2308	2576	msedge.exe	97
PID 2576 wrote to memory of 2308	2576	msedge.exe	97
PID 2576 wrote to memory of 2308	2576	msedge.exe	97
PID 2576 wrote to memory of 2308	2576	msedge.exe	97
PID 2576 wrote to memory of 2308	2576	msedge.exe	97
PID 2576 wrote to memory of 2308	2576	msedge.exe	97
PID 2576 wrote to memory of 2308	2576	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe
"C:\Users\Admin\AppData\Local\Temp\c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\333.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\333.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:4456
- - C:\Windows\SysWOW64\more.com
    C:\Windows\SysWOW64\more.com
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:3456
  - - C:\Windows\SysWOW64\msiexec.exe
      C:\Windows\SysWOW64\msiexec.exe
      4⤵
      Blocklisted process makes network request
      System Location Discovery: System Language Discovery
      PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.com/15PRC4
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa67e46f8,0x7fffa67e4708,0x7fffa67e4718
    3⤵
    PID:1064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
    3⤵
    PID:2308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:2696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:1220
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
    3⤵
    PID:3580
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
    3⤵
    PID:3544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
    3⤵
    PID:2604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
    3⤵
    PID:3920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,18371220359375017449,1681372508795875149,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
8f571752a0c4f3f6020966e96c85ef8b

SHA1
81fa9c853712e71e4b0a7da1f65a0979e90a1236

SHA256
d0b6f0f7769d5faf34595b539d766fe475ec0a2f7a14d2b8f874ea7edf71319d

SHA512
517efe07dc09ac97deca70371d45628e01758fdf5acb2809cab374e27bfc9b36caa9b5740b43f4d22fbee417f36156ee2034b02d3b823a51ca9a50b197fbfc26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
553c0733321d7fd0d9e676c4374fac3f

SHA1
d3390d9f9fc92167c289686f878a8f0ddc622d93

SHA256
a8a965ac4d16fc4c0b96de2590316d484cd2574984a42622ec588f7c2c6902ea

SHA512
1efe1e71bedf12cffce1509e45e45d44133e1199ee986e1be30e168a00b3ba12bbee4f723bd1faa13f0c163831d664e970f99ac9d1e39512177947492f0cedb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
635f71a4cd6ae509f568ad6cef35df2c

SHA1
39c5dfbc183882037bb7723250390bfabcce597b

SHA256
9ab5eb38254453cc39724a4a6b096f583d7052a6e7854356e48c8808c404b529

SHA512
0cc07561c68166166c688cf774e6807cf187fe273c08b121e8c28b020a4db0855ee3f515484333348333ca3c0cde2c205068d542876a4df9a20ce731e054a845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cd8abdc1289aeb3cf9ae12439a6c602f

SHA1
40fa55c5333c2aae8a7f379e44e0be8fab75dcac

SHA256
bf0d2bdaa5e1ba011e658f80cc24180f3048757817427f60564a18271e026c53

SHA512
71173e925e411cb174c3d423716898537ba0d7edc901b2e513fdc9573a08be9761ac7ec7042a92d50ba3c41013791ce763855cb7d6967ba147eaff4d1794bee2

Download Submit
C:\Users\Admin\AppData\Local\Temp\556c3791

Filesize
1.1MB

MD5
dc829df7baa6d6ea2d12618e862b737b

SHA1
022421ae7b594d542dc297c700cc5082f1f84eaf

SHA256
17ccc2bac73e1c26dd1da9a86cde352ac6f29a8d1a5c53cf1a57529212bb5d0c

SHA512
795ecf1b815548ef79e13ab6451e0a1606b6662feb7b47e84a7e1b5409f9bb29f04cb9d0e09f4260d0db91277e4857786f53f538e989808481027175bcdae627

Download Submit
C:\Users\Admin\AppData\Local\Temp\5b27b392

Filesize
1018KB

MD5
934d841fa722222c02d94d1d43bb11ac

SHA1
63e652f0bcaee7be5ebbc9657ecc9492b01a3a43

SHA256
624275d355d54223f02bb1be66fc893b91080fb16e9819ecc4a8ced521c10f95

SHA512
9072597e1b69f098918858e44805ed5a8e186c76ba6b1fe4091e6b3985cf4a93e701b0ff3a0667963c33064fae3fe1a0202501d727a786dd9de4a9f7556d946f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\333.exe

Filesize
18.4MB

MD5
cbd9ae608afda66ba0d1df907fea0eaa

SHA1
e23af3a3a89ffdb363e887b60ff9d45f316445ba

SHA256
fe26511a6af7fe9c7c5ffe586b6bd2ce84e21d84bfa04d371f8e2db929b520af

SHA512
b3639fbb4352fad47eb867ed6b1d508d6c23f7e3d8e88fcda42ffa4885a7e7fab8347924ec55db2f6456c1425cba37be2a2103cb54b30cb199822ec549ee4adc

Download Submit
memory/1592-90-0x00007FFFC3F70000-0x00007FFFC4165000-memory.dmp

Filesize
2.0MB

Download
memory/1592-92-0x0000000000C90000-0x0000000000CA2000-memory.dmp

Filesize
72KB

Download
memory/1592-91-0x00000000000A0000-0x00000000000FA000-memory.dmp

Filesize
360KB

Download
memory/3456-85-0x0000000075180000-0x00000000752FB000-memory.dmp

Filesize
1.5MB

Download
memory/3456-62-0x00007FFFC3F70000-0x00007FFFC4165000-memory.dmp

Filesize
2.0MB

Download
memory/3456-26-0x0000000075180000-0x00000000752FB000-memory.dmp

Filesize
1.5MB

Download
memory/3456-89-0x0000000075180000-0x00000000752FB000-memory.dmp

Filesize
1.5MB

Download
memory/4456-24-0x0000000075180000-0x00000000752FB000-memory.dmp

Filesize
1.5MB

Download
memory/4456-22-0x0000000075193000-0x0000000075195000-memory.dmp

Filesize
8KB

Download
memory/4456-23-0x0000000075180000-0x00000000752FB000-memory.dmp

Filesize
1.5MB

Download
memory/4456-21-0x00007FFFC3F70000-0x00007FFFC4165000-memory.dmp

Filesize
2.0MB

Download
memory/4456-20-0x0000000075180000-0x00000000752FB000-memory.dmp

Filesize
1.5MB

Download
memory/4456-14-0x0000000000400000-0x0000000000CB0000-memory.dmp

Filesize
8.7MB

Download