lumma | hxxps://link[.]storjshare[.]io/s/juyvwcout7cnsklzqw2cstsyq3jq/test/Lc2[.]exe?download=1

Analysis

max time kernel
35s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2025, 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://link.storjshare.io/s/juyvwcout7cnsklzqw2cstsyq3jq/test/Lc2.exe?download=1

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://accidenfaithyh.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Downloads MZ/PE file 1 IoCs

flow	pid	Process
7	2976	msedge.exe

Executes dropped EXE 1 IoCs

pid	Process
4868	Lc2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lc2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 196763.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
2512	msedge.exe
2512	msedge.exe
952	identity_helper.exe
952	identity_helper.exe
3900	msedge.exe
3900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 3944	2512	msedge.exe	83
PID 2512 wrote to memory of 3944	2512	msedge.exe	83
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 1048	2512	msedge.exe	84
PID 2512 wrote to memory of 2976	2512	msedge.exe	85
PID 2512 wrote to memory of 2976	2512	msedge.exe	85
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86
PID 2512 wrote to memory of 1544	2512	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://link.storjshare.io/s/juyvwcout7cnsklzqw2cstsyq3jq/test/Lc2.exe?download=1
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe9e246f8,0x7fffe9e24708,0x7fffe9e24718
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,2838478108887519429,9043186301189918191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3692

C:\Users\Admin\Downloads\Lc2.exe
"C:\Users\Admin\Downloads\Lc2.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
9835bd75cc5ac7d1f5f370c9db3117f2

SHA1
d8bb21e30cc698d3ff481fd41abadd7dd3070ad1

SHA256
de7498442403044cf249351e9896fe94ad950d3c5a1316a15981caacfc87348a

SHA512
9b4d597c9f5ffba1478c8c711a7c5678a100db8949e3b4bc4776d840eb046462e508bfc3fef93e4e1df4587298f1323b38250c4c9ce137e6dee09224cb164998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
553b5892024c13382781693ba9c98c89

SHA1
1318bf55cbaa5e0a2db46b256ac55676188d1ec6

SHA256
cf5c52520d322ae093dd8e7e8f5e3eb1fe932ca59cbdd4947a396aa204f4fc89

SHA512
44a897865de45a840373def89511393ee164ce50e3642d216de1db92aeafbea046935c6bb9414721818b716f28df3b7b27aa70095c263a5dc173005b44bbc95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d91cd4c9983578471ffd694e2bfad4da

SHA1
63f9ff8a8ec92e5c36b1d11e23da8deba68b6ba8

SHA256
2b10ebcfa915926e036d8e36a2e0af8615d3243027a46448ae1f18716c983557

SHA512
156f729a81a1536742717511c3c9b170b48a3b5c906f9fa1b16703098adb0141bf244db451ce35961b62e5bca97df270858afe41180206907244b46d220ea18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e05cd979fae6af15f5457e31ba3e6c7f

SHA1
c2136e31d13b67b2e2dbfb0292c2354c5fb90241

SHA256
98429ba863cc18e7451f835a005159ecb375502d17a54fa021b547e0a39c06f0

SHA512
411a59ac23b70b9157f79038b1447d9d1599d15e7f44ad3b633679dfc66aba4625ac940cdbfe30c585199be9704c92b7b112222247e04f869a1c40374bd65d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
60171123cfe1c82f40769abb8fa9e372

SHA1
9a690e7f04fbb6e95f37b30f0f9cf28f64a14145

SHA256
46e95500990a8cb497499945641be047a08f9f9cdf467bdb1cdae799387f46a8

SHA512
e17469db0ed2541d95e991d42948c315b6897f054912a874ca4113ded7e092b4c78bbd1dfbab9b924a2772b0fb352899ff9ff920bbc8519c071c24c58cfeb3f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
925a82a5f3bd303bc496dcea536bac33

SHA1
cf712bd80920cf6cf591f4ea4b4795f4b418a484

SHA256
cd4809fd68140cc14cebdd7be516d6cce65fe92820c5617cccd0798e5adb5281

SHA512
1bb7ac2a1c75420baac1a5a952f6bad56f7b1e79eaa65679d730423644dfc3aec5316abd66aa25702da00980cc1829d904568d0fbcd8d2766809d393c1cb4b66

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 196763.crdownload

Filesize
339KB

MD5
ef489c304a73db3c11e87d913e96f50d

SHA1
2ee51f41d88ba464990ce11b8054a732b083a819

SHA256
cff31b7d06a81f1ecb519cc221d0d843d653204c9009d70b6616e4c8b6819561

SHA512
d3ca4483aee8de28fa44a5054342bc1ae55345972d8ce0bcf2b9c9cce744dfb7ea2026984e1fec6a1984fe04ba8c4feb0a68dae85b7cb355170296bb22e5ab7d

Download Submit