Overview

overview

10

Static

static

1

Lavalink (2).jar

windows10-2004-x64

10

Analysis

  • max time kernel
    158s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    08-12-2023 21:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lavalink (2).jar

  • Size

    64.0MB

  • MD5

    f141ae90086969958a7ee8fa3b11db33

  • SHA1

    d184f9b6543d6d275edd321c9c65cc11419d6139

  • SHA256

    8cec95cadb52efaf46fbd4342a8dba4b3dc6e99d12ed72898071fc2482419520

  • SHA512

    1c8205ed17972cbd7dc440c86bf39ac8fc7e16b6f701a736f0f02ff995b40b69d1eef0ae608192e8363ae5ed3e44b3b01d1db2b6b421400482bcff182e60cdb0

  • SSDEEP

    1572864:d2itUw+2zdMDnqHP0CKHBYMlXEX4/4gRtQB4:vtUw+2R38CKHBYgo4/a4

Score
10/10
umbralxwormdiscoveryratstealertrojan

Malware Config

Extracted

Family

xworm

C2

owner-cc.gl.at.ply.gg:32281

Attributes
  • Install_directory

    %AppData%

  • install_file

    WindowsSoundSystem.exe

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1182794899272249374/0RAK-d1IIp_G9JphscLf5z-kuIMWAVGEU8Wy78vDGicqvlTsUJ6RjUqg5bgReS8M_pDx

Signatures

  • Detect Umbral payload 4 IoCs
  • Detect Xworm Payload 5 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 49 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\Lavalink (2).jar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4504
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4440
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a1ad46f8,0x7ff8a1ad4708,0x7ff8a1ad4718
      2⤵
        PID:4276
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:3628
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
        2⤵
          PID:728
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
          2⤵
            PID:4364
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
            2⤵
              PID:384
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
              2⤵
                PID:4792
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
                2⤵
                  PID:5136
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
                  2⤵
                    PID:5144
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=3976 /prefetch:8
                    2⤵
                      PID:5600
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=3976 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5616
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
                      2⤵
                        PID:5836
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
                        2⤵
                          PID:4380
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=4904 /prefetch:8
                          2⤵
                            PID:4960
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
                            2⤵
                              PID:392
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5544
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
                              2⤵
                                PID:5188
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
                                2⤵
                                  PID:5180
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
                                  2⤵
                                    PID:5908
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6642332541984446793,663587632047109767,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
                                    2⤵
                                      PID:5896
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3060
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:1572
                                      • C:\Windows\System32\rundll32.exe
                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                        1⤵
                                          PID:5276
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Neuer Ordner\start (Run This to start the executor).bat" "
                                          1⤵
                                            PID:5800
                                            • C:\Users\Admin\Downloads\Neuer Ordner\RC7_UI.exe
                                              RC7_UI.exe
                                              2⤵
                                                PID:1376
                                              • C:\Users\Admin\Downloads\Neuer Ordner\HWID.exe
                                                HWID.exe
                                                2⤵
                                                  PID:5284
                                                  • C:\Users\Admin\AppData\Local\Temp\SoundManager.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\SoundManager.exe"
                                                    3⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:4324
                                                    • C:\Windows\System32\Wbem\wmic.exe
                                                      "wmic.exe" csproduct get uuid
                                                      4⤵
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:1568
                                                  • C:\Users\Admin\AppData\Local\Temp\SoundControl.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\SoundControl.exe"
                                                    3⤵
                                                    • Drops startup file
                                                    • Executes dropped EXE
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:4332
                                              • C:\Windows\system32\rundll32.exe
                                                "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
                                                1⤵
                                                  PID:4668
                                                • C:\Windows\System32\svchost.exe
                                                  C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:1812
                                                • C:\Windows\system32\taskmgr.exe
                                                  "C:\Windows\system32\taskmgr.exe" /4
                                                  1⤵
                                                  • Checks SCSI registry key(s)
                                                  • Modifies registry class
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SendNotifyMessage
                                                  PID:4776

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
                                                  Filesize

                                                  46B

                                                  MD5

                                                  8f1484a0f2a743448bbc3a40cc09138e

                                                  SHA1

                                                  d222be3a184239e9e5eb3765d2bfa93485ee7f9c

                                                  SHA256

                                                  ea523026edf0d427ffc30356b5270291bc87aa84f2961edb4c7f81b92b25a5b0

                                                  SHA512

                                                  d34b93aa0c6a4eaf96129d40287d3c496b7bc9648683c3d53d7b99b212a842b74d292a2252fbfe6b415d8cabf147ed7b667b777a9b357dde5a568c1d5d0a88ce

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  8f0cdba3e639a70bf26cf85d538ce1a8

                                                  SHA1

                                                  b457faa0d6c55d56d61167674f734f54c978639b

                                                  SHA256

                                                  c1e48c2dfaeb607efc713e1b5c01d1ee8a9491d8f3a2a5f4f3887e6c1f8c2f63

                                                  SHA512

                                                  3c270fc58170c37f51427aac2d3092ddbbc17832556718612cebb0c32c04e7e3b7e157969d458a4b9c3e8bf781c23489319338960cefb5cf530673f2b8f81609

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  111B

                                                  MD5

                                                  285252a2f6327d41eab203dc2f402c67

                                                  SHA1

                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                  SHA256

                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                  SHA512

                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  699B

                                                  MD5

                                                  b0ec8db8a9eae80753515a48098e39d8

                                                  SHA1

                                                  1ffaf45f8f8e22e29cfb3a813abba698337f7f05

                                                  SHA256

                                                  39779bb8818f8f899fe8232787655a913d0d8923a11b4b779156a2c3cff0b6c1

                                                  SHA512

                                                  135fb24e9d674b29b902955ebdc96b803dac539880116edb2d5da11133f14777c60da219f8fde331aa0a9ac130a4edc89a4caf7cd7d8b3e1f2f44911e2643fb9

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  25d5490a0f62f99df8536b21440a44fa

                                                  SHA1

                                                  fcb0afde596adc6cf04223ca87bcd5c9466e53ef

                                                  SHA256

                                                  f447c636968c3624229ddc40b8f5748cb0472e96947b6ad5bbfd6301c43ea874

                                                  SHA512

                                                  2f65e97b4506c59b157f3e7f48a35c4c437a6f9f687fd59eb669404acd07c51207daddcea59d9fd023579e2e01baa3496fc39df1c9f75e482f7b742788aabee3

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  d51803540316c2323b1b2eb2e204b8dc

                                                  SHA1

                                                  8487f33521a3adb26ab1ab048db52fba3d32bf21

                                                  SHA256

                                                  422bf7ecbb627a191f508cc8fbb0913e2cd1eaf251ed1ee8c3395dfbecb964c9

                                                  SHA512

                                                  cac3f4c9543f01f8300b1c5f3976a49b04ad401ef5d615e0f3817ecf35c1fa1404a95cb83a817385d4443fcb9e402a771f628dfd88a03f23561e7127e3b5d8e6

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  3b5efe722d7749e37eb60ad32124a43d

                                                  SHA1

                                                  6cdc960010def35d0e89db7976560e558647aa72

                                                  SHA256

                                                  0d641e7d98a7bb56d99a0321987b45a60db86e06d0c1e658244e66171543afca

                                                  SHA512

                                                  4420cd5e9839120016b5b012840fe12d6a8a624a077848a8390758658f822fa38b73c0cc447fa22cde388556f5c11244742d36d815eacd8873a51f82f15b9b3c

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  7KB

                                                  MD5

                                                  a5ff6a0026a84fbdc68006ea1bdcb32f

                                                  SHA1

                                                  aa631f464a862c97e21d5ef7de36e3a03494e0fa

                                                  SHA256

                                                  36bc74c35905d8a71cddccad5b72ba841ea343aea3b7575b310a86a83752b95d

                                                  SHA512

                                                  2bc446d47a09f96627528800e2c21e72e203ddc2738ec9e89371e0dae60f9bf1c0505a24771486e8acfdaeecdf5d61a535ffe6d0961b4f8eb4371ec2b51e814d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                  Filesize

                                                  24KB

                                                  MD5

                                                  8f472f5706f7f7e9508673402592ad03

                                                  SHA1

                                                  18e3a5699bbba3203e3876d0d28c560a5e6a9c03

                                                  SHA256

                                                  a98515127ff6537a7c2249265c6f4385320472a03127dc3d47c0d19eb2510d09

                                                  SHA512

                                                  7f1cfd39e3e078b180c6636822265565d07ee13929043095db13cfbadfcda476893244184aae3b204eee4f46a481e317455a8a96301982faac30ae3a82898234

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  10KB

                                                  MD5

                                                  bdcb0435eb73d7d3e95105fdeebe8214

                                                  SHA1

                                                  cd0da486c84ce856c28cc971d5a0aafb64ca8e52

                                                  SHA256

                                                  d6a22aadc96645cfe4c28a65cadf3087421bfd7474daf1beb2ad705a73ca0f1f

                                                  SHA512

                                                  ee793109dcf8a51bcaa922b640bd8e2bf180594182ccc9c54000c3c0c10424938eb5e6bc00a171282c7bc786e34cfcc9783bbc99f8db56fb9625a6251e957913

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  12KB

                                                  MD5

                                                  6356218c43e422ba881a60bf32f2466e

                                                  SHA1

                                                  c12d2075c4d6d0b9a649a26b83746fb61d494ccd

                                                  SHA256

                                                  17fbc2ec1dc5bca67e3e91fb333c00273c57e0351ddd03b7b8d4970e827af838

                                                  SHA512

                                                  c8bec957740bd772d78ca7b55bb8753744f20011ae489d92feef6aef787ff32fedc53ecf776a0f067c60e010d18716790596797a027fcdea7ce351e38ef2cebb

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  2e5aaf3c4e58620b2e51e43b827329cd

                                                  SHA1

                                                  a33871aa04d19ab24fc755932301bd33a8fe6ff6

                                                  SHA256

                                                  c3a2497240bd5aa0d6104d6b835fe9a2975fb47a1a92c702d0e7e1c4ec0fa070

                                                  SHA512

                                                  fbb99a4fc15cc6099b882e1051136d6f90c25057901e2f57d77c4bcc460d2d1481fbf93d2c0a3643ab68129345ac2fa4afb656489919bc39756c976a0387fe18

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\SoundControl.exe
                                                  Filesize

                                                  73KB

                                                  MD5

                                                  196e8f728727c083ae7d02ac36e35b84

                                                  SHA1

                                                  eceebb440a5d3297dc34e9e60d6ec111bbe34f26

                                                  SHA256

                                                  e5b9856bc9b58a61fecd9043509e9599d4ccda419303ed503685448f82d8bf3c

                                                  SHA512

                                                  ed66b4fb2606cbbca229aadb1b112f13ccf59be14e9e5812d351fd6980f26352ee264805fc6fcdf1bbde38c0c1165d3d045022b8337db009aff119636a6e3a42

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\SoundControl.exe
                                                  Filesize

                                                  73KB

                                                  MD5

                                                  196e8f728727c083ae7d02ac36e35b84

                                                  SHA1

                                                  eceebb440a5d3297dc34e9e60d6ec111bbe34f26

                                                  SHA256

                                                  e5b9856bc9b58a61fecd9043509e9599d4ccda419303ed503685448f82d8bf3c

                                                  SHA512

                                                  ed66b4fb2606cbbca229aadb1b112f13ccf59be14e9e5812d351fd6980f26352ee264805fc6fcdf1bbde38c0c1165d3d045022b8337db009aff119636a6e3a42

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\SoundControl.exe
                                                  Filesize

                                                  73KB

                                                  MD5

                                                  196e8f728727c083ae7d02ac36e35b84

                                                  SHA1

                                                  eceebb440a5d3297dc34e9e60d6ec111bbe34f26

                                                  SHA256

                                                  e5b9856bc9b58a61fecd9043509e9599d4ccda419303ed503685448f82d8bf3c

                                                  SHA512

                                                  ed66b4fb2606cbbca229aadb1b112f13ccf59be14e9e5812d351fd6980f26352ee264805fc6fcdf1bbde38c0c1165d3d045022b8337db009aff119636a6e3a42

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\SoundManager.exe
                                                  Filesize

                                                  229KB

                                                  MD5

                                                  37e663221082f1458ede667d8dc588c5

                                                  SHA1

                                                  6f6de1b642fd5c056917775b2a59e2670f0639f9

                                                  SHA256

                                                  1b5487ede505a09bfc524c7dcfc37a3d5b265f4ff5fd464da42d9a1c501b964f

                                                  SHA512

                                                  033e97948202de0bdf8896707765110ad89abd71acd5db8a8bc95dfcd5b7ac00253232fae6980b92f406be245df2224cdfadef8aed1094702337acd88c980cc7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\SoundManager.exe
                                                  Filesize

                                                  229KB

                                                  MD5

                                                  37e663221082f1458ede667d8dc588c5

                                                  SHA1

                                                  6f6de1b642fd5c056917775b2a59e2670f0639f9

                                                  SHA256

                                                  1b5487ede505a09bfc524c7dcfc37a3d5b265f4ff5fd464da42d9a1c501b964f

                                                  SHA512

                                                  033e97948202de0bdf8896707765110ad89abd71acd5db8a8bc95dfcd5b7ac00253232fae6980b92f406be245df2224cdfadef8aed1094702337acd88c980cc7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\SoundManager.exe
                                                  Filesize

                                                  229KB

                                                  MD5

                                                  37e663221082f1458ede667d8dc588c5

                                                  SHA1

                                                  6f6de1b642fd5c056917775b2a59e2670f0639f9

                                                  SHA256

                                                  1b5487ede505a09bfc524c7dcfc37a3d5b265f4ff5fd464da42d9a1c501b964f

                                                  SHA512

                                                  033e97948202de0bdf8896707765110ad89abd71acd5db8a8bc95dfcd5b7ac00253232fae6980b92f406be245df2224cdfadef8aed1094702337acd88c980cc7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsSoundSystem.lnk
                                                  Filesize

                                                  828B

                                                  MD5

                                                  56f5daa57d423247a57ee7ccb54f8365

                                                  SHA1

                                                  361d46c1dae2a4adf0d2e8c1ebeb212904bd9215

                                                  SHA256

                                                  89789b4b2c653584ba7b0ac19e0e2d162289f1c99fcfc0e5715aa67237df329a

                                                  SHA512

                                                  4d7b67df8f3f6ed2d58c7c06854a11854e6af6af1b0e989b9c346231bcb910c327978750a7eb1a13fd88433c5e304a8544e5049330c430ce03ce75bd6b642bbb

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Roaming\WindowsSoundSystem.exe
                                                  Filesize

                                                  73KB

                                                  MD5

                                                  196e8f728727c083ae7d02ac36e35b84

                                                  SHA1

                                                  eceebb440a5d3297dc34e9e60d6ec111bbe34f26

                                                  SHA256

                                                  e5b9856bc9b58a61fecd9043509e9599d4ccda419303ed503685448f82d8bf3c

                                                  SHA512

                                                  ed66b4fb2606cbbca229aadb1b112f13ccf59be14e9e5812d351fd6980f26352ee264805fc6fcdf1bbde38c0c1165d3d045022b8337db009aff119636a6e3a42

                                                  Download Submit

                                                • C:\Users\Admin\Downloads\Nicht bestätigt 227143.crdownload
                                                  Filesize

                                                  10.1MB

                                                  MD5

                                                  255e00ba85c66b741c5d5ff1609f7913

                                                  SHA1

                                                  b94b9e1bc198403231579345599c999b036fe203

                                                  SHA256

                                                  f5a417eb3ca99441048c9fd1db57bf325eb65e7297974b8c49a30f53e21f8a4d

                                                  SHA512

                                                  709350465957f608318113d16c14d8c4bf31073af3e24b14aa36740760c18ab454bc7ce5a3794b856ca8c6a6075f74a9fc9f09f4ed76a3ce2c8150f2347a1359

                                                  Download Submit

                                                • memory/1376-285-0x0000000000440000-0x0000000000514000-memory.dmp

                                                  Filesize

                                                  848KB

                                                  Download

                                                • memory/1376-291-0x0000000004DD0000-0x0000000004DDA000-memory.dmp

                                                  Filesize

                                                  40KB

                                                  Download

                                                • memory/1376-290-0x0000000004DC0000-0x0000000004DCA000-memory.dmp

                                                  Filesize

                                                  40KB

                                                  Download

                                                • memory/1376-292-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/1376-289-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/1376-288-0x0000000004E30000-0x0000000004EC2000-memory.dmp

                                                  Filesize

                                                  584KB

                                                  Download

                                                • memory/1376-331-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/1376-330-0x0000000074480000-0x0000000074C30000-memory.dmp

                                                  Filesize

                                                  7.7MB

                                                  Download

                                                • memory/1376-287-0x00000000053E0000-0x0000000005984000-memory.dmp

                                                  Filesize

                                                  5.6MB

                                                  Download

                                                • memory/1376-286-0x0000000074480000-0x0000000074C30000-memory.dmp

                                                  Filesize

                                                  7.7MB

                                                  Download

                                                • memory/1376-332-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/1812-379-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-387-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-397-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-396-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-395-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-394-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-393-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-392-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-391-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-390-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-389-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-388-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-386-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-335-0x000002290EF90000-0x000002290EFA0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/1812-351-0x000002290F090000-0x000002290F0A0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/1812-367-0x0000022917400000-0x0000022917401000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-369-0x0000022917430000-0x0000022917431000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-370-0x0000022917430000-0x0000022917431000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-371-0x0000022917540000-0x0000022917541000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-372-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-373-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-374-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-375-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-376-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-377-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-378-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-385-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-380-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-381-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-382-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-383-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/1812-384-0x0000022917440000-0x0000022917441000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/4324-324-0x00007FF8A0ED0000-0x00007FF8A1991000-memory.dmp

                                                  Filesize

                                                  10.8MB

                                                  Download

                                                • memory/4324-317-0x000001B040B50000-0x000001B040B90000-memory.dmp

                                                  Filesize

                                                  256KB

                                                  Download

                                                • memory/4324-320-0x00007FF8A0ED0000-0x00007FF8A1991000-memory.dmp

                                                  Filesize

                                                  10.8MB

                                                  Download

                                                • memory/4324-322-0x000001B05B410000-0x000001B05B514000-memory.dmp

                                                  Filesize

                                                  1.0MB

                                                  Download

                                                • memory/4324-321-0x000001B05B2B0000-0x000001B05B2F2000-memory.dmp

                                                  Filesize

                                                  264KB

                                                  Download

                                                • memory/4332-333-0x00007FF8A0ED0000-0x00007FF8A1991000-memory.dmp

                                                  Filesize

                                                  10.8MB

                                                  Download

                                                • memory/4332-319-0x00007FF8A0ED0000-0x00007FF8A1991000-memory.dmp

                                                  Filesize

                                                  10.8MB

                                                  Download

                                                • memory/4332-325-0x000000001B9E0000-0x000000001B9F0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/4332-316-0x0000000000D40000-0x0000000000D58000-memory.dmp

                                                  Filesize

                                                  96KB

                                                  Download

                                                • memory/4332-334-0x000000001B9E0000-0x000000001B9F0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/4504-4-0x0000017949800000-0x000001794A800000-memory.dmp

                                                  Filesize

                                                  16.0MB

                                                  Download

                                                • memory/4504-12-0x00000179497E0000-0x00000179497E1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/5284-284-0x00007FF8A0ED0000-0x00007FF8A1991000-memory.dmp

                                                  Filesize

                                                  10.8MB

                                                  Download

                                                • memory/5284-318-0x00007FF8A0ED0000-0x00007FF8A1991000-memory.dmp

                                                  Filesize

                                                  10.8MB

                                                  Download

                                                • memory/5284-283-0x0000000000D30000-0x0000000000D5A000-memory.dmp

                                                  Filesize

                                                  168KB

                                                  Download