hxxps://deludedgame[.]itch[.]io/deluded

Resubmissions

27/02/2024, 20:12

240227-yyvg5aae8v 8

Analysis

max time kernel
59s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://deludedgame.itch.io/deluded

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
1272	msedge.exe
1272	msedge.exe
1404	identity_helper.exe
1404	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 3304	1272	msedge.exe	89
PID 1272 wrote to memory of 3304	1272	msedge.exe	89
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 4112	1272	msedge.exe	90
PID 1272 wrote to memory of 228	1272	msedge.exe	91
PID 1272 wrote to memory of 228	1272	msedge.exe	91
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92
PID 1272 wrote to memory of 116	1272	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://deludedgame.itch.io/deluded
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6bf646f8,0x7ffc6bf64708,0x7ffc6bf64718
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2384 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:4528
- C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe
  "C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe"
  2⤵
  PID:2116
- C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe
  "C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe"
  2⤵
  PID:1456
- C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe
  "C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe"
  2⤵
  PID:4916
- C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe
  "C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe"
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4593594143088939128,14739804524492704955,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:2
  2⤵
  PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4472

C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe
"C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe"
1⤵
PID:3992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
b93e1a10c5dcd3f3c071394a2ee23be7

SHA1
21ccafc0f8e7b1fcc9490714dbdbce9a858000dc

SHA256
7a7d2570f641b32923abe965440eac1bf9342e2c900a7b1f2e2ed6e95235d9eb

SHA512
bf44118b17fc55f13157127fff7e03c588064be5b700e91b271b504d499e08f499eba8c33df51513301213fff07e477fcdf686d47b1049c7b58be52270a0769d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
15a0c5f62e522250c0a963ef43ae05cd

SHA1
de02766c081cd2b21ef48715584bac615587c276

SHA256
5a55401bc65d510877e683540204c516e7586fe2fa11f4837066e3ae133c257e

SHA512
7f30fdc2a68cf4b0881abceab283708a36a499ccf7cbde93dcd2d1b1f2855a8a6e88cfec0c78dcf3f4a8371817a8e3b7d2f3892636bba827a8f4f7b58a76869e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bf28a0a5c3ae753748f0e2f8acf61557

SHA1
3b1510281cbe6aabf6dafa4cbdfa02d9ce493812

SHA256
f3167408b8f7215d3af6c17dc23e092b3f7fb120e40f8a856a2becd99f99c15f

SHA512
f9088e1b854384fc2c9d2ba22d9eab525985b0278bd29326a60a7780a6f625e6a318b8b3a75c4b5e686fe0d21d53671a29f74f40662721f6163e448ee87688d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e38499931ce3f4ee8ae3536894bfd71c

SHA1
25e0b3fe631fd78347a06ce2633051bae8bc7c94

SHA256
5e718074250e9ad9dd090838d3b3f1c25b6d6e690a6cff13a433c5593c3cfe5a

SHA512
0f53e4bd85f5d9744e0bc91c3fe3d8a508aac29ecb6babc83913affab37085380f211ed5ecfac2e6571ba0246f35d699cb0a58e474b92cf5ec97aa440b7aa5f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a5b3868fbdb41f1d88234a17eb9b3691

SHA1
3e776da17fcae62b7f2d63ccd76f4cfbdd39e2f1

SHA256
123649b49a452ba9f63729d20b331d5fc8f71637ca736fa6db2249e45d2beed7

SHA512
c2445d50c1d976630f44c8e1c19862ca47dd5a6a5267fffdb6d88a5702f9cfb8db7ffce8c50b25365f53baa614f5d36514edc18f0adb555d86d8be2609f50324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bc4317a49925ebff16f60795daeb731a

SHA1
ddbcfb5cecedda10c364a10bdb94046eca769823

SHA256
2ca11b2a961f966551120ae993a2a8ef962750deb29d777549061a678c329683

SHA512
93dc5038c5eb23aae495f00045ffff2effc0a3c829a47555a9af4180dbdce3eb9fa64cee298147853838dccfe805dcb6103107d1d15566bff467a44424e45259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
da52e1f7984f53c5507c93585fcd7140

SHA1
f399ffc82bce44a8dba2471ccd2d43363c520872

SHA256
7bc7088afa576ce5475bee22630b83a0a503354e5d0dad8bacf31fa05dd49a62

SHA512
335dabbf9686df4b6016da721439d46c1b26edf15e8b9bd865e9a5e0706bc78d8b225d02e6692cc30f052fc84345330da2031885323ad261a08634144d7e6e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e6f0132aab77b25f1fff2018e6bb0305

SHA1
f59a96c76af7e36167dc4e9c89398d87619abb6a

SHA256
048b6a82e5f9fe12671ce5bab0000b1bbc58d9de754fbbb5ced70fc1f2ae8369

SHA512
3dc5cdd6702b31dd06968419afeb2939bc457c51238aa35d0c4c4960411f804316402b3337c85fd13619e44330c40c6e30eb141bce80b428bf3765596ff4654d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp1CC6.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp1CC6.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp1CC6.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp1CC6.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe

Filesize
256KB

MD5
0e91bfb9ae817faa92a6d4f848d6b1c9

SHA1
e0c4c23a0a9ab858266e285d8c7cde692a56550b

SHA256
d73460ff6f24d59185905e75d00141a7c047d1089f5d182c8e846d9d3e0c0d01

SHA512
b8296c3c13ab9038c4ae48f2acaef41b116c4c21a975c2ba73e28a3a6abbe2053ab59774b095df530db244ab592f1711abaeaff20c9e3355162a16be2a189f1f

Download Submit
C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe

Filesize
37KB

MD5
c6069657008dbd91f758e243b48323c6

SHA1
6028b2058fca362eefd56947682de18b13b16bd4

SHA256
8f363603f6bde63fb83579feabc1cff13ad9a08a2c6077af36d906b4693b3abe

SHA512
958f34e92857b01e068b73c1824a1777f3260add4bab1e611ec4a0a3aa202564b7c015bee0c6ce3a5117714eca40ecc6eda4710f0382afdfc5e80f43cb977d58

Download Submit
C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe

Filesize
320KB

MD5
2172bb3c0bf417e809bb768b20b841cd

SHA1
f7de11a1c667b33bf04a626c2f8918323fd95f50

SHA256
ff1ccb72b196334748027080de8e6412074cc056ba8fc7d1d83283d09ba0e48d

SHA512
1a7172cc8aea0d324be653726ecb8033c4e576ef02b9f697643f5a3dc0a05f110901ec8293b2d85fb36e1f27ccd4ffe4e17516484a9340dc5239f0fbad98d590

Download Submit
C:\Users\Admin\Downloads\Lust Launcher Setup 1.3.8.exe

Filesize
128KB

MD5
43066621a35d53d09925670d7a6a2e81

SHA1
fe9a17bd0c185915b67c73d1b3ad7fefb33bb5ee

SHA256
9027aa4fc43fce27e75b15d623a5c9fc31a3317e211bb312ae2bda0a016dba62

SHA512
c8d46fc5c8deba5883bd50471530c1381d1726967153c99908cc2998b12a7c5f3a6a9a47ddd42fc78fd5d1592aa621b2334337e73de6839df939ce3c61f52721

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 788752.crdownload

Filesize
1.6MB

MD5
800719f4ab819793893811f6a098d947

SHA1
e3662ebe00d775edbfb19c955b5e7f40b3dc832e

SHA256
a606336cb1847fc0ab341b22e092e8824c85d4e8ecc0d9259aa71284d1a1daec

SHA512
f052f19c3118bf19bcf5b713b894aec5fe0cf582fef7849e1081ef952b0cf0e3ac411f41559efea1d7b5a103e49a4e31f545df0efc52888c33710907dc62479a

Download Submit