lumma | hxxps://github[.]com/pootiegirmest90/pootiegirmest90/releases/download/lat/Git_softwares_v1_6_8[.]7z

Analysis

max time kernel
99s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pootiegirmest90/pootiegirmest90/releases/download/lat/Git_softwares_v1_6_8.7z

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://uncertaintyrestsju.shop/api

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Executes dropped EXE 1 IoCs

Processes:

setup_v_1_6_8.exe

pid process

2424 setup_v_1_6_8.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

setup_v_1_6_8.exe

description pid process target process

PID 2424 set thread context of 6084 2424 setup_v_1_6_8.exe BitLockerToGo.exe

pid	process
2424	setup_v_1_6_8.exe

description	pid	process	target process
PID 2424 set thread context of 6084	2424	setup_v_1_6_8.exe	BitLockerToGo.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings msedge.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

1420 msedge.exe
1420 msedge.exe
5072 msedge.exe
5072 msedge.exe
3408 identity_helper.exe
3408 identity_helper.exe
3792 msedge.exe
3792 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

5072 msedge.exe
5072 msedge.exe
5072 msedge.exe
5072 msedge.exe
5072 msedge.exe
5072 msedge.exe
5072 msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	msedge.exe

pid	process
1420	msedge.exe
1420	msedge.exe
5072	msedge.exe
5072	msedge.exe
3408	identity_helper.exe
3408	identity_helper.exe
3792	msedge.exe
3792	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7zG.exe

description	pid	process
Token: SeRestorePrivilege	3012	7zG.exe
Token: 35	3012	7zG.exe
Token: SeSecurityPrivilege	3012	7zG.exe
Token: SeSecurityPrivilege	3012	7zG.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

msedge.exe7zG.exe

pid	process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
3012	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5072 wrote to memory of 1152	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 1152	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5224	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 1420	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 1420	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4968	5072	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pootiegirmest90/pootiegirmest90/releases/download/lat/Git_softwares_v1_6_8.7z
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff427246f8,0x7fff42724708,0x7fff42724718
2⤵
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
2⤵
PID:5224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
2⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5524 /prefetch:8
2⤵
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
2⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1
2⤵
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:2064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
2⤵
PID:5644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1500,12391623248827211623,13320524868275817598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4460

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Git_softwares_v1_6_8\" -spe -an -ai#7zMap6316:100:7zEvent799
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3012

C:\Users\Admin\Downloads\Git_softwares_v1_6_8\setup_v_1_6_8.exe
"C:\Users\Admin\Downloads\Git_softwares_v1_6_8\setup_v_1_6_8.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2424

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
2⤵
PID:6084

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
265B

MD5
ee77ee0ddce6df6a4cf39b6d19ea6b4c

SHA1
d5407a3c365266b7a794e647bc17ed9e06b4389f

SHA256
79a078c39145a1dc1c27c15f05bb7a39bdaf7aec14fd85a2dcfd36b95a3f5b36

SHA512
1841689b05aab9ba73ac48bb390c148e92d218b07da6b89bbec900bcb84055fe2080115545933d495f6e8f2506497af930fbab1c68cf65ff080f2d5a61b30eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
872eefc10ab8e0920b831e3d93400989

SHA1
d2e3f0b2c09e6ba0ceebd525e0e2d95d252e58f0

SHA256
84033a48a03e80a49b9f7997c1eb075d413073e400d4c9fd076b6647a9c342d6

SHA512
c1d69fb5e8c912587ce6ad92bead74af39d98b723860768594a4050927da19a02dae339f1c6312772c0984c7844c1cb3890678e955e209731b6d802e305f7ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b27f1f9058aa5a247cfde9da9e3a35f7

SHA1
765fa9e9e1ba2814e858ab59dcd01360e4a0a77f

SHA256
52d94d0a710cbb3563d907e3009bb028464564e934daa26319a974dec74db37c

SHA512
25813689ce39888224fad20dc32c80ac7532835ee75bab0aa2dbfbb3497303df9b41236a4a4dedca18c25bd6511d137cf22caac5471200feeefee6dfe7a9bbbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c1184a8b594b73d59eb674c294ffbf97

SHA1
80876be5625b86cffed7e8abb50e0ad4d0c974e8

SHA256
9117142e652e8924fa86eb6d6cbaee561ae85abe3ca7ccc8fce724b752412a35

SHA512
b4bfe59f99dd500204727224aca4d714955769688f20862f820aaaf4adc7e5a93f29582548262a5ac548594d74f710d265a0fc200f74aad35baa51a68d43848f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
7a2fc7f4225eb6327d9a3ca6683bb730

SHA1
2b2e684e0ab6614cb25090191fc55ef2e046d0d0

SHA256
c64f4f746aa05d6b29abe413f34838e57a0d978a61e7f7707483f1c53e9e6c3d

SHA512
b1ee344d66ee35e5fa55a58c9d3b75c5aef16d15b7d09b7e2cbe9e9c97cd90176d34dd0c58b052dc0a0da3555aacb4f15758c332f227ce5b6f4f0e61a7bea025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f96d08f83b08d43a72fb58a7363bccab

SHA1
32ca6405a80a8f324191dc8e875d881d9afa68f6

SHA256
df89d539d0e43b0006ba64432eaf976da80bd76c1433a49b5ec2f789cfe561d6

SHA512
405bb01cda233fb7b83cb5768a810c99ca12424af94f3dbf9610622401c8f3bc45f3a164719a248156ce719e74d448455db7bd1003ba16c6789ac2ce11e0d8c4

Download Submit
C:\Users\Admin\Downloads\Git_softwares_v1_6_8.7z
Filesize
32.3MB

MD5
f38ea8e6f448a625a1730d87a8b02f6c

SHA1
05ca580fe9bfa2fe0e55d7b372e7422b13f37784

SHA256
10e0229c5f2d323c370da0a9f7d85ccdd69a4bcb8b83043860a389384dca39d3

SHA512
1ce906b4e4145b7b6ffeaa4163a29c6eb3b2076faa072fe28d52d48172e14f7a6d4f9ad426f8bd771d0013e7e20b1197bcb05cd1cbf2ad7cf802e21188349ff3

Download Submit
C:\Users\Admin\Downloads\Git_softwares_v1_6_8\setup_v_1_6_8.exe
Filesize
33.7MB

MD5
d34a644cd4086c62c19b0f3a91679c82

SHA1
4e52800497ea9634c5581018e66d46d31bafbd4e

SHA256
b44c69e63ec629c2ce2d47e08616796c4b28bcb9bd839def221136cd95ceab3d

SHA512
4a37431b2ee6b4f72749389dd0b07333bc920ec66eda458ea04228b76c81230ca5bb3c895489e1835669f44a1d59a74538445f80ff4429989fdb4983bf55e6e1

Download Submit
\??\pipe\LOCAL\crashpad_5072_TFQYBAGTIINDXIES
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2424-198-0x00007FF78F190000-0x00007FF7913C4000-memory.dmp

Filesize
34.2MB

Download
memory/2424-202-0x00007FF78F190000-0x00007FF7913C4000-memory.dmp

Filesize
34.2MB

Download
memory/6084-201-0x0000000000120000-0x0000000000175000-memory.dmp

Filesize
340KB

Download
memory/6084-203-0x0000000000120000-0x0000000000175000-memory.dmp

Filesize
340KB

Download