Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

10

Resubmissions

29-07-2024 20:56

240729-zq79pazejm 10

29-07-2024 20:52

240729-znqa4athrh 10

29-07-2024 20:33

240729-zcc7dsygkm 10

Analysis

  • max time kernel
    169s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-07-2024 20:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?usp=drive_link

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://kaminiasbbefow.shop/api

https://horizonvxjis.shop/api

https://effectivedoxzj.shop/api

https://parntorpkxzlp.shop/api

https://stimultaionsppzv.shop/api

https://grassytaisol.shop/api

https://broccoltisop.shop/api

https://shellfyyousdjz.shop/api

https://bravedreacisopm.shop/api

Extracted

Family

lumma

C2

https://horizonvxjis.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 62 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?usp=drive_link
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4908
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1d1946f8,0x7ffa1d194708,0x7ffa1d194718
      2⤵
        PID:1736
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
        2⤵
          PID:892
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2800
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
          2⤵
            PID:3792
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:4204
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:4976
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
                2⤵
                  PID:3580
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
                  2⤵
                    PID:2136
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4988
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5960 /prefetch:8
                    2⤵
                      PID:1216
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
                      2⤵
                        PID:4268
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3328
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
                        2⤵
                          PID:5244
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
                          2⤵
                            PID:5252
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                            2⤵
                              PID:5484
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                              2⤵
                                PID:5492
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8891552564836365438,3144135128845489834,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5044
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2908
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3080
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:5208
                                  • C:\Program Files\7-Zip\7zG.exe
                                    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Main (1)\" -spe -an -ai#7zMap28308:78:7zEvent8194
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    PID:5784
                                  • C:\Users\Admin\Downloads\Main (1)\Main\Main.exe
                                    "C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of SetThreadContext
                                    • System Location Discovery: System Language Discovery
                                    PID:3308
                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:6008
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 960
                                        3⤵
                                        • Program crash
                                        PID:4628
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 1284
                                        3⤵
                                        • Program crash
                                        PID:5636
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6008 -ip 6008
                                    1⤵
                                      PID:2200
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6008 -ip 6008
                                      1⤵
                                        PID:2348
                                      • C:\Windows\system32\NOTEPAD.EXE
                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Main (1)\Main\output.txt
                                        1⤵
                                          PID:908
                                        • C:\Windows\system32\NOTEPAD.EXE
                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Main (1)\Main\proxy.txt
                                          1⤵
                                            PID:3736
                                          • C:\Windows\system32\NOTEPAD.EXE
                                            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Main (1)\Main\Instruction.txt
                                            1⤵
                                              PID:1916
                                            • C:\Windows\system32\taskmgr.exe
                                              "C:\Windows\system32\taskmgr.exe" /7
                                              1⤵
                                              • Checks SCSI registry key(s)
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of AdjustPrivilegeToken
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SendNotifyMessage
                                              PID:1612

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              1f9d180c0bcf71b48e7bc8302f85c28f

                                              SHA1

                                              ade94a8e51c446383dc0a45edf5aad5fa20edf3c

                                              SHA256

                                              a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

                                              SHA512

                                              282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              60ead4145eb78b972baf6c6270ae6d72

                                              SHA1

                                              e71f4507bea5b518d9ee9fb2d523c5a11adea842

                                              SHA256

                                              b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

                                              SHA512

                                              8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                              Filesize

                                              41KB

                                              MD5

                                              9a25111c0e90867c7b8f41c5462abfaf

                                              SHA1

                                              0619625d479f31cf145c2e3714de0df4a69169d1

                                              SHA256

                                              41bb42020f1beabc9e72913ef6a33aa264556ec829ac70fd92c9c9adfb84803d

                                              SHA512

                                              0fbc3c64d6f5acc2c0dab67924b0c669fefa994f449240d1f6b78dcac3538343938a4fae972726156189f05806d3aae0e333035df52605ffe28886b82f31ccdd

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              624B

                                              MD5

                                              319d17ccba3c15e16f969632b6c15c28

                                              SHA1

                                              83d02080a097fce267d86001941ef7da60df0e1c

                                              SHA256

                                              50088fdc3fc97e85a703a6351f20d850eb9cd9aff4c21dd147dd8767138c0b34

                                              SHA512

                                              362f5d3bf987547d329eccce40cfcf36773a2a5e555124b0d41693eb6de7a374ac22f4d41d4142d86ba260889c4400b209f0107274b50c300863df0d5af0e9c6

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              3KB

                                              MD5

                                              bd781d83e7fcd2251304b7099a04f3fd

                                              SHA1

                                              0927ffdc6a49520c92dbd14dad62d0375d547138

                                              SHA256

                                              f22b3b1b87c49a981575295ee52477c3b65599fa2102f4c4365a9c46aeacbbaf

                                              SHA512

                                              253050c39ebfc84a9a6339f6397c1f57a720626cc3cc93c3184b70e17d9eed760e5d5cd4099b02301a7dd0e32cfc335e7f73e6096615df9cf81b8f7190d052f8

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              3KB

                                              MD5

                                              0b7867e9d8b270833c071b1671f05669

                                              SHA1

                                              ef5b18b8e2c8a762f66c74aa4f64ef789f84437f

                                              SHA256

                                              1e474952fa50958a42cf0cda0d9af5ac4e50878957d2020982d8c36871e6a728

                                              SHA512

                                              6039c5a8f160ab6f2f24c29a105731d2cd92a38567f60e30ee93b8cd16bf30df677ed3cdc177f6ba1fec05869e6f8e4c0938ca3e6d8cd4ef4fb59a8d4ff002ad

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              519bff8b315e94360b048a2320e6c271

                                              SHA1

                                              14a811429e79ebdfe9da172d5a00a4b8205b8343

                                              SHA256

                                              c2ee710f349632950c8c4ccc382f8b0edc75578921ed33527d63a49499fd51aa

                                              SHA512

                                              be377e408b7118b8aade517d9cf89bd170a1c1f0f4a75b5ed956973e98754662c9bcdf38b055cbadb4e25712b7be8688c05fa2f8d93f35f17fbf7928685035cd

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              c0df5907dcb737174e07e48c05408308

                                              SHA1

                                              de61a928e8d78dac55eca49781cfc7830f8b2003

                                              SHA256

                                              a7e2f979af23acb13d90aeb38d9f90e525a04c07303703c11f510a5c730c9d42

                                              SHA512

                                              fa858e10dcf7df3714969b7d911a49f67a67d7b7912c3caff4da9bbc59c7250b30607a7a28fa0a112cada7710241d8812ba5d285c8a25e43480df1196f5da0f5

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              c9c9eae1d041432ed091ac9dcd13d503

                                              SHA1

                                              d609dead878ae96642916a79584772a1e4658498

                                              SHA256

                                              e8205d8efbf7cf85b4c20fd424b3c2cb0954a50e351b4858f5e7f2c2e52a4979

                                              SHA512

                                              1a50758b8575962a6ba1074a1dc56620aa44e174d99ff66e56f0f1bcfa507e4a9fb4bd5ded2ee4f09e4a9a00b9ec045a82177a865dba92cf5de6628b1b097bfa

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                              Filesize

                                              1KB

                                              MD5

                                              a32c379bf3123bd273183f3ff67d371a

                                              SHA1

                                              d793a9219884f0001d992304331626983e2ceaf9

                                              SHA256

                                              a773f66793bcde194ff3f112cb9fc24b836d1a252a18423b6a1ae6c1e4d7a5cd

                                              SHA512

                                              ba339ad7944ab3d919955916ef9734918b03e24e6ada15867e7d9822493bf4a9d54105324126fc2ba77ffce4ac5fad5485352a3f3dd5fb51f2e470e60ce56917

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e31.TMP
                                              Filesize

                                              1KB

                                              MD5

                                              014c23910c4f125c95bd668039e92543

                                              SHA1

                                              f4e3b843a60bcb31b0a707a7e65ed8845c617661

                                              SHA256

                                              cdc030f3da6d5045b40e71933c329a1616b049d7324f5f96e7536681babf9214

                                              SHA512

                                              f0748c112f3d4ed073e3a71eab20de9eca8d90c3328cb64a9243c9e8e75c42b70d9bfcd91640068155452933cb0ca15644f723bf218f1714d03082b89d8fab8f

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                              Filesize

                                              16B

                                              MD5

                                              6752a1d65b201c13b62ea44016eb221f

                                              SHA1

                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                              SHA256

                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                              SHA512

                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              e42249a45b99005a1e196c739a0d4f22

                                              SHA1

                                              ce405779c716817b062d70887fc161c6aab264e2

                                              SHA256

                                              80b73d18ca9cfc4d10a916b3d562959fce294a66828487f510142636d2e31fc9

                                              SHA512

                                              8d5043436371711d11610a9534f95fae964a92e25fa54855a08fc63a616166ddba2083f2979e76da8e7130cd9c157db6f302671c5d01e36e3b36f3926ed91d55

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              e9230cec26604c9b6912dc35e719f32a

                                              SHA1

                                              c9f3b0f493d6d6b067054b39f178a88fdd67e6bc

                                              SHA256

                                              10e7fa6ab146473df9ecd30800b0157cd17ecb9b9a486793070bd106632b30d7

                                              SHA512

                                              07d675ec7a07f729689d2296db2900ef2b55b119b2508f83457e0e05ed5b7c980729fb53278e47c72d2891b4ca6d6ecad093b2559bd541525bcab7dec84b0861

                                              Download Submit

                                            • C:\Users\Admin\Downloads\Main (1)\Main\Instruction.txt
                                              Filesize

                                              154B

                                              MD5

                                              8e19bd05b12065a4c547a6e919eb4e42

                                              SHA1

                                              c2381ebebb3fefcd4c3625b6dcad86557e692234

                                              SHA256

                                              5c03dcdda71119fa5bfad076bec87320295c3ae601151382c44a894bdaf0d21f

                                              SHA512

                                              61b874eacd350a9feb571058d4096a42ffae6b141dab5391c77898b60c3d035807221735467af56ccb957394b7f87499df7f41c6f46cd7c5a368fc90d412782f

                                              Download Submit

                                            • C:\Users\Admin\Downloads\Main (1)\Main\Main.exe
                                              Filesize

                                              521KB

                                              MD5

                                              98455c0df4aae673a4715d71afad2c5f

                                              SHA1

                                              da48917d453ca73fbaeea46e7e857af0b9402112

                                              SHA256

                                              c16f0c5883cf636187f80467435851e2f966e47d9797e6a7b0be44d61018f5bc

                                              SHA512

                                              11bd87ea1606f7592f09b07aea73485624a4590f209e64514643680bc2775f0d1a5ff1bb1d492476d654c27994ee38c083f83322d27dc69fdd7d1082468830b4

                                              Download Submit

                                            • C:\Users\Admin\Downloads\Unconfirmed 891387.crdownload
                                              Filesize

                                              419KB

                                              MD5

                                              11e40cd744c1b342988a44c3632b360d

                                              SHA1

                                              6377ebcf8b46eb0bef07321c4ebebb29f1b13565

                                              SHA256

                                              f00c12f1feff9ffc6822df557ddfdcef9202e9262169cd3073a64560159efcc6

                                              SHA512

                                              59ad5d806273828c7e5aca95d3fe9181128c8f92e7da561f663718002a4067e5ce061b18a3993ef7931fcb0289d1361c9000cb4175d600f138de4d6ebda05392

                                              Download Submit

                                            • memory/1612-292-0x000001A33EFB0000-0x000001A33EFB1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/1612-293-0x000001A33EFB0000-0x000001A33EFB1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/1612-291-0x000001A33EFB0000-0x000001A33EFB1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/1612-297-0x000001A33EFB0000-0x000001A33EFB1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/1612-303-0x000001A33EFB0000-0x000001A33EFB1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/1612-300-0x000001A33EFB0000-0x000001A33EFB1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/1612-302-0x000001A33EFB0000-0x000001A33EFB1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/1612-301-0x000001A33EFB0000-0x000001A33EFB1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/1612-299-0x000001A33EFB0000-0x000001A33EFB1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/1612-298-0x000001A33EFB0000-0x000001A33EFB1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/6008-267-0x0000000000400000-0x0000000000455000-memory.dmp

                                              Filesize

                                              340KB

                                              Download

                                            • memory/6008-266-0x0000000000400000-0x0000000000455000-memory.dmp

                                              Filesize

                                              340KB

                                              Download