lumma | 05d7d827fbcd8c1a234325f3a43a0d920db5c4832fc227ee3bd1fbda3e8b7857

Analysis

max time kernel
290s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

index (9).html
Size

13KB
MD5

12e5536bcda00a8c1e9bce21c4ec64ae
SHA1

ba047a81e59f3c518d4ef8d0e7b296b8a44be785
SHA256

05d7d827fbcd8c1a234325f3a43a0d920db5c4832fc227ee3bd1fbda3e8b7857
SHA512

1d5be1909a660323f281eea6bf83eee438b6f3892acc06c71ccd3fd559cc8f35bd286413dd7dab23f572f46b78e4b552c9a85177fef58a52ba93e7f199d51b01
SSDEEP

192:tDhfl4Owlroa7KBmydy5RG+NJjl51AT5EyqQiB4zo+YplmwIR42PN7y6yUHgL:VFKFG5E/QI4mmwz217jiL

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://dangerou5533.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Executes dropped EXE 2 IoCs

Processes:

Unlocker.exeUnlocker.exe

pid process

5164 Unlocker.exe
5548 Unlocker.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

94 mediafire.com
95 mediafire.com
96 mediafire.com

pid	process
5164	Unlocker.exe
5548	Unlocker.exe

flow	ioc
94	mediafire.com
95	mediafire.com
96	mediafire.com

Suspicious use of SetThreadContext 2 IoCs

Processes:

Unlocker.exeUnlocker.exe

description	pid	process	target process
PID 5164 set thread context of 1912	5164	Unlocker.exe	BitLockerToGo.exe
PID 5548 set thread context of 6128	5548	Unlocker.exe	BitLockerToGo.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Unlocker.exeBitLockerToGo.exeUnlocker.exeBitLockerToGo.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unlocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BitLockerToGo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unlocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BitLockerToGo.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exetaskmgr.exe

pid	process
1944	msedge.exe
1944	msedge.exe
5088	msedge.exe
5088	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
5980	msedge.exe
5980	msedge.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

6056 OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

Processes:

msedge.exe

pid	process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

7zG.exetaskmgr.exe

description	pid	process
Token: SeRestorePrivilege	4508	7zG.exe
Token: 35	4508	7zG.exe
Token: SeSecurityPrivilege	4508	7zG.exe
Token: SeSecurityPrivilege	4508	7zG.exe
Token: SeDebugPrivilege	5868	taskmgr.exe
Token: SeSystemProfilePrivilege	5868	taskmgr.exe
Token: SeCreateGlobalPrivilege	5868	taskmgr.exe
Token: 33	5868	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5868	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe
5868	taskmgr.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

OpenWith.exe

pid	process
6056	OpenWith.exe
6056	OpenWith.exe
6056	OpenWith.exe
6056	OpenWith.exe
6056	OpenWith.exe
6056	OpenWith.exe
6056	OpenWith.exe
6056	OpenWith.exe
6056	OpenWith.exe
6056	OpenWith.exe
6056	OpenWith.exe
6056	OpenWith.exe
6056	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5088 wrote to memory of 4840	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 4840	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2064	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 1944	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 1944	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe
PID 5088 wrote to memory of 2392	5088	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\index (9).html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefb2f46f8,0x7ffefb2f4708,0x7ffefb2f4718
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6564 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8328 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7268 /prefetch:8
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,17758238069064949557,7948056202780231464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:344

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6056

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3780

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\" -spe -an -ai#7zMap29279:108:7zEvent1346
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4508

C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\Unlocker.exe
"C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\Unlocker.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5164
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1912

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\changelog.txt
1⤵
PID:2628

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\config.ini
1⤵
PID:5612

C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\Unlocker.exe
"C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\Unlocker.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5548
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6128

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5868

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\main.ini
1⤵
PID:5128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
62KB

MD5
fdd3922edde39c73dc37b568650e47d2

SHA1
1566ef03ec365d9d7e4ac9fc9cbb4e5609b9b976

SHA256
d464beb2c15b29d24af42a7cf74db9539652dba74de861feb169145b5589a3ad

SHA512
b3c7e48d1bdf62d8436ff428af14155a5c2e834ffec8003e9457fc1458cd77b7474210edbb5f57eb838723844f6139b3c523d3a9d1d4f525aa067bbccb9e146a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
31KB

MD5
a4da976dde535a4f11ff4c9d57a8a56c

SHA1
fc4c29049db6d81135507dc3736cb638340f55aa

SHA256
6b85680498d0061e6b748f0fd9c904c74eb9f265f7d6ff6b33a37a0656164bf9

SHA512
e3db7eb080a2c927ec3a223d16d818cc76f9da51525a91b8eb3cc9e15106e2939ef6d550121b8cdf76d38c001971662d833d70a269ccf35d36278d25cf42aa18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
20KB

MD5
02d0464758450d87a078aea4e46187a1

SHA1
41154a61b8192c00a4f03e5ce97e44ecc5106e74

SHA256
c6aabc7504bbf101eb3b39fb3f831b61148f34605c48b02ba106aedccde52750

SHA512
9af139023983a975acb29147037f4fa8ca820e15b4c5f471e2cb000909970ffbfda2b210c8330cea93271bfde3732455a545730e242f1a0e59871bdec702b39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
41KB

MD5
5b00250ddf5a7b2d79d06f0a136fcd79

SHA1
14b9879e612c4a06aa19b5e81f887ba05e773234

SHA256
3884b9680767ec5e001eb84245a346efa31e866a6006a78f4038f8fa6f575b73

SHA512
9f6ca0bb0e6a05b294f6aa9b007ecbec7aec0d07f4c63a48056c7322492f7041fbf24262b3e12a99af4c4d91572477f33860c67f44bcf632fd21c9556049b342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e20c9e1f11129e959da3da5c81a1b25a

SHA1
3b4f0692c84325b57195167835a455ad4ee59a30

SHA256
64543e9fc23fec786d19f5329524c9e9877276c05479f8f6e31d3cf16ea46469

SHA512
1d6aec2ab7b7fa4306443e8dd15fa2a9ebac7b884866084746a8f9852715415ded3154f9bd685b4f568f8dbd2ad87db4533f3282315e299326c584c43b7f49ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3312702acaa75ca644d51a4a2fb2948a

SHA1
4c6dd88cf6827f42121a19c6c46beb0768a06e20

SHA256
065cc2460805e330ac6ae8fa5f72d1e230c6728179e21ea4afe0b4a44106df54

SHA512
3e2de828f5a905aff08cd9f8200502892955a886acdeca7070cce7fd3de70e298c7e4990c4c86fcdfd4db6bb991801761ef2ffd2ea9093ef215b63886b60d7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e3344c2623a51ebf7f72bab202959044

SHA1
a30a47fe9bccb0b4f2b87cd39680916dddb3ba62

SHA256
3097e3b9c81eb8d0fa0f5f93364f925ed3d3321e637701670d543a8f405c8f89

SHA512
e1c64e56345c311f1095ae2379a6669b7c42b5ff17af3942d9c8383b2af38c6b67482650dc234543bd64618a6c0d97f38a8b5d2ba5c29fc6a9f9ca3726c2e96c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2e3115dbb320bcf68e062d893ad597be

SHA1
6082c90a2c539add883a483ae4d0865bc32aee64

SHA256
23d039fe44fdae5ed6ac15c3f1e4e29cae390cfea29ebcb4b5c7882a89672c80

SHA512
0aa2a7f11a8134cf0d629c020791d7346f405f43bc5f82cf9fd3a008102d41900cfda1969ed82c7bd099458eed69c5fe108ee474a864072748f88d3d2b678810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
931B

MD5
01f75c0cacdbeea5d29a25eae5f7b36a

SHA1
3e53dc35670550f2d56c4e6c3045eb82b13ba83b

SHA256
e8409d5e49bebaed9676e0593e174bd043ce10cebc2485fa2cbcd031cd4326d3

SHA512
a33fa4b28a9dd15a3a9256089464b294688b5750cd726f352204987e9ae4a95e62b411f8c10550daa1c2e4145cad7531276761e5e7484ae7b9a60a779ba4c7ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
f7ecf4a63c8e7d085476363574c62770

SHA1
b8886f800f0ad9a001da10a1b3acaf5de04c4fe5

SHA256
c00e8a5ee0599d926ef8f6e27ab75b9d0e1f6093ff527a863a9cb6b7c013af60

SHA512
7c23cfad5077c7ee63306c1854a7883d2a53c0a01280116ea36135363e725e09a92d1702b03d531d5f26636cff57073bb25be5b17b34e3f271d1e7dd9dab6e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
c2b731404dc4300c155095845b1bfba9

SHA1
626da8c1ceadbd07fcc414e60258c2e32b02b086

SHA256
062282d61d368235279992eeb020e4954bc098b6462574405f8b0a08fe4ca5dd

SHA512
59616f6135b35fd8f4d1a2d6cb49a3a8c0e7c857fd54a867a07ee119c1957ee7adff043be9d7f02cf28958347d188757e5a05268f245598f89581fcbbe10544f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30056225ab94b5c60c72c2c21d87d28f

SHA1
9e4e56f182003541aa06d48842b32a222797e0a1

SHA256
7bc9843fd1b5464aa3e567283f25a80d1b355ee39b2cfc8900a8eb641d057a81

SHA512
79e04c56f60a2f0f3c46e065c2ea89d6618ba04ffbb9ac27f320a91370b5f8ad5b43f0b2598d9fa4b96f19a95883f91692e4c4584b219fb8dbbba20b14aa2640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
64a53bb22016867aee124340a46d085e

SHA1
30ad29a1569bd7cf2e8e54732ccf33daf8df4512

SHA256
043589c7bcfc962f6f31f0fe91754ce2b77a4c10ccd1db1cddc496ac4d865629

SHA512
02952cfeecd417fd7217bd639064d5232f359eb187e4825c30e471461e0b28fc517c6fa99d842baf8dccf7837212076c5a33f9f9cc73991a447136f9e46e2a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac5f4f01e020436ba2f3f10198c2ee89

SHA1
119a72d1c1d9ec7a98ffb88468842dd8eb1ac483

SHA256
5467daad7453be0eac57d86d0b90ff5855005993adc42390bc7066b83c3a5b0f

SHA512
a47fad82d9c415375df9650a07431984cccbe945c4d40194805bc16f87213c88ed78ceba5c1bcb22f01bd68ee9e7e7d8dc65b1a946480c863d7cd3556b262f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7bdd93e985609f8d1baf0bf16cde6efa

SHA1
4cf447163e10d7be07e44b49c366906bd79bee29

SHA256
45c68d14a59dda4eac665480d919d7c4a118e28806b7cc78b30a0815c7408206

SHA512
ac5c7c67807d6176fd7eaf5883933ce9ab8eb0d2dd4c6454e34cf5f95743b5b9648afb942fdc6e0887116ff0ed0f0c75c43938708ec2f56af10e0f81fe8dcb01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d6a20bafa2624ea175999491e226540

SHA1
2db86393093060bb0ae610919ed0bd8598aa7f77

SHA256
69cf4d8ea1e25079f72e646b31f49f6322bb3923fa1364242a6ab7eb5eb60806

SHA512
a37079e36cf05f5b137c52233479f6501d193ab3afe0a8f3efb95c717217ba6b8df7286456c45d1ad70f159e8377324ef512549a30d2d351c802b970d9a9d34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b85913fb9ba2d0112bf2922a4677cf4

SHA1
650d6cc705bdf81c92246b5f9214dbaff0c55831

SHA256
1db0fa9bb0c2ceae29f37ec9af20b92937ec50e8484f285d8b14a3f3a7681ce7

SHA512
961f42a30ae779257e37e8ad6507a1a2bbb5962095a8e14ae394010127dce999d8d1a9f0f41179bb9910df1c6164683e49e1b4bc29fba073e60eefce4f440235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39d250a2e65d3378645ebbe6599c5c32

SHA1
6a03551b397166c36e74143adb48a6281b02cae1

SHA256
a3d90c1e9b6fea9e2beab85144bb03336342d75ab76b745e6e6eaacce20760bd

SHA512
19adb4c28c364926cfce0cb314d4a31f4b314fcdc71d5eb00b4cfd2bc38ac4769cd392afae072b7206dc811bea791ded73acdcf402eb6fdb18208f1afcd76425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7a1ed452ff13b7b74ca73f98990c7378

SHA1
68397840ed92ca4931d7b3043221dec2a99af0a1

SHA256
40b0366d23494e2d3991d495bcf0c8db55e78a8985c2e20cdecf2b494d0b0306

SHA512
8622747d59c6ea21a1d16dccd95743bef090e3ccc7e6d3dc76a7df66be53da2845f878651713d7b47cc4d5773e5cda242c70ebdc732258e2077eb169f13be18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f15721a8b824cc1a66272162b99da56b

SHA1
33b1e44b41b1cf15704924d97c2e2a02328e30d9

SHA256
6dc06e03a93513a64c333049bae0a9e27912d4eb02f08237a1973e8b6a2c15ad

SHA512
0fcf40558543aa854d4a3f1ea69cb0401e772c9442aa66bcb377028035c8988f696c2ed6d0bd16d6a22291ddeca61a4ddc96f854f4e11b4ea1210d9a4c3a13f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
74f5967a962b7b460641cbaa86f0a9ed

SHA1
e3170bda9fa8fdda4370200697fe00c739cb656e

SHA256
f984d2cba03bb6fd0f9cf69ce5b0498f57a2eda6961bb1135a63b22ce7a98566

SHA512
3fe84bb07c2ece77de70958b467fe7799c9ef03a3d78c04bf577e0c97ec7693152fbaeb423c209f00130e929c398b3765f2d41c4e49dd5d2a99b90a04564cb84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a59984b5698b21602658c3f2e23bbc95

SHA1
73c03a8a3b076ecc61bd278240e00bd56ee043e7

SHA256
46b8e2a9325c604204f733f6d12c663028326a90d382b7b5940abd8da6c2d8f8

SHA512
e0e146d9e5ea82696e0d91bd5cea176be70d4e0067408071752ad8af003386c6a6b206fbf0c62c4bf926516dbd23def9e101f85d603d4ea6df6361dd97c03580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8927c9cead243b5bf9ce7f2b73e9706a

SHA1
48b7b3643eda1843cf035931e195a5128c120671

SHA256
eedeeb63ce67c4209dd221a0fee2b6f51900513b6d183a39d3baf6770d60d7ac

SHA512
87e19d2792791991f98e3cb51230629c675ef5da5ad13d8105b7a0d9995130c295d96ef1fa9296e32c61d461f74a3f60ecf421864fb0b0a7440bc3a30cc45847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3c08ba0aecf94ad8aa359f7d1d312878

SHA1
57345c94c264055b22337e7053622f9cbb195d2d

SHA256
45648a754325ef28f92b6524b4a50cdfdfbb34cb200a5231d2c47b631c7a6ea1

SHA512
67af11f7579fee80182efe4377c675105e1bf138516e0db372dcde771ad05f6e8ae5179db7631947129b41762dd45679846a6d01ddf77fcf9c576c8ab50d4baf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
685d721f4fb13b63021d87c507d7c996

SHA1
3aa4b08a5dff8f30157e28a8c6bed9ac9a6656bb

SHA256
8ea1c40b4b6554f64c5b29642f66a6186c6ec6111245aac6de51994601610664

SHA512
568c1059d0d484cf56bec143014d138b8bd92e0297f40bd255a69cbec26ad23389849f5dc9b28484a30cd280eb912dfcf5c387ce798ed10bc0ca0f686c0593f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0dc7f0334c1cc83bf60824a6afe85fd7

SHA1
b3cd9c7265b71059d29d1755376b6c7f2f6fdcc8

SHA256
2c72c6b541c23a520f0e1da09fdc438061c8f7f2c8255abbe3afff4f888cc682

SHA512
93d8570032345c853a5990c8b4c62050d00492390d1205a9794635cc8704259f57300fb347fb37f17e39f98781ecf7a85b6541fbeef989c1eaeb3e0845cc2dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
29ec6dd879fe5250cdd84e8c7aea6e85

SHA1
0c1ac9f58f495d66635eca2fc7687e6c750e6c37

SHA256
f8cb7d051c5a420f171b299f1c06419a143dc5a8a1ca446530d35499a2961ff6

SHA512
429d750cfb1b2020f901571682c1fd312c2e82f74e134f54d5bbf583310b11ad71e859b8edf463896cc867cc4eee519f41bde90fc9a6a18395b011ddf5c72ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b99154c137729df73491c9f87e733718

SHA1
54033e2bed245e423b8e5d58427aea7ef66f41d1

SHA256
881c1f5af79bab722a227ff357c4ad1964a595c3194b4caafa2dc0cbcee67b4f

SHA512
8f313b74f3d2809c41dcc86a7513b778f3ede53a1635565203ceaaf881fe14c038978a48da28e1b0f6bcaeb2ee465fb70d25a0d5de8c3870a90b90392f03e560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b6065d01ed5ce3b92ef7ce48b2a3a204

SHA1
08bf7a6bb0b0062894824f5fad880e860a79cbf7

SHA256
128451df07a70c5451e99fe77a202657b3bf78b6e0e5f372c03cbb7091b91781

SHA512
22620b8065f0571ff43441cd9e865abfcd7636ad1fd83dd25eb0043b4d3d33246acb18ddd8668ff290e1114f92e38ae8d2771b81bb9f6f958c128c8edfadc245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ea6029fddcf0b9d6d7b8314e1ad5eeaa

SHA1
4c1d92baa441199559200f5f20f63023f5d381dd

SHA256
2ea8415b464501673a244f1253d55aaea8302b8d501716f8f0746fefebedb47f

SHA512
e93f5a1caa6c8eac1d08fc6d6c098b2c0a0503cb54235f3fa99316f1aa85f14c31326a3a2abbe97f95c55ad12702d72da1610f5a23d4f7eb45cbc07aa7013dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4a669b4ba52e19c55a4fe20c337d7e7b

SHA1
bd21b574de23e575b0de87c28e69fe9fae9a5025

SHA256
26f5f18c87a40d1b99cbda3240193b1b3af2528c1f5231b4918e7c209ba8b5f5

SHA512
82315b0098b87a6809ba36e21ebd83564a4744b6698fe63122990f32148c388116bdaf08cb97bb9a53bebdfdd85ae327462970f20ac6d3666a36b6b4a88d383c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590287.TMP

Filesize
540B

MD5
1f99a76ee361d959992e4d33bf9bbac6

SHA1
f1a837ef0732e3e958c842623510fd6587544509

SHA256
7be06077bfa24827b98f04f5ee2b2b9062eda25b0055d9745bddb9ffea4d0e72

SHA512
293adb4c8a2c7d78c17af573256ea92bc7e569c678ae7a00caf1b19cd6cc7837d8db459f5741bae9421795919faaeff3d03cfa8ed1c5645d8c7d6c8c60367f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3ff11693a45e0967952749413a190194

SHA1
c94391c61b28f68111bc9c1b6f516feb8bccd9ce

SHA256
cdfebc10d5c15d2c3d86165123f56c437d7c82279923c010cd34bf9fc6e464a2

SHA512
455092f7d2def3efc32ce00922ee1054066441fe39ff4f79c202bc1debebb7f00b3c7d1bfd0d120f7017ca843b889c7d4a2ac16fdc6da88eca48aa24221a1f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3d7d7f9646f6c8008e503e835c26a1b5

SHA1
03989be4ebf6425fc3bf6ea2b1944921de4c5124

SHA256
fa9ec16e4afa90728d793cf1f32dac5db459daafbef70c277642e52897958d2e

SHA512
b6a3ea476b38b26f3133f11094d39bf9c61eb1e0a9d4518550391e21bd9ffe0c2b45d03709cc7b08a3d3803a342050635fc59f17d89fa6862e0e6937b27f5c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8f51057b1cbb486bad85039beca93f11

SHA1
e123bad1d8145b1246b8ab9a384f70d9cc1ba040

SHA256
f2eb354709240d7eab59f068ce246f4e543de12d9eb48a8c6c9684a5db3a2c30

SHA512
4b79ad326fb5072a0383fa70933d0d16bcc6f7d38e0d661a57283fbc72a6b1f8bc8665ee950a470c5231228df80d806e036a53dee33fed60355d5a55e3fdfa9c

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\Unlocker.exe

Filesize
6.0MB

MD5
bd7031b0bf09002f2c3a12ec19cc4e37

SHA1
fa1631399374c25b18a7642f9bcf3cae6b3c422b

SHA256
6042249b965a79be10af5e636246f5d3dc3cf5fc357d4b4db4c4470b38ca352a

SHA512
a8acb56666e10b3e68fe25c39798cd3c9263aa8a59a7eba41d75093e04439b4377e6504755c43f872cb84a4628e9a252a2de197b1b76fb4e597eb731ec66f431

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\Shared\Shared\Shared\Microsoft.SqlServer.Types.dll

Filesize
374KB

MD5
25656a196ed967bcd4b152a4073b8b44

SHA1
a9b64b8a42c9da3243378f2a17a9ff8057154116

SHA256
36c3e5efd0731ccf5ac9a341c488b4fd14c69747f5a3f6e4cd976a7c1288b3b0

SHA512
3903556d2130a219e9795856a14eb28926e3b798eabfe96353300ccc1c11925aff2f417c9ca588f2ddd0df47d6a64517980a39752edade9ad725f6ee4aa16383

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\Shared\Shared\Shared\Resources\1033\sqlevn70.rll

Filesize
2.5MB

MD5
27d0d43f7ee9daefc96eef48620bdb4c

SHA1
83c84ce3c517871dec311500001db5c501d25be3

SHA256
4790c4c828d21865b556b48bdbb0dc84fec7e49e8fbccfd5e75c9dcfb86cae5a

SHA512
fd651fb3cb9335db0a26fd58bc0831a0e91c437ca1a65355b968cf0900fecab1289b6660e64220c330b00c456e1a40e6536e8ad0a3df3f58021f6c1a47861530

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\Shared\Shared\Shared\Resources\1049\sqlevn70.rll

Filesize
2.8MB

MD5
35e743c24d8eda76966acf60ed8b337f

SHA1
9eacb67db44b21d2091a50f2d7a7ba7cfa7bfbea

SHA256
09c875779139587ede45c49cf14173d7ce1b68246471a4f5b67dad021e5085ff

SHA512
a25e279baca808528e8d9c0d824ca008a3666eb62f483dc3c9f81c503c97d22689c4ef8e525bf45844f865200f85a3b0a9b1911535fc427e51269043f5983a5e

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\Shared\Shared\Shared\instapi110.dll

Filesize
47KB

MD5
f9ee4c23a7bdbbb94bbfff3da087b431

SHA1
b8dad015dcd170bc84e8ae333c66e40c7e4090c3

SHA256
fc988b3fad95fd8ad36d829c9bfa2f36dcd517de674705a3928ad3384354f34f

SHA512
9ba5b2865854929f6ce41139c0a2db61ff49291b0a4e8a0ba653ed622406c0cd9eaeaa4df44fccddc03f0ad621ae75db071d93b76454d4be468334069d8bf5dd

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\Shared\Shared\Shared\lssyscat.dat

Filesize
1.0MB

MD5
8079e21b5980d3089761d2366d1c0828

SHA1
77d8430339e0d384a50064697846c8f818f0176c

SHA256
7cb429032be391e6f01065bb772aaf00f979ce7f1766b71d541fa53c58988f27

SHA512
96cb7f455fb567ba5a4e1cb019114d0680fcd338b78d6ed0a2cdd442809d4611cf46bfa95be39e0657b245a1e8c5913d21c53b1f35ee035d4b98af6b51657438

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\Shared\sqldk.dll

Filesize
1.6MB

MD5
9284cdf83b7b75720344b616864e8766

SHA1
0ff8fe5eed78440044f1b6afe117e91d2453744a

SHA256
5ab3dfd1f5c303688593e8779dca3fdeb3075647cc675df4d3a23a0a3f90f84d

SHA512
6b9fbcbafe732720e3bc7b4ff15a1349b55d46fc760ab2961193c4103439aeaa1313a950436de80fa6d2c78e9e4334a1d64c157046ec4ce41c2ce32c6df2665c

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\Shared\sqllang.dll

Filesize
24.8MB

MD5
29f692b545d0493d4d2257439c6969e7

SHA1
fccfcd17acf600abafe4671be0a1e0d9c06ce3f6

SHA256
f51cf85cfe31f0b447ad5d6000d176b64de50b5e7a09a0af9f59c0a23cbc729c

SHA512
dccdd19aba438f40fd944988f4431a905633cd29048de3b45c924350db67ad481bb221546c41145de93bc1f210c5c9e830a6dcb95127c04f8c80924647f027b0

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\Shared\sqllangsvc.dll

Filesize
51KB

MD5
fe645bdecf22601e9fdc293aed23ba0c

SHA1
a665dd12847f2f19a18e68329c98ec543e295027

SHA256
b5108ecfc1dd73e8023d609d5edd8e6dbc5279991a0ae1628f0ca2932b61010b

SHA512
43ac5d53d58c18c0983cbee628ff31dd3ad643b6b9e2ae1bae6d604885538a6733eb05551984dd7cbbb2ae00904e43ba3755ee007c83f874d0627d891e4162b8

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\Shared\sqlos.dll

Filesize
23KB

MD5
d5678b23d062bd0acdc4b6d9e88c9585

SHA1
0f9ea289f11eec5b5bc8a00f70d36b84b33f8455

SHA256
c8fe018e57adbb1a5328192e8e9be4a5eb15829ff5ab2713b00c6be7dca98e1e

SHA512
353669e3d65153425f45fcf0c63b603de96a1213aee9db824865c2a80955c465b2e382f01dc91baf8505ff8b970555cccafacc88f4fb4eb20d32bb1f75703d90

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\Shared\sqltses.dll

Filesize
7.8MB

MD5
344479af61cacc9c64bca055297afec1

SHA1
cc5e66e6dffa8a243193a8d25424dd81c8d85eac

SHA256
ab859a1d945cb99e2e52e218ef442234d1436f9aa9a81b76ebf85068ccdebc05

SHA512
cf76823c207ccbdc298a863b123c9a84e28e3e41c796ceb55d77fdebaa0ed9f7eb5262efd39bd393cc86319d98275a485e791d3d28b2f92a8d9d69866ba946e7

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\cache\Shared\xe.dll

Filesize
399KB

MD5
063ca314262d277a92189028a9e094fd

SHA1
3f8fb62d6b38ae258dbffda4d9470c78753c3814

SHA256
0ec09cd7d58aeb260fe82ca79ad16c353d7053a665d98f4deb26eba5e2b6e9d3

SHA512
0ef025c85545377d67562bef8744c0966262fd5ffe7fded4a9958ad01cab19e319b7f29fb45d4187a4930611d6b0dea0be32097cb78ae8423934080f7038193f

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\changelog.txt

Filesize
19KB

MD5
90df4d454db203057f5860b62f8771e3

SHA1
dc038d536a218fbecb83c6ad28990e9b8e655699

SHA256
8bd137ca8047a040d6d7e96b68910bc3b78b9b223c13420113f92c0e0fd39452

SHA512
f498a5987530cf8595c34450df616bfb890a566e4faa4f4bbe6669ef49c8bc0864533ab376661ebfc8857c7b86851d9c489388e60f9da48bce5dd39a0db19223

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\config.ini

Filesize
5KB

MD5
f78b8f3d265b4e9a706ed0aae70bdf9c

SHA1
6d73ad3954fd8fda80911071efca1910fd2d0a3d

SHA256
dcae62d049c4dd496effab6f02220bc270c6c098ebb55a5a6e55fbafad2974d2

SHA512
c44887c08d1239969aaf9934921f1a7341b87faded169136fcc0539d62de3104ecec0e3ac7a28eb3135cb449f58310b49f868963b64b920210d1c55104e7e7cb

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\scripting\Management.log

Filesize
8KB

MD5
ff765d6581fe6568aaae19de239b2e7a

SHA1
78b09b0ce2e59ce87f65251ea903842c1c77046a

SHA256
4dd051de9b04902fc59d411b1c27c42007cacca4ea52e88d71c897cad1d990cc

SHA512
8fa7c766fc1ac48408d964eb9844f9c4a2fb3e33357e736230024788ec71cb3c338397e16f8e556bbcaafd83c58f3af6a55ceaa9daff290b0e687093e5c97a2e

Download Submit
C:\Users\Admin\Downloads\DBD Unlock All(UPDATED)\scripting\main.ini

Filesize
4KB

MD5
d2e799c6b2467a0a4aeb0cba508e8a30

SHA1
349e50e830cca26b03a0e32bac1f9045a72eb406

SHA256
d3d79eda930253d1ad388f60a56775f7d6bff80ce5a4e07c812d7d338fc93593

SHA512
f1d14875a6379b450eb5dc2513a1791ec65a6fb237db94a74621c70ca5d579428b7cded35ce3bece884faaabca4f0705de73fb5cc8b2d60be995b2be66cb20c2

Download Submit
\??\pipe\LOCAL\crashpad_5088_QYSEMPRMWWRYSOLN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1912-1408-0x0000000000600000-0x000000000065A000-memory.dmp

Filesize
360KB

Download
memory/1912-1413-0x0000000000600000-0x000000000065A000-memory.dmp

Filesize
360KB

Download
memory/1912-1409-0x0000000000600000-0x000000000065A000-memory.dmp

Filesize
360KB

Download
memory/5868-1463-0x000002673A240000-0x000002673A241000-memory.dmp

Filesize
4KB

Download
memory/5868-1454-0x000002673A240000-0x000002673A241000-memory.dmp

Filesize
4KB

Download
memory/5868-1453-0x000002673A240000-0x000002673A241000-memory.dmp

Filesize
4KB

Download
memory/5868-1464-0x000002673A240000-0x000002673A241000-memory.dmp

Filesize
4KB

Download
memory/5868-1452-0x000002673A240000-0x000002673A241000-memory.dmp

Filesize
4KB

Download
memory/5868-1462-0x000002673A240000-0x000002673A241000-memory.dmp

Filesize
4KB

Download
memory/5868-1461-0x000002673A240000-0x000002673A241000-memory.dmp

Filesize
4KB

Download
memory/5868-1460-0x000002673A240000-0x000002673A241000-memory.dmp

Filesize
4KB

Download
memory/5868-1459-0x000002673A240000-0x000002673A241000-memory.dmp

Filesize
4KB

Download
memory/5868-1458-0x000002673A240000-0x000002673A241000-memory.dmp

Filesize
4KB

Download
memory/6128-1467-0x0000000000630000-0x000000000068A000-memory.dmp

Filesize
360KB

Download
memory/6128-1470-0x0000000000630000-0x000000000068A000-memory.dmp

Filesize
360KB

Download