lumma | hxxps://github[.]com/fdev0307/Solara-Executor

Analysis

max time kernel
118s
max time network
117s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
22-11-2024 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/fdev0307/Solara-Executor

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://moutheventushz.shop/api

https://respectabosiz.shop/api

https://bakedstusteeb.shop/api

https://conceszustyb.shop/api

https://nightybinybz.shop/api

https://standartedby.shop/api

https://mutterissuen.shop/api

https://worddosofrm.shop/api

https://geerkenmsu.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
12	camo.githubusercontent.com
22	camo.githubusercontent.com
23	camo.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3772 set thread context of 1616	3772	Updatev4_4.exe	108

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2448	3772	WerFault.exe	102

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Updatev4_4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Updatev4_4.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Updatev4_4.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe
1948	msedge.exe
1948	msedge.exe
1764	msedge.exe
1764	msedge.exe
1524	identity_helper.exe
1524	identity_helper.exe
1572	msedge.exe
1572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 3120	1948	msedge.exe	80
PID 1948 wrote to memory of 3120	1948	msedge.exe	80
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 2408	1948	msedge.exe	81
PID 1948 wrote to memory of 4228	1948	msedge.exe	82
PID 1948 wrote to memory of 4228	1948	msedge.exe	82
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83
PID 1948 wrote to memory of 3664	1948	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/fdev0307/Solara-Executor
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff83ac13cb8,0x7ff83ac13cc8,0x7ff83ac13cd8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,3707622185355018850,8271976285937882457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:912

C:\Users\Admin\Desktop\Updatev4_4(password_github)\Updatev4_4.exe
"C:\Users\Admin\Desktop\Updatev4_4(password_github)\Updatev4_4.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3772
- C:\Users\Admin\Desktop\Updatev4_4(password_github)\Updatev4_4.exe
  "C:\Users\Admin\Desktop\Updatev4_4(password_github)\Updatev4_4.exe"
  2⤵
  PID:4816
- C:\Users\Admin\Desktop\Updatev4_4(password_github)\Updatev4_4.exe
  "C:\Users\Admin\Desktop\Updatev4_4(password_github)\Updatev4_4.exe"
  2⤵
  PID:4880
- C:\Users\Admin\Desktop\Updatev4_4(password_github)\Updatev4_4.exe
  "C:\Users\Admin\Desktop\Updatev4_4(password_github)\Updatev4_4.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 296
  2⤵
  - Program crash
  PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3772 -ip 3772
1⤵
PID:1788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cd7ce02856f135092bc1782664ae3f29

SHA1
0f9fd080641fbe4df0ff8296776c691f3a545100

SHA256
18ec736be0ac8bfa6c6d4966c5b9634ed5669e9687dd1bc1c65a583feda7df19

SHA512
96e6b75cae761873402cff014fca60382cb889d664f3664a240ccdae76f9b6cd7be54d54999068b8a6c693bcb89cbc7daa4849d310442b79d67823a6b83ece1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
679B

MD5
04ed3d016204d539ae1b5f32fdd76dff

SHA1
8830765d7f614eeb8ec4989b63c6098f945d9fe9

SHA256
8790ea3a73640459b5abfe5810dfcf1bd4e577fa2fc1ead8475f59727dd64953

SHA512
7afe7965480b745b4aba984676294ae2f4118358d978e519f1798e746b47db15c868ee5bd559a44c8d044e392f4a8bd90630d0460f121023f95524ba3aea7f0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c30cec59a6cf1582dfcfc05ec2a58180

SHA1
416e1ab4e28c7d5b72fb2e67906c89a6f8bc1990

SHA256
b4fdcc919339f9adcb1eea6a0d1c5b12fb35f706aca10342673637b51b4812b8

SHA512
c652ec03d6251fa44d612d84cef0d5647ea20c71af9a6dd9f12bd1dc57c9acfbcfb8ed9a1d6c3a91695602d4b3298476f062b76c1f690e26b3e0d786f83cc735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3723d6cafa8ef25e8d5dea4c5e14c6ab

SHA1
ba78317fa7c67c8b3352dff3e22a10cd02b8f852

SHA256
9c5d83f597a07ebd844bdb74b5b7c7552e335bdebbf611f4fd150bbf601a46b7

SHA512
7848a79064d0edd0cb0fe67df3972dceb0385f6ae9876f41788c2654fbcc1a4aaeb40f7e7bc50f17ffe4a4bdbeca6378f127f7ce303a0fdc4b919686e0311f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26b0b956c6507365a6627041c4a7e08e

SHA1
64a7cc961fbd5a68c8f51c8ea3f2aebe5ec8ef81

SHA256
120cbc181a387843063dd91638c04ed0e909fed250e2d25ccf06000d8a8e9f4e

SHA512
e5bd26941062a89e52a775a6ea2630a27c5cb5254ec94f000a489ae858b69ff5b2e2288cc6484ac27e4c3d8b24621afdd9215a2c2306e322b9a33ab0430731ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84f2d5499f935a14ab53e4bd5c82f636

SHA1
268aecefbb4693264f87c8c1e805a56d469028c8

SHA256
ef1c797f1cb89316b1f10bc0c0a415d3e8d53cfce9da287005465de2b30036f8

SHA512
fecd9a1fb6b20bfab0f0118db374984f8b5ef39ab5982e22d610b4e23bc83f46e491d2e014b3aa0a3f1c1e4aa3f01411710b160f328bb94d7677858ba43f6850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5805f6.TMP

Filesize
1KB

MD5
c490df1c090c412059c7895fc58f52fd

SHA1
deacb8c10de8ce850a322f42380f25be6e700875

SHA256
67a0b010bad8db396e835193ab858e7a76d36ecbe15ba2e52a70291b09d8a5af

SHA512
52419d572dc7ed20cf93843f1582165ddeb2ab6169bcb8823f820dd07c03a7246835754cae82886282cc5c78d0bda304cd9544a275fdb7e35117534d8e6d77fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f2ce823ce0597b174535e4679123efab

SHA1
2d606789a5c02ce1fee5225e2974d63ef78ce1f2

SHA256
62081b5e033e0e0ab996db6aa2cee972af412529b5232cc5e6f6ec6f4789eb0f

SHA512
9b718773441a262aab65c08f4713130ff02d541db434b905c77cfa3996951b1dd0faca66675eb09f546f21e9cfaff13d63fd386328be260d6d23da86e5172faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
48064c080b845f2ec7286cc6a5c8a257

SHA1
b3f41424d3ecc72ac8bd8f7c1a9a10cf732be0f5

SHA256
94c6b04f45bc8d4aa24e62d67f46d42409a2f1ea3e8fffcea20100d3f494111f

SHA512
ca5d32790098ed80771a4042782e48ca950e660f2ad313a3c1d99fcc76b62c24735696c6706adffada7beccad67bf4f623cadfe063af3e42db2910a7890642df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
48ddb7886b6570bcdcf95935dfa7af1b

SHA1
351d68c061aa4fda842eb09d987af43ab6f9e89a

SHA256
d9b8d4c8625e3b611fbd64d8119adc759af6bce6ecd3c7ed6891b681e91012f9

SHA512
86d3ede87d14aec2e0e5d41e0eff250c67624f7db62b143bea192ead2aad558765992b714ba7c2a479bc9fe10df85a76ac3e3da2b16f45ebf33950dd18116066

Download Submit
C:\Users\Admin\Desktop\CompareDisable.wmf

Filesize
379KB

MD5
56878842bf28f48940b0de70206ccf1c

SHA1
46625bb2186c2a8647d3ac2530a999eef24349ea

SHA256
a8823504fc5c261e55465b380fb6de355db5c150b91eb9c961530ab8c625c741

SHA512
744db90310d2ca8973cb898287135ed5d41d2646c930598a8790d06b7c929df9b011eaa77925ee27164571856deeee6b222fda76fc638ceec99c4964ea91e361

Download Submit
C:\Users\Admin\Desktop\CompleteResize.vb

Filesize
503KB

MD5
38621633f9705c0adc3a3baa79b9517e

SHA1
4b64ae7094b00d1790872a09641508e494aadca5

SHA256
45e686cac0afb53f79e8e47a80524257f1bed86610926cba982779ef3ea50d30

SHA512
1bce146de1fdeade2c77745749e301be146df08176633e513a577620dec660aabd51c807015740a4d30c786f779874c0752dfbf1f25e1f389c31e09211f9224f

Download Submit
C:\Users\Admin\Desktop\ConfirmReset.xlsx

Filesize
13KB

MD5
b7bc6f4d27d95d1a99ac1a261fdb3252

SHA1
b7cd91f59ceffc0fee8fad7f9a005699ee7892f3

SHA256
4348bb633897c33fbbe542cd0768ceaca161866e6c523b93224aa40a40190ac7

SHA512
6ca6b527881b969a3cb4d7f9457a47968b463573918c88e5f1de1057503c34d3e438a965706690dcde636aea703cd197b5c9fa5d75a295170a96588030bacf86

Download Submit
C:\Users\Admin\Desktop\ConvertOpen.ps1xml

Filesize
240KB

MD5
7d692d372bcd0e9d3177b691480d0121

SHA1
965ecf489f321a4e3a9d8978e72e69846c306a22

SHA256
a3fee4ffb660e680ff2bc30be7a57bf9949b2ef813f2f4207eae68d5e1504827

SHA512
53cd4aeb88a67df8806eeeb48c90fe541b5422768685789db35dd43f04a9a5719f6e6e0c72d6f1fcdc63b66016b646d541240ffadc89e01a2830d25937497a69

Download Submit
C:\Users\Admin\Desktop\ConvertRestart.001

Filesize
224KB

MD5
6452ebdba897670ec0ded8505bcb50d4

SHA1
fbf2282c75a3fc30575464901a45d9661266e4e3

SHA256
25df6870556277e45ffc1621989c82afbd4bb886d5fd8f4efc6c6be9876a951d

SHA512
38b97675e5b4e35c5edb964d2234535c0a14d8577b306562df5e5de088662eb69c1a15641eba3a6eeeeeb9d7f05f5e47dd428887327f685743413ed64c38e006

Download Submit
C:\Users\Admin\Desktop\DisableSuspend.ex_

Filesize
301KB

MD5
10f1322032ce92f616d833d26b577439

SHA1
b1fd57d82e673a423a2db494bdb0b53c74906ddf

SHA256
faed38954f677d0e1887038645afd3f3f80bf7e1361390138ad65c2c89f3982d

SHA512
d6a0b294550779860129b095ce0d89fe70c5c0272030f10bcb45277d80d488a61ab57d53679f98fe2eef2059b9e51ec21f5b4e60072acabd0c744cacf86de2c7

Download Submit
C:\Users\Admin\Desktop\DisableUnblock.3gpp

Filesize
178KB

MD5
f45d780162e8caaaef5eda1795d4c255

SHA1
8ab2e3a3c03ad9a3e0585c0c9654263512f3d4e5

SHA256
030ce8075919a9586fa9f241c8804cb6391b10f4f5cfa6cb1752d406ee1d8bca

SHA512
5c3646eef67d5834896c3f3b3c858d547d12313e1f95ecd6a1c6ca74a5f072ee57e4df18838013d0d462f382096c8360dd61899ecafb33f3e33eb4fb88620441

Download Submit
C:\Users\Admin\Desktop\ExitPush.xps

Filesize
255KB

MD5
bd23e63f8eef57096b2045c32c56640c

SHA1
e715115d1910fac57ca28b4542598cfdb50e1380

SHA256
fad72ceaf369f9422b50314053dfbff11a9f33ba3e394819f13cd190e7f21450

SHA512
a8e86f6033ac3a6897a54c86cf03a5873438104be583b4e951ede675afd622f824ff03100387e32372ddb7e479fa847663fcb91a4498586c5a59ea836863af96

Download Submit
C:\Users\Admin\Desktop\GrantWatch.emf

Filesize
348KB

MD5
7dc4af0e6ab9b22c486c2ef835a4953d

SHA1
225c362ca0f8bd9353977011e865e9ced7074959

SHA256
b10967f0219733e6553d4f26cbedf3be8c3c8ff93d468dec98d1a9c8c7e5e115

SHA512
d6710af91759d45a63af5bbd4a36f7dbf903a6fd80bc04ab4edac295ea0b1e9a29d2663a6c6ac496222728514a573b541cfd7151b8fc8ed32ef597449f36b407

Download Submit
C:\Users\Admin\Desktop\InstallRestore.txt

Filesize
487KB

MD5
fbba9844e6020770d01818b494cd7181

SHA1
26003e2af56b917a2eb7e76ea046de713c0572ea

SHA256
773d6e5dcde5d9820043a692863983780fb79b0e65c4be1f1fe79ddfaa18f75b

SHA512
d4239bcdd6c6d86b8f743acf31f28b58de7371cd448c03fb7f69f22caa63799ab0d6efceb584c133e0a27593d4567c85ad7f7656b38f581f4acd3a0b5e48a928

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
0a2f2a8b02e5e2a4b386ad03b0a4f0df

SHA1
405819b740870668c200aa590d53822335d6ca64

SHA256
aa56f9e8e85ce691f6ab85ca166d51076716dad78bcaee16c6e7a1b37a77d72a

SHA512
7237d7311e1eedf3a37f60cf72cf29de3e54a05817222899d17307705db33f0f347511245957a9217439fb9311f29deb8b53fbdde74bf3456d30c9ca05e1334b

Download Submit
C:\Users\Admin\Desktop\ReceiveApprove.ppsm

Filesize
332KB

MD5
07a047609f9ccebdfa550c9d869fa03c

SHA1
e1c7e87f8b46e442a02a13964ed80aaaf29708b6

SHA256
d63ff2f96f6e30eb6a50d1187c67dc23f0f45a9ee7947d7d90666f773f8dacd8

SHA512
a6fe0f9f6232fe81aafee12d7a2153f7b12b6fc40bfa47de23b3710767434579d186d117a8dbcda7884e791f05564054f1bea0233b9c20e2d004ab04a0808c6e

Download Submit
C:\Users\Admin\Desktop\ReceiveSelect.jtx

Filesize
472KB

MD5
d85d8467875cbcc438be68506fdeaf6d

SHA1
653c3086c2eb420f5039bcf1c60bf975f08ba60a

SHA256
825571def7e0dd3144b6234af133782de4a2b61e8695bbeb4b3928726a3b1287

SHA512
53ae984403c34fbc34fb7d0e15581d1d97d4e28a34a7d122a603a55df4095d2b248cc7d4706000f3cc3d88f17f223f5098a2f1a8d7740f2cd375bff7272422b0

Download Submit
C:\Users\Admin\Desktop\RegisterInstall.ini

Filesize
286KB

MD5
32f3e38857bd4c3e53cae0867b66a3d8

SHA1
6b510ddac91466c57c5029fa5a150c903828643e

SHA256
3691b53af1f5897bdf64ef2ad3d5b808555727568cad41d886198cddd6ac4ec3

SHA512
5673e1cf243dc082d01e9ae9e7cd8b29d192ba81b3fd44511c5894b2a46fc64290edfd7156699539600230daa2676338efe4f22ac8832f2c4f9cdd50bd7b12ff

Download Submit
C:\Users\Admin\Desktop\RegisterTest.xlsx

Filesize
10KB

MD5
2a1afb6bae2c79b7688cbb360d7dc24a

SHA1
5898906c40b554ad6524a6954f6c4ff141e4bf65

SHA256
d03700c1c14e4bcb338ad6ad108535949d73b8519703fdc189fb73fc09e84ea1

SHA512
58c158fa818af54655cf23a003dd535f6aee7f50d612b4b615ed9ab97aa806f475b6e5af37e22d05807626bfdbb570d33507d2f0f6406f1f68001dc15093e28d

Download Submit
C:\Users\Admin\Desktop\RepairUninstall.vdw

Filesize
441KB

MD5
dd25a35a239b5265e063bfc43f7f7109

SHA1
651cc890245a30c166a27eeef39a48d115c5e0bc

SHA256
19720003d7bb28f9475d0e59c528c0ef5478bdfcca89230a14cd26767556b138

SHA512
a298c0229d3830af2ba80235cb481026423accfa8bb2ef35e6d878539ab4ec6d08ec7cc7b8867cd5e131978f335adc3fa801c9bbc2d218daac7d05588a7fd4af

Download Submit
C:\Users\Admin\Desktop\ResolveFormat.i64

Filesize
363KB

MD5
9526a2b7a3f46ddbeb5ea951f6efb8de

SHA1
a63860e34f83b22dae7bd1ba804b7efb3cfa4ea3

SHA256
178e86b6c00042f67c7181d5b1c626a047563d4f9b22687c95632c11382c1856

SHA512
4202c34f8166b1a1c0f97527b31c53c76f4920b55add4eeff5f3cf0204785a4fb651564698bd06f45ab8a8599d90bee727da67d0b02f202a2d326f40bb41bb1e

Download Submit
C:\Users\Admin\Desktop\RevokeDeny.ico

Filesize
209KB

MD5
7ed2de709bc7151c63c6d7ca8aa0aa16

SHA1
e6e68174e192f9035ff9df92d1164f04ddba6a7c

SHA256
185f0af0d297a4627efd2ed162038e166b065fde1aaff52d25780f3d074e20d6

SHA512
dd028d7576ec81a5f02265eadde47ac007c39f9a4a9852d40b50a1c98865c6279b152f81ed032bf6ca9213f4a7b5c9cd3d61308e04203b7f82ab67efc69d781f

Download Submit
C:\Users\Admin\Desktop\SaveResume.m1v

Filesize
394KB

MD5
8c65b388447ac31d2c02102db8d28ea4

SHA1
2fbef6651602610f4077ba9d2c888f2c5d4286ce

SHA256
d2fb1c1f02169de449e61c5c665cf8d446d42b09031602b0a487b190f837944e

SHA512
6704b9e436934854e7b8c6bd8c80f625319b8b4b315bc3387242674685fab6062fb8199fc2c0ed53ce74c0b1aa2de14d78e57aec5c9c239889cba8c78f00878e

Download Submit
C:\Users\Admin\Desktop\SetNew.html

Filesize
425KB

MD5
9eb2e7f382a547e312021e36bbc90720

SHA1
b1d43abc721cf0bab7b8c9c5d48e305bb25597a5

SHA256
b5bdce57de5820b67dc3b6e6869d617193bd7e4c9167a5e96895e0fbe27516df

SHA512
cca3c34b42d9dac52968ee8bbb0b5f670fdd6a2d858dc7e58cfbb9363ad177eef5247c2efe105af17fa69fca7c9bb090c5135b48b72501fc69dab75f72c136e5

Download Submit
C:\Users\Admin\Desktop\TestConvertTo.M2TS

Filesize
270KB

MD5
0a7ce2e74c2a1dcc886dce645b2e77e1

SHA1
a27244f814be37899064a607a004a8d30425e99b

SHA256
4a6dc9fc6de8ecf69f68b4a576a94b77471727988c814a50bf9e8899bf150263

SHA512
895fc69b6525e87d955c3fc553bd689b7e16e98e23aba656809fda76df9baf70d80b284292f7dafdc6d5502459c2ba7c53a30385c6c8acca2c31145d5ecd174d

Download Submit
C:\Users\Admin\Desktop\TraceAssert.ods

Filesize
697KB

MD5
b047b430819375b40411bcb812682c40

SHA1
54ebe28b4f571dc2089b6264b3c5f70ff49acf5e

SHA256
214dc2cf798bc839f91a8daeb67dd2d8cfa492b5abddf2baf1f2562b1dd04dee

SHA512
1519cef413833ea9b86ee4446bba9d58b6e50df78c23581593ab2e0c927f48887b3764bd935ec283e779d78d9e86235cb7b84698d86d3b2a9631e113d127b9b1

Download Submit
C:\Users\Admin\Desktop\TraceResume.7z

Filesize
193KB

MD5
8485964519be155a9e1c1b93b7afefd6

SHA1
ba0a71bd79b0e207ffb4af1f075701b9117ba4d9

SHA256
9a1edb51f59a41e26c90346ab66934cacdcf7e127d971b8b718edde7b8a4a4d4

SHA512
6ed644b042b50cf90ddc4b074b589b734b8d58e65725538793faab72b2bac92d9142cb0409ffebcca7ae11427d43ceea166cd56aa979841bcc176101a35f08e5

Download Submit
C:\Users\Admin\Desktop\UndoClose.gif

Filesize
317KB

MD5
1dd8380ac050c3a2345f9187bb64092a

SHA1
c50a91ed139638dd461044d0847b9255bf8bfed3

SHA256
d202593c793e8e2485479889200df6584ca7297c69383a57f220917e102abf09

SHA512
f7f91d3a013043379c397f70f7e79890868cc222010e181458bc358fb03e1dbbd41d2b495a184944c2744d09e8f4742b02ee690c0a70aac54931c10e18921bb5

Download Submit
C:\Users\Admin\Desktop\UninstallPush.dotx

Filesize
456KB

MD5
ee2d5879291fe28c094a2439afd828de

SHA1
6cf09190786033be22ded1f2032ca0611ab9bc31

SHA256
d28fd46f5aac7ddd2caa986ed151a975860bd8805cfe95d591eb2b7491ac870f

SHA512
01ad3ab632c925aa9876aeb88229e89e7888af6b210dff9e73e8a7c3ba9027b28c472031e8582d25ac049deccd7e052987c6a3ec66c240858315b29313560b39

Download Submit
C:\Users\Admin\Desktop\UpdateRestore.wav

Filesize
410KB

MD5
c8373e60c87a3350aa65e3da7c9c893c

SHA1
5f2e2d3f5980c8120e90c636104a5b40db5ae553

SHA256
3aababca09f5c6cac3e3ce7e40b0f957d8053318e04e89e560b8f447040b45d6

SHA512
0f23cbd98572c2de8abd8f966ea19fae1c555f81adc1a6fafe15e1d5212dc9f1c50759f8ef795129161bb9efae543cfd9d4b6944ba74f06918db4d3114344a16

Download Submit
C:\Users\Admin\Downloads\Updatev4_4.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1616-306-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1616-309-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1616-308-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download