039004b76a1bc5ac020958256bdcf97f1464398c13b0be2e0d0078f1aee8b3a7

Analysis

max time kernel
20s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/12/2024, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lonelyscreen-win-installer.exe
Size

538KB
MD5

64da00119c76c6e1d75f059ffc4a772d
SHA1

ebaebff7db60430cad107d4efc45654d43f98075
SHA256

039004b76a1bc5ac020958256bdcf97f1464398c13b0be2e0d0078f1aee8b3a7
SHA512

d13544aa2ee6060510c0f906e3f174a4ec40878f36193a99d6c527b62fa6a379115e965e272069b0e3f0479df16e6899a096ede37fb0832262c72d3d24f824f3
SSDEEP

12288:AS3yBV888888888888W88888888888pKfXGU69eTutORzK/AA9i6Zub02O9HtFbl:/3yLKfXG6wZ/D9kqtZaTq

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3256	lonelyscreen-win-installer.tmp
2256	setup.exe
3716	setup.tmp

Loads dropped DLL 1 IoCs

pid	Process
3256	lonelyscreen-win-installer.tmp

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LonelyScreen = "C:\\Program Files (x86)\\LonelyScreen\\lonelyscreen.exe /start_context sys_auto"	setup.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\LonelyScreen\LonelyScreen.exe	setup.tmp
File created	C:\Program Files (x86)\LonelyScreen\unins000.dat	setup.tmp
File created	C:\Program Files (x86)\LonelyScreen\is-TSB2U.tmp	setup.tmp
File created	C:\Program Files (x86)\LonelyScreen\is-HA8UD.tmp	setup.tmp
File opened for modification	C:\Program Files (x86)\LonelyScreen\unins000.dat	setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
3912	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lonelyscreen-win-installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lonelyscreen-win-installer.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3716	setup.tmp
3716	setup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3716	setup.tmp

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 3256	4392	lonelyscreen-win-installer.exe	84
PID 4392 wrote to memory of 3256	4392	lonelyscreen-win-installer.exe	84
PID 4392 wrote to memory of 3256	4392	lonelyscreen-win-installer.exe	84
PID 3256 wrote to memory of 2256	3256	lonelyscreen-win-installer.tmp	85
PID 3256 wrote to memory of 2256	3256	lonelyscreen-win-installer.tmp	85
PID 3256 wrote to memory of 2256	3256	lonelyscreen-win-installer.tmp	85
PID 2256 wrote to memory of 3716	2256	setup.exe	86
PID 2256 wrote to memory of 3716	2256	setup.exe	86
PID 2256 wrote to memory of 3716	2256	setup.exe	86

C:\Users\Admin\AppData\Local\Temp\lonelyscreen-win-installer.exe
"C:\Users\Admin\AppData\Local\Temp\lonelyscreen-win-installer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Users\Admin\AppData\Local\Temp\is-0V01E.tmp\lonelyscreen-win-installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0V01E.tmp\lonelyscreen-win-installer.tmp" /SL5="$602A4,164153,114176,C:\Users\Admin\AppData\Local\Temp\lonelyscreen-win-installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3256
- - C:\Users\Admin\AppData\Local\Temp\is-43TC6.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-43TC6.tmp\setup.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\is-BVNC1.tmp\setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-BVNC1.tmp\setup.tmp" /SL5="$701EE,7573378,114176,C:\Users\Admin\AppData\Local\Temp\is-43TC6.tmp\setup.exe"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      PID:3716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.lonelyscreen.com/installed.php?version=1.2.16
        5⤵
        
        PID:2456
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xcc,0x108,0x7ff909cc46f8,0x7ff909cc4708,0x7ff909cc4718
        6⤵
        
        PID:3748
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
        6⤵
        
        PID:1988
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
        6⤵
        
        PID:1792
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
        6⤵
        
        PID:676
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
        6⤵
        
        PID:4388
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
        6⤵
        
        PID:3272
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
        6⤵
        
        PID:2704
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
        6⤵
        
        PID:980
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
        6⤵
        
        PID:2608
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
        6⤵
        
        PID:5064
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
        6⤵
        
        PID:3912
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
        6⤵
        
        PID:5216
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
        6⤵
        
        PID:5224
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,5388490295329595002,13569265348676316442,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
        6⤵
        
        PID:5604
- - C:\Windows\SysWOW64\msiexec.exe
    "msiexec.exe" /qn /i C:\Users\Admin\AppData\Local\Temp\is-43TC6.tmp\bonjour.msi
    3⤵
    - Event Triggered Execution: Installer Packages
    PID:3912
- - C:\Program Files (x86)\LonelyScreen\lonelyscreen.exe
    "C:\Program Files (x86)\LonelyScreen\lonelyscreen.exe"
    3⤵
    PID:464

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:1672
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding B9091D8E6BDE074F7D2BFED2BCE8540C
  2⤵
  PID:428
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9EBDE80F1AF05AC9A8079C4CEB96EC2E
  2⤵
  PID:1504
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D12E8A4AEBD9DD7F01E7F77C3D1E0941 E Global\MSI0000
  2⤵
  PID:2668
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Bonjour\mdnsNSP.dll"
  2⤵
  PID:3884
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"
  2⤵
  PID:2620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Program Files\Bonjour\mDNSResponder.exe
"C:\Program Files\Bonjour\mDNSResponder.exe"
1⤵
PID:4272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57f5dc.rbs

Filesize
126KB

MD5
399e18c50afe377358ac6aaea07f201b

SHA1
dc39a87ffbef909d53e272f2b599fcc8c15e4df7

SHA256
98c313557af794a16b67746d21e293c8954f527f228cbc46580e71fa01d82835

SHA512
b60572f3230bdd9500f7fa76e464e79767676855570854cd8d48d5af6a6f3ec138c4c9a9f9e76a30ee3064d79b4262a2a3929dc76fc795d6e0d00a0593f687cf

Download Submit
C:\Program Files (x86)\Bonjour\mDNSResponder.exe

Filesize
381KB

MD5
db5bea73edaf19ac68b2c0fad0f92b1a

SHA1
74bb0197763e386036751bf30c5bbf4c389fa24e

SHA256
10f21999ff6b1d410ebf280f7f27deaca5289739cf12f4293b614b8fc6c88dcc

SHA512
63b718288c266debf3f58ac1a62cdcca6f09350616d53a406271d8f4fe6144751eddf7b7ba2dbfe79cfda671ee5afbdbae5798204edaaf4f0391895b824ae7c5

Download Submit
C:\Program Files (x86)\Bonjour\mdnsNSP.dll

Filesize
118KB

MD5
40947436a70e0034e41123df5a0a7702

SHA1
6c27e1dd1c1533feb6435190a5074300ac2a9822

SHA256
5d40fd92da5ca59c1badb58ad509db6a6d613f18660a9a270a53eca85d34c3a9

SHA512
ba5634cc82f306245f9f0350bfa0b91e2f5ffc6c355b1452a95483f47e6acdb42c4e063f6c15115faf0f0630005df4fe8ef0e01539c270031cbd07a34a929704

Download Submit
C:\Program Files (x86)\LonelyScreen\LonelyScreen.exe

Filesize
22.3MB

MD5
a3ff7e328f41f4a6af82266bfe12036f

SHA1
79f0e44415ffe74b320dfb27c8988d326dc80b2e

SHA256
9f2a9f89adda3003c587e4a9bdf5decf3260beefb135180e44845aee7730f731

SHA512
472625b9ab26e83845a72423722e4b1286dce950597a52e95dff385bb33c1a1e4870755f273c8a02dea0793d04bdad7779cc05c786dff7ed624f5feb46d0a803

Download Submit
C:\Program Files (x86)\LonelyScreen\is-OS6AS.tmp

Filesize
1.1MB

MD5
cc8b164c85cc68a2e6e0d10e452ef68b

SHA1
fed79b50a5f03c0e33071ff849ea19dfdaf3c464

SHA256
20590034969e110c4fba1d065da8ac53dad79f5b8a9bd68780164207a170c749

SHA512
bee540ceb2b1de587872cdb963d2c754ac4ba0f3cac8026c3d7c2882aae0bfeb31babae927361b2ef5484ab2085b4a19914cc99a504aafd3f08c34f9f626699d

Download Submit
C:\Program Files (x86)\LonelyScreen\unins000.dat

Filesize
6KB

MD5
b4220ebd826c632cdc8d3ad8a5a144b4

SHA1
533a1b674d094165e76b73be063cdc7ada726be8

SHA256
c867a898cc0f8367c96e62623561de09baef8c197da986c45ab52ae2dce5a757

SHA512
471057c205841432eceddcfd4a30b168e608bef86e38ba764a6f18d8236220cb718044a59fff89f295967dd9cae9524d11d464d3bd7c5820dc69f023f26ce060

Download Submit
C:\Program Files\Bonjour\mDNSResponder.exe

Filesize
451KB

MD5
ebbcd5dfbb1de70e8f4af8fa59e401fd

SHA1
5ca966b9a5ff4ecd0e139e21b3e30f3ea48e1a88

SHA256
17bffc5df609ce3b2f0cab4bd6c118608c66a3ad86116a47e90b2bb7d8954122

SHA512
2fbfcff6bc25461e7c98aabdae0efb33f2df64140aaf4b2b0c253e34294e1606077ae47b000ebababb3600bd4d9154a945036c58e4e930da445a0dda765ac8a4

Download Submit
C:\Program Files\Bonjour\mdnsNSP.dll

Filesize
129KB

MD5
f9d908de6b166dac9b89bf62fa291ce8

SHA1
938b53238291fc41ae852fdde51eed7a2bff0604

SHA256
d0a918ad60221623bb0278ea94cd6938744617fdbb2054968afafc2940648f02

SHA512
6643a7066974abfd5904df73ed225fd5eed4a84341b12199b6eb9a8a2ad234dba865d50f8ccff8a88002ce4c6ae2131745cf43aac88a3a0a66b596fb0d93e56e

Download Submit
C:\Program Files\Java\jre-1.8\lib\ext\dns_sd.jar

Filesize
16KB

MD5
ca086bb31b598febd7e8d44daf14714a

SHA1
4838808e80df811cfb2bf7faf361b3cbc16f9f81

SHA256
3818abdee5b1d3d77ae4a5ace25a638b2d7d624605f8e8ce14dd6d4c6639c00c

SHA512
54188bf433a0da1b6b8f6f881af6d681a6bb629693191c7ee46f852953529cb94dfa894aca574e1cd7355985ea8d6187e7694c8144ea1db880922676f0dfe0c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
734B

MD5
e192462f281446b5d1500d474fbacc4b

SHA1
5ed0044ac937193b78f9878ad7bac5c9ff7534ff

SHA256
f1ba9f1b63c447682ebf9de956d0da2a027b1b779abef9522d347d3479139a60

SHA512
cc69a761a4e8e1d4bf6585aa8e3e5a7dfed610f540a6d43a288ebb35b16e669874ed5d2b06756ee4f30854f6465c84ee423502fc5b67ee9e7758a2dab41b31d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E73DB4BC7EC7D53DAA55B0E346CCF24

Filesize
504B

MD5
6d7156f568dac461c6b6bb85c568132d

SHA1
748c85211bb93f33ee9fdfa91e768b3c753c3965

SHA256
8d5f5b5b6dafa8e98bf1494d23cfc649dcfe19a7f498c7650a4d6ee4c23e81ef

SHA512
2c9412c11dc2b52bfc640b462e1f6b1e2604ca647021504ff07b64ed72d2df69ac3d2711acba53f502443a2ab3052840a62707809d7bcf722e1646d6c434912d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
cb1ca0a9334dff3dd29ad5d240da020b

SHA1
0288046d031d6046736636115a8ef32e07ce43c0

SHA256
afc22b5b08943c38f2a80244603bf4f55a14068729d61cb894d1fd3f05f6fa1d

SHA512
da09d99e9c33d7ca179ccb229ebd476a39f12ae3cf8e594ebf4c83db7b0a787772cdd844ab0ec70c8062213f0f8ea7e4f8350574b82da11a89ad507462680cd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E73DB4BC7EC7D53DAA55B0E346CCF24

Filesize
546B

MD5
3fa67f1dbbbe44b4fa953d2b11ec8278

SHA1
786baf690bb273dcbdf9071ef7ec555de001f441

SHA256
44870febc9be8efcd55493448050e60d4b85b417c8447d39ced6eef8b3e04062

SHA512
13090d691b2806c3058a560acaaacdfa7f653433606a38f4f314cb3e2b4b9c2e5e44280e352742b9d7439471d6720227cee38692a14817c62fcb21d8e8f304ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
958243c8d1b494fbe238124c3ba5d982

SHA1
aeab22c598b0b5b5408bd045b0869366d666d6a3

SHA256
c1e2d9aaf1a133efbe658ad53531fbaf5270c84212ace11669409d4deeb6b6d4

SHA512
10cd3a5f876cb6eb6ac2f58b08d7e3fd18bc7f1b232218527d668fbd0e2f3a39d71f5d0cf8d36d2d4e0d1b282ada282b305ef6bb3a90eecc3e77691a0c4d07b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
357fd01d6e8ef8c9af5af827f2bd8eed

SHA1
a1e06419df55e49b098b9dad279bbc73a771e81d

SHA256
4cf583a43b6d600cc6749675c49a8c089412370f751f3d0fe17a4ba90dca68f7

SHA512
e00486c4d5c8e396cff47ae6b003af4ecc1f7209af919419a5d8964c3b985fc10c64ea426799667747ae12645a93a79abe7bc9f2d199e442b763955a3e5d39f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8486f88c3939ed6f7707822f017d071d

SHA1
3fadae3f330525d216c4492b18d7f113880199ee

SHA256
6c19f373102657ef6f9409a01e5de96e7322d5ca96e731c7c12b9c40ade9e820

SHA512
932140a0f0b62da891567ce55afa7c88ef06bb4fc70e1c7ec73fd2a67b2ca41dbdd133ca6d09009119cbe9cb0353d9ad533104afe6cb1d8a122b100da4dfe32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
241d5bc506e9500e3cc413506aecf0ec

SHA1
a6927f167d556bae1814846c843a70c1d4fed97f

SHA256
89cc29ae2ec366a52beaab04e758813cf1f35b8d9012c46a3bc7cfaa63e48155

SHA512
5a4ecc322921d814062a5d568b141559899a5d2f9d4442ac17ec62a04d63fc4934de1651f75d0460cf1da5a5424f9cd3a4f8805d57a27ddc074f64ba54153c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d1670914cac5688455d6881aedf1291b

SHA1
2d73dbcf1d3b97bc18b8f4d5d6c4a1fa50e9ce0f

SHA256
1dedfc45c0656887999d0595f6d30b68b79fb02234cb6b21379378a9cc734eb0

SHA512
e89e05ef1cd92de93bc97a880e1dc3cbb9ceace9284c1a4f61ba99eb6c584fd93d5a1789acd9b6474cd5ab037372ed8d90d7ceb034856f5f2de9803d9d434624

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0V01E.tmp\lonelyscreen-win-installer.tmp

Filesize
1.1MB

MD5
f120c361b527a9d090782300aa8f1ce5

SHA1
ed82441da0dc7a5695ef96839fc2aea0f0c7e376

SHA256
9209a83ac4b0127081327b6e03960e2a4325dbb31f0bba2b56dfb785583f9825

SHA512
60fc418c4296f67b923e1fff4e6034ed41eeba61604b14d560cfd84e7476b59311c6029aee7ee602d8fdc635107855e5c05dcf6a0137c6ba89db7134e63e5555

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43TC6.tmp\bonjour.msi

Filesize
2.6MB

MD5
8dcf5c9eaacdaf4568220d103f393dea

SHA1
27f68596398b68ba048f95752b4eeb4aa013c23f

SHA256
53be81cc6e2dc95a1041e8f3d8f500fad4259ab20a1aac151b5fc7a64d354a93

SHA512
10f8ffb6fa5e7163f0a83190ddf211479f12e16635389b49ac041eceafd7f04c040d830065adc89b1003f38d8381851c09150a5bc8edced6ecae8ee5ae801088

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43TC6.tmp\isxdl.dll

Filesize
131KB

MD5
16881920cbe9ddb46c3ef29ee405a857

SHA1
0f76cffc2e57cf5c481a8015d203b96638d36ef5

SHA256
59abe5f46020cb56e1079df8dc1145b2033e4b1459ae3d92f637064a6b618bc1

SHA512
f07d1f4133a2ba2bda92fa6f55360fae73e44b97756ee3044f31af5f9e01cda34e7efbb1520c0b5aa2a496edc03ed4fefdc4ad419c1028b1ce6457b69aabeba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43TC6.tmp\setup.exe

Filesize
7.6MB

MD5
7a2f16b1053362d8e8edae5e320dd4d9

SHA1
8cda4387a93287f38d2b48fb109bd54a77bcdcf9

SHA256
d2c7d87fad0c0fa94a4e2acdca4524cda696f2fd0c53ea9ddbe927da839707fa

SHA512
2277ee7ac98560093a652019bf3a2fb18f02718580ef6711532498aaa17b87705266ed83093ffd4cfc73ec608a76359336a1780586679838633ac403bf683bcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L03JG.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Windows\Installer\MSIFA00.tmp

Filesize
75KB

MD5
08c031fa82a09aae1079378669678fe6

SHA1
b109251d2fef08bd446be0c92369e6f11eb67093

SHA256
8764d060558a9d4ef24adb43201d5178033171a649ad497f79ce3b6cc8eda98a

SHA512
d133a7c02ee8e6e4a971ed4a6537c11cb58516a5ac0501672169805f7b97591d7cffd3a72133bd1df4b8d8a4f4965ddf324a83cd9be0d8af15e646a121e2ea4c

Download Submit
C:\Windows\Installer\MSIFB4C.tmp

Filesize
75KB

MD5
6f8e3e4f72620bddc633f0175f47161e

SHA1
53ed75a208cc84f1a065e9e4ece356371cac0341

SHA256
2adf199f6baf245f0b07d31a3a1401d4262c3e6c98b8f10df923ceb2c937291e

SHA512
80187277e78f59b7ea71ed3caa55452e730d93b8c296d5820d470776a428cbb7e7fead87240e811436f85e4d89df2b9f31d6d16658d21abf59395cab7074a869

Download Submit
C:\Windows\SysWOW64\dnssd.dll

Filesize
71KB

MD5
062373995eae5f0eac9eaa9192136bfb

SHA1
b421e274da7d34aba8bf09ec2d3e7b4a01392b84

SHA256
0392d5656bd677c4c5cb74c96e7b85b0867f2535a37950aec7f5c4a1a70d19ae

SHA512
89c01c6c0abb7462a0dff6d9d03141f5dc42d08fcb22e44e532d8a87dd9d8c7db2fc272a1a52a147645e54d0116db94878fedc81f5fe4e5bf7d15292d95b2b88

Download Submit
memory/2256-66-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2256-36-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3256-266-0x0000000000400000-0x0000000000529000-memory.dmp

Filesize
1.2MB

Download
memory/3256-74-0x0000000000400000-0x0000000000529000-memory.dmp

Filesize
1.2MB

Download
memory/3256-27-0x0000000000400000-0x0000000000529000-memory.dmp

Filesize
1.2MB

Download
memory/3256-17-0x0000000000400000-0x0000000000529000-memory.dmp

Filesize
1.2MB

Download
memory/3256-7-0x0000000000400000-0x0000000000529000-memory.dmp

Filesize
1.2MB

Download
memory/3716-41-0x0000000000400000-0x0000000000529000-memory.dmp

Filesize
1.2MB

Download
memory/3716-63-0x0000000000400000-0x0000000000529000-memory.dmp

Filesize
1.2MB

Download
memory/4392-2-0x0000000000401000-0x0000000000410000-memory.dmp

Filesize
60KB

Download
memory/4392-267-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/4392-28-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/4392-1-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download