Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://youtube.com

windows10-ltsc 2021-x64

10

Resubmissions

16-01-2025 16:52

250116-vdsk9azkbz 4

10-01-2025 23:03

250110-21qhqsvjhq 10

03-01-2025 12:00

250103-n6cxyaslgx 6

31-12-2024 13:41

241231-qzejasspft 10

31-12-2024 13:34

241231-qve92avmgm 6

31-12-2024 12:13

241231-pd59fsskgj 10

30-12-2024 19:05

241230-xrwaeatqdn 10

Analysis

  • max time kernel
    257s
  • max time network
    255s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    30-12-2024 19:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://youtube.com

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://youtube.com
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd3c9b46f8,0x7ffd3c9b4708,0x7ffd3c9b4718
      2⤵
        PID:4444
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        2⤵
          PID:4432
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4840
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
          2⤵
            PID:468
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
            2⤵
              PID:4304
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
              2⤵
                PID:4492
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
                2⤵
                  PID:3812
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                  2⤵
                    PID:3676
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5228 /prefetch:8
                    2⤵
                      PID:4412
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5788 /prefetch:8
                      2⤵
                        PID:4144
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
                        2⤵
                          PID:4784
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                          2⤵
                          • Drops file in Program Files directory
                          PID:1080
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7c04e5460,0x7ff7c04e5470,0x7ff7c04e5480
                            3⤵
                              PID:2352
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2492
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
                            2⤵
                              PID:3176
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
                              2⤵
                                PID:1940
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
                                2⤵
                                  PID:5560
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                                  2⤵
                                    PID:5568
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6332 /prefetch:8
                                    2⤵
                                      PID:2420
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
                                      2⤵
                                        PID:6032
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
                                        2⤵
                                          PID:4908
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1956 /prefetch:8
                                          2⤵
                                            PID:3900
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
                                            2⤵
                                              PID:5408
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
                                              2⤵
                                                PID:3280
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
                                                2⤵
                                                  PID:232
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7180 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4612
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
                                                  2⤵
                                                    PID:5164
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
                                                    2⤵
                                                      PID:5728
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3076 /prefetch:8
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:2772
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
                                                      2⤵
                                                        PID:5264
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
                                                        2⤵
                                                          PID:4308
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
                                                          2⤵
                                                            PID:3088
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
                                                            2⤵
                                                              PID:5104
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5204 /prefetch:8
                                                              2⤵
                                                                PID:2152
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2916 /prefetch:8
                                                                2⤵
                                                                • Modifies registry class
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:4716
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
                                                                2⤵
                                                                  PID:5556
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
                                                                  2⤵
                                                                    PID:2276
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
                                                                    2⤵
                                                                      PID:5360
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14692052880473236411,10804553574514858087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
                                                                      2⤵
                                                                        PID:2628
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:932
                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                        1⤵
                                                                          PID:1572
                                                                        • C:\Windows\system32\AUDIODG.EXE
                                                                          C:\Windows\system32\AUDIODG.EXE 0x170 0x2c8
                                                                          1⤵
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:4032
                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                          1⤵
                                                                            PID:2980
                                                                          • C:\Windows\System32\rundll32.exe
                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                            1⤵
                                                                              PID:4660
                                                                            • C:\Program Files\7-Zip\7zG.exe
                                                                              "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\TieLoader\" -spe -an -ai#7zMap5685:78:7zEvent28992
                                                                              1⤵
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:6044
                                                                            • C:\Users\Admin\Downloads\TieLoader\TieLoader.exe
                                                                              "C:\Users\Admin\Downloads\TieLoader\TieLoader.exe"
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Suspicious use of SetThreadContext
                                                                              • System Location Discovery: System Language Discovery
                                                                              PID:5804
                                                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                2⤵
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:2324
                                                                            • C:\Users\Admin\Downloads\TieLoader\TieLoader.exe
                                                                              "C:\Users\Admin\Downloads\TieLoader\TieLoader.exe"
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Suspicious use of SetThreadContext
                                                                              • System Location Discovery: System Language Discovery
                                                                              PID:1196
                                                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                2⤵
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:3816
                                                                            • C:\Users\Admin\Downloads\TieLoader\TieLoader.exe
                                                                              "C:\Users\Admin\Downloads\TieLoader\TieLoader.exe"
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Suspicious use of SetThreadContext
                                                                              • System Location Discovery: System Language Discovery
                                                                              PID:5936
                                                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                2⤵
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:4448
                                                                            • C:\Users\Admin\Downloads\TieLoader\TieLoader.exe
                                                                              "C:\Users\Admin\Downloads\TieLoader\TieLoader.exe"
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Suspicious use of SetThreadContext
                                                                              • System Location Discovery: System Language Discovery
                                                                              PID:2052
                                                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                2⤵
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:668
                                                                            • C:\Windows\system32\NOTEPAD.EXE
                                                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\TieLoader\log.txt
                                                                              1⤵
                                                                              • Opens file in notepad (likely ransom note)
                                                                              PID:4824

                                                                            Network

                                                                            MITRE ATT&CK Enterprise v15

                                                                            Replay Monitor

                                                                            Loading Replay Monitor...

                                                                            Downloads

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                              Filesize

                                                                              152B

                                                                              MD5

                                                                              b03d78ec6b6f6bfc8ce2f6e81cd88647

                                                                              SHA1

                                                                              014cb7dc4aa1bc5d2cb4ec25ec58470baf5b6741

                                                                              SHA256

                                                                              983928a84fcf0791614cc3d17d92d62ffbed0bf0f141d7544d0cc762977a3905

                                                                              SHA512

                                                                              4699916bdfa5776d72ad2643fad072a7a19783900608290bd1246a19624d61b58a1d80eceb74215b7198aaf04c526fa8703d38f3c5fdcc1add19b87508685ce0

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                              Filesize

                                                                              152B

                                                                              MD5

                                                                              95ba0df0c4c417ae5a52c277e5f43b64

                                                                              SHA1

                                                                              7c3bf3447551678f742cc311cd4cf7b2a99ab3be

                                                                              SHA256

                                                                              fdaa82c65558793b81117a66acd5645d4072f6b71f164ed2717a17cab6e727ea

                                                                              SHA512

                                                                              fcb35a1949664f218ae40c25fd6eaefc4ba6417034a522f0800c50ee78e530c33080faa73ff9ea82f35749d404d6b9c94fc7e8e224689503e699a5ec2b0d5abb

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                              Filesize

                                                                              152B

                                                                              MD5

                                                                              8744dd6f0b750431cb882d4cc3f29661

                                                                              SHA1

                                                                              5985ca2812295a631d572af10ae836a5fbac9077

                                                                              SHA256

                                                                              c203906d7c794789b7aa24521ff6645aa15d3cf789370c08ce80a04cc0644359

                                                                              SHA512

                                                                              b957f36bcb438d669fba407150a81dc5d6da48930931ec03caefca8bc0cb666448582bbf5b80abaa97358bc183fc1aba82818983b2ed9ccde16911cc7c5b5ab0

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
                                                                              Filesize

                                                                              139KB

                                                                              MD5

                                                                              172fb65f46f228f67fffa25ff6e5ad9c

                                                                              SHA1

                                                                              25233d0153dd248efa9bce46ed427c68507cc3dd

                                                                              SHA256

                                                                              9cd88e83ae3d9ce6c3c7533295533b9205d78c153dd69bf9dc6a50afdb1b5834

                                                                              SHA512

                                                                              1d126c316f4d47a6340b96a09c9d2cb285fcb6ed75a4751e6fc9c816aa83a311a2b1620de1f1392452fa5db9ab07e123f9f0078d5ef6d3da2157c3f8a8c0f908

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
                                                                              Filesize

                                                                              215KB

                                                                              MD5

                                                                              d79b35ccf8e6af6714eb612714349097

                                                                              SHA1

                                                                              eb3ccc9ed29830df42f3fd129951cb8b791aaf98

                                                                              SHA256

                                                                              c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

                                                                              SHA512

                                                                              f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
                                                                              Filesize

                                                                              20KB

                                                                              MD5

                                                                              87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                              SHA1

                                                                              eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                              SHA256

                                                                              e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                              SHA512

                                                                              37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                              Filesize

                                                                              48B

                                                                              MD5

                                                                              31fae1abc1f0933a798cf13b244fdef6

                                                                              SHA1

                                                                              cbd2ba1475a145850d5cc6ff8d01466f5673f7d0

                                                                              SHA256

                                                                              d8e6b0ac454d71becc0142ea77c8c8833ab6b12da1fff2c26fcc207f74690992

                                                                              SHA512

                                                                              5c567cfb7d4af605df19a690e9cb5ab29ad93d2fb5e8b0d03a56e004a948acefee88400aa69bf707428caa96f2c364be40943222316b32cecff9130424a7abef

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                              Filesize

                                                                              4KB

                                                                              MD5

                                                                              0e6cab46dc0011bfe0db4ccba7be9ad2

                                                                              SHA1

                                                                              60faced9aa30f5385d53f02a4f3cb040179b85a1

                                                                              SHA256

                                                                              0f1c897d73a4cfe1a4ffdf6940186a01feb88a2aa265cdf2bcbfc45716151847

                                                                              SHA512

                                                                              2491a5bed35dce2befda489822b651a61aa18b42740336448fe8d2a22f215acef99edaa08c6a85bc044f87eb13e289bd58f5e0de1a0fa8579e65c7781dbedc54

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                              Filesize

                                                                              456B

                                                                              MD5

                                                                              ff8c143b6eab012029693b387ca1cc9a

                                                                              SHA1

                                                                              6a6640f5c1d03c552d25eb2329e2a9dabd0e7b0a

                                                                              SHA256

                                                                              e4e6b6e084f66f29099afe54f0948812f55f667595e5004a68a7e0cc13ab09e1

                                                                              SHA512

                                                                              3077fdf046cf7696120512d0027bcf399274bbce1af32bc9bd0ff885a15018b05df324cc3b4991bc9a1171ade66cad95018b1ae60b451d86eda5ddc07df60369

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              214a7bd08c8ea974d44c3322b666acc9

                                                                              SHA1

                                                                              9261383f6812bc6c013b51bd9837430edf859bd7

                                                                              SHA256

                                                                              c54989f1a74dc6966cea6e8b7444ae56aa85494597d5e8d5e03e1ca6e4d41c1b

                                                                              SHA512

                                                                              a5555c1d99377e74ce6de1142cf1dbe17b1e46107cabc85722345f4d55bd56bdc5561e01ea539e83f2ed2c3914ef4e0541e0814c75a4863f7bb036092f58403c

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              346c8576df378cb16df7feaee6172041

                                                                              SHA1

                                                                              8780d2e2adc2e6f98ecf29bb7869c8d176c97610

                                                                              SHA256

                                                                              be8f571169c5d0789c29bda8ae4a404c9002d55f04d14db4910a02e3deb49b1b

                                                                              SHA512

                                                                              8515741da7f08576b3844a655cb465f53201bf8320931798d38302b3eb5e2b3f4df0b3641b42b301bdef944b7954126377bac4e1f2263c5cc491267ac24f023e

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                              Filesize

                                                                              4KB

                                                                              MD5

                                                                              ad9fdd9517479735e798ba38c246eeae

                                                                              SHA1

                                                                              4046eecadc058dd73ee1df141a2050fa348e4e6a

                                                                              SHA256

                                                                              34d670875a0f0bcb28b18c4c1f98d4de5ca0e5f43e80c9db06e7f7ca63f07b1c

                                                                              SHA512

                                                                              1354314bd69cae590f6065d78d052f6463e75c81d21d7bf39b870455aa1614a08cedf27ea1ee0a00e6a0c2d172dcaeaa1bedec4c449bab2f500a56d3b8d8b701

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              92d661ec96e14f462e0d06e6f45e3acd

                                                                              SHA1

                                                                              e8496f0ee3ff51291da5023afe24f7a8989e9f17

                                                                              SHA256

                                                                              352782a14454fa21aba36ed7ab58eb469e34db29d52007b13dc852ccb163d0c3

                                                                              SHA512

                                                                              4b0c229a28af5ed3df065c520b161814de0d30120303f18dc8551003bbfa4be729491e3822314f3fad216500761e36df1165c80cbbe7a4afefa0863c04838391

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                                              Filesize

                                                                              70KB

                                                                              MD5

                                                                              e5e3377341056643b0494b6842c0b544

                                                                              SHA1

                                                                              d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                                              SHA256

                                                                              e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                                              SHA512

                                                                              83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              b622e3888c04577cde6c3157ee99ae8e

                                                                              SHA1

                                                                              54d93869f5a8270b418d12a0653e8afe2f76b818

                                                                              SHA256

                                                                              9269c04836eb36d405f99ddea693e126eb7d1dcdc741e5a46938be755a64a165

                                                                              SHA512

                                                                              b018a48abb3701e4d61a4b2b317944f7e960627a91abd4a11de0af28d335fc54aaeb4ba94ce5fda8bf44f2481149aa95cad2127416b731085e457dfecb8c4791

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                              Filesize

                                                                              7KB

                                                                              MD5

                                                                              9ecbcb7c1590716a04a5cc253bc7f0e6

                                                                              SHA1

                                                                              3a447c276d77bec3b37f3fea07d99630c190edd1

                                                                              SHA256

                                                                              e1f6af155bf8864b9d937a5cef8f120d587c4464e1dc092a879005088dab0615

                                                                              SHA512

                                                                              d3fe166a78e6e63504788c42982a3530fea534a143ee279e8720b6e57c186f0fa276df5cb499adab0a6e459f8c2f3f5bbf1e4ec0e4e49f7f6f13cecd809f4898

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                              Filesize

                                                                              7KB

                                                                              MD5

                                                                              c1b59c1a163fff865f8ab9c0a5736bcd

                                                                              SHA1

                                                                              5c73bfeaaed6d11e638b44c5b81528bfa905bd30

                                                                              SHA256

                                                                              79b6283efd5f3e0eeff27af65d701bc3ef8ef9df2876c3f108db25c4c0c47e75

                                                                              SHA512

                                                                              6b112df9a780fde503c10532f3cc8a22eafc97ab13602104fb2675d0bda7b1ffaad2b43f45154bae56ed5d2c68d2fca33003b027169e2b6ae8b726d5e495ee46

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe587421.TMP
                                                                              Filesize

                                                                              59B

                                                                              MD5

                                                                              2800881c775077e1c4b6e06bf4676de4

                                                                              SHA1

                                                                              2873631068c8b3b9495638c865915be822442c8b

                                                                              SHA256

                                                                              226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                              SHA512

                                                                              e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              6c93b87d047106bc4a83e7ad4aa6e969

                                                                              SHA1

                                                                              d0228135dfe9d74f3777887f4169e13bb173d6c0

                                                                              SHA256

                                                                              4233746bb39a2af24b93d5b0a143ecce14e587a975fad1e876839e6561199027

                                                                              SHA512

                                                                              12af4d03ea1f4bbce79baee7c6553b03199392c7d7c9c57f3ca10f783be37102905be3f8d306099ef2a259a329cfbafb0317a103791a22b92c047a663d0b371f

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              b61da3c8b4578a9a67f46776908a6523

                                                                              SHA1

                                                                              fe3e9c2938cd70ae89ce7f1e6ad19d7cbe836635

                                                                              SHA256

                                                                              df6150ca0669edc285a311961dcae132273b872eea6915524c397c2add25b58d

                                                                              SHA512

                                                                              d84db78f668ba09b06b16c919e37a36a6523b5f6b8feb3f97c2ae17375321752198ed921271f44587847ee6f1a6a1b56c6ddb330c1f9a34ad80a6395cac74b81

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              794dc00b2980f93f4c86679d0d6ec775

                                                                              SHA1

                                                                              355916cf39a75cf01a65d8a3c2ae23990fab4398

                                                                              SHA256

                                                                              fb094af480003093e944148a5f3a2b585b8529180201dce15085a7b8a646a830

                                                                              SHA512

                                                                              56d9829079001ca70a0d66f2358fbf66371794d9b288b76a2cbc82f7de4878ee22eed330d6bd1bb1f99f591f3a2f7f17e3664619401d3db2ddaaf41015d2f151

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              6ab200f7e7d326e3dcfa4e3098932fbf

                                                                              SHA1

                                                                              6fecaaf3b9c49d202ed7b35ce9ddad5e5abd1b96

                                                                              SHA256

                                                                              a7f5b56226e70e818272e9fb3c90421dddc7abf2ba4a17f4c7fcd0e1e5040ad4

                                                                              SHA512

                                                                              fb82d39bcd7e3243b2a6de39dc278a30f70546c79357e8cea6930df890db03c6899a379c560b45f9eaeea834a9a24b84156cc75e563faca0808f2d0b9b8aed0a

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              b9d3378dea0d2aae7db6ddd8b0681177

                                                                              SHA1

                                                                              d8b45ec7a760658b10b887db392536135170f896

                                                                              SHA256

                                                                              3068a8731e520efbd4b2786c63bf8e37c5bd28b3604a0438bca2a20a2d479080

                                                                              SHA512

                                                                              ee52e1ffec9db42b8abe04566f1f4ed7009aa1f87295b920adea1570a02c4fd306793abb59708e1bac6c58a27ac57f14892fcfef01530095094ec77c497340a5

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              8KB

                                                                              MD5

                                                                              5d8a9e2bd1dbb1a36bc529c0dba0e97e

                                                                              SHA1

                                                                              4dd6b541218b3359c8ba86ad9ca1023273f49990

                                                                              SHA256

                                                                              faebecf62eed6730565c1a988e35ed84b684bbea0819421997470c936205d8a2

                                                                              SHA512

                                                                              d8d740085790f24e09b0b7ad33a7ef10b452cf37da7cdd331b161c35ede81ca61606d37ba283a0e157b24093a6b4576e73ed37f3562a0f7f2efcc0fc4d64c573

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              10KB

                                                                              MD5

                                                                              33d386dc5300b13f3fa647478e49f5ee

                                                                              SHA1

                                                                              a59cbf96166eabcf3d3faaa234439db0d50efb86

                                                                              SHA256

                                                                              c7f0d2fc856a322c286542fea20e012476720af2003cd4d77c326d777bcaaf8f

                                                                              SHA512

                                                                              68dc54ae922b6be94ccc31eda811cadcb1025699fabc0eb76f210a29ad577707e228ab762d8fb07703ddf4d8efad119302b343989372e257681b16c67c65c89f

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              b394910fe6c615470afc338cd05de79e

                                                                              SHA1

                                                                              b92b2ff0d528906d1b5e6ad6a378144f7aaf3216

                                                                              SHA256

                                                                              3ef378a29c5466bdec2e023465898fb681ca26e3503c9b11e9fb3435fe648bc4

                                                                              SHA512

                                                                              dcb57301064cbe5975a538864903d9bc38a101b6a79dbd4d31a14917c294c7bd8f2de1f52373bff57959f0cf30edce23fb2c8e86fe91e57d18a84c9dcf26932d

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                              Filesize

                                                                              24KB

                                                                              MD5

                                                                              0493f44576fd7d9b6216b7387a26543e

                                                                              SHA1

                                                                              47d35c7f2990ec4668ecf1c01e0e5f623153a3f3

                                                                              SHA256

                                                                              0679b6900e2118e17164159f449fdc1f6bf20c0cc0b056cc9aedfae42a830ca8

                                                                              SHA512

                                                                              a519962ffb281d471bcf63c0bf75bed19d4eeac591cf6bf8565af14dde1d57fe8cabfc05bec52b2087ce8c6f637dbefb438ce22054895dc116b31bffa18e9cd3

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                              Filesize

                                                                              24KB

                                                                              MD5

                                                                              1cc3bc2b1c52831cc0b972d856888e8c

                                                                              SHA1

                                                                              9ffa8cf55aa29f6cbdd5ec39b1b33938b29e9990

                                                                              SHA256

                                                                              a8f894b23c518e04d94f1bb51343443de8121366171d2f05441283dbb1cfdd2c

                                                                              SHA512

                                                                              85bd6789da57c911f9cc35929ab302829614a4f03b3de30e28ab16558279ed02200a7db802c9bcd6b2e5886ea3c323d6a39eb8c3ee309d8b5702be65dab7c3dd

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bca47590-b677-4af7-b117-a2e9a81e7bb1\index-dir\temp-index
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              a28de64e582f31dd946a1961b183741a

                                                                              SHA1

                                                                              6cb2ad708e47b13c5a2d57569c85a4481a1ed381

                                                                              SHA256

                                                                              5b1d68af5b2afd809c8295cda46ad5f58b461c1e95207b7ac11a6924a291bcf5

                                                                              SHA512

                                                                              33448975e2aa854159d1f7369e4465ef6845700f7203257383816e1a19711984c61a0ec9f4dfcb89d7de688de434407d2f273d25db30422dd9be240a62dd4fb5

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bca47590-b677-4af7-b117-a2e9a81e7bb1\index-dir\the-real-index
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              0bf3c94129a9bff15af37fca35aab1c5

                                                                              SHA1

                                                                              bea30c04969f23f32f1710a8ea8bc111c0f6a01a

                                                                              SHA256

                                                                              56a1fe0e4127525c8d606ec57076cb22dcec283978c6545d46e3018b789f7b2c

                                                                              SHA512

                                                                              4c14ec734e4ccf8e92ec3ca4a528a7135a80cfc72910c75a8512a7089a6596063d4a7f54905485254cbf9d8dc74f25c8118fb06199b52a007926548671092fe7

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bca47590-b677-4af7-b117-a2e9a81e7bb1\index-dir\the-real-index~RFe57bf77.TMP
                                                                              Filesize

                                                                              48B

                                                                              MD5

                                                                              85139a7a6158c4baa85066492a056976

                                                                              SHA1

                                                                              894c4e2caa4d5c918622e7a7ecca2dbcd6a3f0b2

                                                                              SHA256

                                                                              a25f8fb8aa4ad66f8070249403e7dd0b2e571e69a28c5c47ba93858d535bde4e

                                                                              SHA512

                                                                              b235ecd63ddaea63cf64319676fdd048f495b2aed82db09c77abc12c489dd9b3941fcb3163e5646da801e805a1c81d720b204aef85a46b791856f349a8fe6544

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                              Filesize

                                                                              89B

                                                                              MD5

                                                                              0a585ba98ffe3413502dfb0ebb5dc420

                                                                              SHA1

                                                                              22f300cb1937e3711d07cc5612d4d77770182f68

                                                                              SHA256

                                                                              64990db4681ca5b1db02e80b03c9ad76439b8787e5cfbfbd8f3b11a11d39f6b2

                                                                              SHA512

                                                                              d1e57d8b6600f508dbad7da55dd9ca0d23cf15e25914296748e5c4aff85847564d44b22c76a1dc22ada63174121deb32e18cc907f390b4f6a81f555d11f5fc4c

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                              Filesize

                                                                              146B

                                                                              MD5

                                                                              cdc60fea901417b13bc20d4e597ea93f

                                                                              SHA1

                                                                              261ed62812b85a6b3a5f969a871bd71014f2ef38

                                                                              SHA256

                                                                              e0cddcdf1a680d82928b6e4e8a21a716a0696a25c1358c5ce6f9a7fe358339cf

                                                                              SHA512

                                                                              93ab9eb122f4a0acbc0d089c0d0373553b9309d8e6a53ddad7bc8bab1b794d3166d907d28c62b1ae6e1b3523d94bf2aafb81290211d2220219979843d537b5e7

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                              Filesize

                                                                              82B

                                                                              MD5

                                                                              8b7fdbe7d41053ff74fd0f240e847f0f

                                                                              SHA1

                                                                              2b2d4cca0e3782d2bb6d3254af0ba7d51a4ed1fd

                                                                              SHA256

                                                                              e75e620913adc643b66bb3d6ee38781dff81afaf0b98c4d67b9b085a3430b04e

                                                                              SHA512

                                                                              65bf1bba6d789352b8964dae5049bde544b1f7dced6fe9cd97d9aea3c502bd6b345e0ad832f11cca71d416629cb0cfb3f01f094c06c729ed04aa2fb7c316a8bd

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                              Filesize

                                                                              84B

                                                                              MD5

                                                                              306734005f42683bdbca7cbcc9c0f79f

                                                                              SHA1

                                                                              e3a48fa5185d40f63746d4f16dddacf80b3d9cf9

                                                                              SHA256

                                                                              cde789e5034695560e45f9a3a8a533dc586369445371a46d9b46e1f5216ba8ed

                                                                              SHA512

                                                                              4e1d93ac0fb256a1b764bba788ff894bb72c0932c3e521f7bd476bdb837279e043d5e4ef435264dcfc688d0b43e4574926bc162d01168a9f426afed435e304e4

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
                                                                              Filesize

                                                                              84B

                                                                              MD5

                                                                              caf233af92585528f00e298c78e9bae2

                                                                              SHA1

                                                                              b998d78668ab8edafb911cfb21dabdd9ed2f09c9

                                                                              SHA256

                                                                              37d9117db18ce005477bf699b53312b5e470a3e124a86c08ba0e9fbd58f8b4f6

                                                                              SHA512

                                                                              81ab3a310214d64973943ca350829997cd49a2c678a5e6beed9dde435bc6245481668b5203abf9e2b3a6ad4d9964d3331190b5a7306535a12b3bd264051a2d0e

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                              Filesize

                                                                              72B

                                                                              MD5

                                                                              2c0a869c7fd6706fa5ec00cc4747540d

                                                                              SHA1

                                                                              1015d92c2a33efb1fcf6347b346ecb265ded7bab

                                                                              SHA256

                                                                              c9924d18d66da4192000c7accc67a1547a98a4ea9e550ff462529bda95035da2

                                                                              SHA512

                                                                              78584602745504f7737fe8d34a4c29403c0b26d38683bb02f59c80d311c1a6c4bd1c73bf4240bd81fe8f487663afaed4274631aa7bb65fd4b17d2de68d9c4e85

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                              Filesize

                                                                              96B

                                                                              MD5

                                                                              68f4bb9cecc22ef7cc67f9b7902f8f60

                                                                              SHA1

                                                                              638a34666369825240212b9f4afe85476861188c

                                                                              SHA256

                                                                              314744872460f0376ef827df2de7e575e594433883fd5797f7590c98858796bf

                                                                              SHA512

                                                                              065d6e4214f384ad745334fecec5ac9f06c17c5e7f6de61365925e3c76d861542849f39bde60156bbf7f33cff4cf8400ca546b7c0fda64f17ccf547a6eb583e0

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b853.TMP
                                                                              Filesize

                                                                              48B

                                                                              MD5

                                                                              3f6151b5665ab6db0b8e50ab92851cc0

                                                                              SHA1

                                                                              0b5ffae45f115a43eca91119214e865e527db2e9

                                                                              SHA256

                                                                              4a97ab703bb6ef70bfcaba4ea141ba1de1381463c9c040cb40dce205879e5055

                                                                              SHA512

                                                                              34e9cde0824f3f9e3fadfae467b07fcac59f544ee504fcd238cd280284d4d372d5947e17b9c36f750742d6fc6b52b2fc602f36dbd9581e98b91190f3972bc238

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              ebb3ccbf045fbc483c79498ba7f51d54

                                                                              SHA1

                                                                              613e78b9d6dcb810a6d665816f0c61f093c67487

                                                                              SHA256

                                                                              d29fa38ca3ff6d0fbe219941ebd6a87a35620df8eff22a5c360a21957334388e

                                                                              SHA512

                                                                              0f1fec6c40b7a9e0ea8c585b84fc0f7cdfa976c826730488cec2a33a9106ca115563cdbabc2b2a09cabdb13ad7ebbcb4c94f4bd94bc503f07ae098903f23d78f

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              52e6b84acc77a828b954275ab39cfaeb

                                                                              SHA1

                                                                              5ec450be972bc1cc7d71028983b5e5adc92fe868

                                                                              SHA256

                                                                              bc236e37929c6969f60f5f879eb729d9095c21862d58e69adc39798fb9d235fc

                                                                              SHA512

                                                                              0376b843db5d01decf13191bf1bdb6aa0f0ec0f0b96de2d29cd5370aa9e477984bd753a40b66ce41c548d6883584ade32880c6e71eb85e72d5745aa4e5c58501

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              704B

                                                                              MD5

                                                                              345ef262b1f621d6ac2f5c879561308c

                                                                              SHA1

                                                                              e7c88e2e1330a8545f452ca9ae1583f43003523a

                                                                              SHA256

                                                                              cd9711563f8ad484063b234d805868c314a477e514a5aa25aba907e0385e25f1

                                                                              SHA512

                                                                              5fb035386c8a0ad316d6618369eab74c44dad2fc9c31c0a7974e9cb6d5386ca97f6b15c556c42932dff2c1d7af60c674716d485a3e8a6a642b81fbe644ddbebb

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5821cb.TMP
                                                                              Filesize

                                                                              704B

                                                                              MD5

                                                                              0e2bab7e3c05200d56a525a7568b7af8

                                                                              SHA1

                                                                              ae6c1126e2d6dda5c8f3a6fa052af9a2a2a800ae

                                                                              SHA256

                                                                              b5a0601f5d0f4b4fd1ca5a9227176f94fcfa5bf792f59587a255aa2583c048db

                                                                              SHA512

                                                                              6a3772d3c66a9658ca029cf66b12f9e39b8ad4c2c7f72d70bb0c348c65818c515bfacc2604d2a8713ff9e8836bff766745d7f62f69d46d5bacbf82dc9addd1af

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a1a5490b-5cd2-45c2-8cc5-912aa18b4128.tmp
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              29def37dd81ad2234e981289318751d3

                                                                              SHA1

                                                                              07bf6fd24c7dcbee940f8a4bacd6a68703a54ff1

                                                                              SHA256

                                                                              f5479465798fa688f7462b32e22af141fd7231452ffd936cb857ca341da59b58

                                                                              SHA512

                                                                              71645e9fe521579b13c1946321105c3b352045b8022ad1bcebedc35f108e82bf7ee8002c01a01c5d4b75300f4f75f583324c6b08777d0aafe5705e9d65d0fd7f

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                              Filesize

                                                                              16B

                                                                              MD5

                                                                              206702161f94c5cd39fadd03f4014d98

                                                                              SHA1

                                                                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                              SHA256

                                                                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                              SHA512

                                                                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                                                                              Filesize

                                                                              16B

                                                                              MD5

                                                                              46295cac801e5d4857d09837238a6394

                                                                              SHA1

                                                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                              SHA256

                                                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                              SHA512

                                                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
                                                                              Filesize

                                                                              41B

                                                                              MD5

                                                                              5af87dfd673ba2115e2fcf5cfdb727ab

                                                                              SHA1

                                                                              d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                              SHA256

                                                                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                              SHA512

                                                                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                              Filesize

                                                                              8KB

                                                                              MD5

                                                                              a92f24bd1ec41c2d6c5f99ca3f2ae0a2

                                                                              SHA1

                                                                              551ae4f96f74323d4827bd3bd775ae7edec546f7

                                                                              SHA256

                                                                              a8a76e84232189a357f658b981027bae0630b1da7cfe9af8407f11aff3e86bf6

                                                                              SHA512

                                                                              e0e38ace0749b3f596b31957fa59b047dcc58ad91baf7eac14c9fbb72749e6f35beaeaab57486b12d31ccd974bf3d3cb80174e9e2ebfd3e25eb21f795f37410c

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              cbdfa342d8309d51b2e86e3cfbe876ea

                                                                              SHA1

                                                                              b0e9d6ceef7c4931c3e39db0dae5cb3439679389

                                                                              SHA256

                                                                              dfec2b61e4cdc42228575df84111a9371e0b6bc416acf289d910e666aba33c45

                                                                              SHA512

                                                                              e5b8a70e79f533e183b6e18d2deeccd551d9cef55ebcaf2b33c50b00f2c795c2af1a5e4c3f2d8bdb3952a7c560ff8c7cc93c47fd303e00f1c520b198919efb49

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              12e9aa1d37450042bb43ec9c7f154e33

                                                                              SHA1

                                                                              f74bae4290b10df758ab2080e0beca3ec277fd1c

                                                                              SHA256

                                                                              17230b8e340a30e27ccb6c228b7ecfbc5e37e3e1e68fc9f23771c9c0cfbfc1e9

                                                                              SHA512

                                                                              f22c76f001424ab0723bfd72311daff6c0651846402a0e0e217ae31099d12cb7562a178b1a417843a73b17e23e90973fdf609252a58bee34e1013f9af252c5f2

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              d706fd2d00200963bdb6e4c9d732c0f8

                                                                              SHA1

                                                                              c910b56f04af9c54f2b752aef30ab4457d6275e1

                                                                              SHA256

                                                                              e7c4b117ad2846a2880e11c257bd53a9433394a8f7e69cbd157ff479a3ed2484

                                                                              SHA512

                                                                              68c97382c0b7ab3f0e777c009f97810121c3965a6bd8832131da0f8bc68ba1c9e7153cfdab732fe4e05f6b093f1904bf76c51c4a5aa148091e8d7b6a966a21d7

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                                              Filesize

                                                                              2B

                                                                              MD5

                                                                              f3b25701fe362ec84616a93a45ce9998

                                                                              SHA1

                                                                              d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                              SHA256

                                                                              b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                              SHA512

                                                                              98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              8bdc8a4126e7492178cee75944b302b5

                                                                              SHA1

                                                                              92dcdf4103225e89c01758c8054571db4d4a07cf

                                                                              SHA256

                                                                              2531c27800d386bf07c6f8ed1fc505006b8ea40a1892a08e0183d5b70003b2ec

                                                                              SHA512

                                                                              10af756185ab58036ea9d3b1293c627fd0d2ed2fdeea95d7df8fbee0cef75f995f0f195d7827b01158fae129c517de92bd1303b26cec8b19f79e31563398b99d

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              3dba69e2aad8250ef5e55297ed782295

                                                                              SHA1

                                                                              696063101e101d14837d970ea8ba0986e8dc70bb

                                                                              SHA256

                                                                              54bad4b5659b8430b0aab09efe7b7417f59313d06f5ac7b66003a1e7c0f0bcc1

                                                                              SHA512

                                                                              0825b5e8e02dc57e68ec02008d58ae48456c91c2e78f2ad259649496125491a8201e03b9bd51f0c10d4e244d1b75d255f6af2fd0e5a633a7be07e43a520f3417

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\gdi.dll
                                                                              Filesize

                                                                              400KB

                                                                              MD5

                                                                              f42146f937315414067fc3d7d7a71111

                                                                              SHA1

                                                                              c77cfb8c9baf940edf4a1a4f4e21182835560a2e

                                                                              SHA256

                                                                              bf370658cf47f40a16b135ec0428f8a38d1672063f041a1c896a9ebf58fe06a6

                                                                              SHA512

                                                                              8f3f08cd27c5cb8d51d37f2bcb56e43c7d270cf093645a90ef8b7c85f779380b6dc0b010f65ae1940054db92b0d360c8a41aed179c647378d14ef571679ee683

                                                                              Download Submit

                                                                            • C:\Users\Admin\Downloads\TieLoader.7z
                                                                              Filesize

                                                                              38.5MB

                                                                              MD5

                                                                              f67cb31f503a17c6ffe0574ceb8d3cc8

                                                                              SHA1

                                                                              295fd2c6108ab894688a70fa0c9120682c121e70

                                                                              SHA256

                                                                              dfddc6412cb7d158425595e55883b3d8d8024014c9319987b808a27e924b0f4f

                                                                              SHA512

                                                                              53d745930aa8c0caa54012adca27b34a40c037a36bbb45ba8b1de91f11cbb67d33c79b9f207d9c481856df2ff05b9674760d99df18a98e0d7c47bbc165b6d99f

                                                                              Download Submit

                                                                            • C:\Users\Admin\Downloads\TieLoader\TieLoader.exe
                                                                              Filesize

                                                                              33.3MB

                                                                              MD5

                                                                              2aa217540050764de32dc1c775bef856

                                                                              SHA1

                                                                              743b84a1b500e9ba00fdb38fab4d1f7f339da396

                                                                              SHA256

                                                                              dedcc701239ebb01d83a18302291c92397536c26aeb42dae61034c561467364b

                                                                              SHA512

                                                                              5994a44ba2f3dfc88d81d7d82fde4223b99fd8c14e8cbc1b4a4e6ac1db5ae450636437d68ae160f4484a70e1d03af7201ebc45540e42aab6111d2dc3da6a27c3

                                                                              Download Submit

                                                                            • C:\Users\Admin\Downloads\TieLoader\WindowsManager.dll
                                                                              Filesize

                                                                              400KB

                                                                              MD5

                                                                              6ac5041dde2481a0afe693eb42bc9b0e

                                                                              SHA1

                                                                              a0df99e39322e6f77a423fa4fbd901fd68a316d3

                                                                              SHA256

                                                                              4b5d13505e2ef5617e766e5545b40ca407fb27ad3f0eba56ea96e993a68d9f11

                                                                              SHA512

                                                                              ffcf21542b3aaf090414a540a6a38ee682b5e2acc589a5b72362d866f5b4b4e61349d1af02d3e7ce6187ebfc68c90f40a01335f5e4af1a09ca6776ebce4e674b

                                                                              Download Submit

                                                                            • C:\Users\Admin\Downloads\TieLoader\log.txt
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              78b6fb2587f3392e59cc248aded7f7e0

                                                                              SHA1

                                                                              c235fa1d461b344c24637b04b364b17b8ad486b9

                                                                              SHA256

                                                                              129897b7712c78d0505b22e438bd6c1ad0850609608cef092d3c4d54834b78a5

                                                                              SHA512

                                                                              5a1b3bfdb0f250cc4caef8481190f311f2f98b625285619bc4f06abf5bef4f784741145441291691b2dbb69ab9b8b3a4666bfe7fba20246e15080ffcf226888d

                                                                              Download Submit

                                                                            • memory/668-1284-0x0000000000AF0000-0x0000000000B54000-memory.dmp

                                                                              Filesize

                                                                              400KB

                                                                              Download

                                                                            • memory/668-1287-0x0000000000AF0000-0x0000000000B54000-memory.dmp

                                                                              Filesize

                                                                              400KB

                                                                              Download

                                                                            • memory/2324-1251-0x0000000001130000-0x0000000001194000-memory.dmp

                                                                              Filesize

                                                                              400KB

                                                                              Download

                                                                            • memory/2324-1248-0x0000000001130000-0x0000000001194000-memory.dmp

                                                                              Filesize

                                                                              400KB

                                                                              Download

                                                                            • memory/2324-1247-0x0000000001130000-0x0000000001194000-memory.dmp

                                                                              Filesize

                                                                              400KB

                                                                              Download

                                                                            • memory/3816-1263-0x00000000010F0000-0x0000000001154000-memory.dmp

                                                                              Filesize

                                                                              400KB

                                                                              Download

                                                                            • memory/3816-1260-0x00000000010F0000-0x0000000001154000-memory.dmp

                                                                              Filesize

                                                                              400KB

                                                                              Download

                                                                            • memory/4448-1272-0x0000000000E80000-0x0000000000EE4000-memory.dmp

                                                                              Filesize

                                                                              400KB

                                                                              Download

                                                                            • memory/4448-1275-0x0000000000E80000-0x0000000000EE4000-memory.dmp

                                                                              Filesize

                                                                              400KB

                                                                              Download