lumma | hxxps://www[.]mediafire[.]com/folder/oljsfjvzr13f2/NewPeggs

Analysis

max time kernel
177s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/oljsfjvzr13f2/NewPeggs

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://begguinnerz.biz/api

Extracted

Family

lumma

https://begguinnerz.biz/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 3 IoCs

pid	Process
3780	ExilePath_2.1.exe
2496	ExilePath_2.1.exe
3084	ExilePath_2.1.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ExilePath_2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ExilePath_2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ExilePath_2.1.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133803229120288885"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 5004	5008	chrome.exe	84
PID 5008 wrote to memory of 5004	5008	chrome.exe	84
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 3432	5008	chrome.exe	85
PID 5008 wrote to memory of 1600	5008	chrome.exe	86
PID 5008 wrote to memory of 1600	5008	chrome.exe	86
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87
PID 5008 wrote to memory of 1148	5008	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/oljsfjvzr13f2/NewPeggs
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbd4b0cc40,0x7ffbd4b0cc4c,0x7ffbd4b0cc58
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1764,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4668,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5300,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4924,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5168,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4944,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5668,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=968,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5324,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5024,i,4806054666207254693,6850916140471119221,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3360

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:864

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1048

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Upd_Xmas_2.1\" -spe -an -ai#7zMap16012:86:7zEvent2855
1⤵
PID:2196

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Upd_Xmas_2.1\" -spe -an -ai#7zMap5010:86:7zEvent8160
1⤵
PID:2420

C:\Users\Admin\Downloads\Upd_Xmas_2.1\ExilePath_2.1.exe
"C:\Users\Admin\Downloads\Upd_Xmas_2.1\ExilePath_2.1.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3780

C:\Users\Admin\Downloads\Upd_Xmas_2.1\ExilePath_2.1.exe
"C:\Users\Admin\Downloads\Upd_Xmas_2.1\ExilePath_2.1.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2496

C:\Users\Admin\Downloads\Upd_Xmas_2.1\ExilePath_2.1.exe
"C:\Users\Admin\Downloads\Upd_Xmas_2.1\ExilePath_2.1.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b65d667045a646269e3eb65f457698f1

SHA1
a263ce582c0157238655530107dbec05a3475c54

SHA256
23848757826358c47263fa65d53bb5ec49286b717f7f2c9c8e83192a39e35bb6

SHA512
87f10412feee145f16f790fbbcf0353db1b0097bda352c2cd147028db69a1e98779be880e133fed17af6ed73eb615a51e5616966c8a7b7de364ec75f37c67567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\152f0b16-4f18-4aea-88c6-a4f8e38d3b27.tmp

Filesize
10KB

MD5
fb9406a5999cd21b8fe8d58eb4b3186d

SHA1
860fb5d2d353a326256061254f5c05cd2bf4e6b6

SHA256
a48ab8220ee57edc0c8656ef53ab6e24f38d68405ebe57a723f3873458a4335d

SHA512
85fc4e86b8ecaecce912d347e2cb5823e493747711924b598afe55bc940344efe5a3746369c850f3c347c9be3c63ae69156f28ab383a9fc157f93b71b01c36dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
47ea985aaf09ed86e339d63dad9732a1

SHA1
99454b47af96b012bee34dbf0ec645413082c610

SHA256
503b27fb82ccb30a8c3866447dd2eecec2279f4ec334e86c5d9f69f4b899f844

SHA512
8a65a45cc83c3c65ced9027320852273466a7aeda00f80a45c0e36c82e43557a911545281d63526553ac68788b4d4705bec18b3412e25c3ca321f17bea533eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f5ae0866ae0fc520a8ee236b33a59609

SHA1
fd946412f7ae8c7622ed3d6acf7e10b0cac40a76

SHA256
c5191703d077d4f8bdd0cf520780c697e7b5659a21c1a3b259d251e421bb1682

SHA512
0f5bfb1619797665d6b0427e32b7b15917d227de7d2897461b0cfe16ff502729f1f6bcaebc33ce5815bcb5de35f7310305d553d95a330eb8fda9307b6bf2d107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
32b153e8e54e79c47f7d3e1ef9c76bc6

SHA1
ad19fe438b20c1bb252140adb01aeb9b8a6454e2

SHA256
8128bde4e08d7653512946794de6f5c78b147ef41bff9dab13626715f5aafdbf

SHA512
e2da8c7509a3af3a4ae1e98025021aa69c9843537e119f94f1ae9769e70b7d6ea12ec1d710bcc0f21d2e18bc8b1e852462d57309c101ad2cceda373f5d84ff2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f2bbaf8ca93e617ef92a4b48f45cd136

SHA1
be88f0d2f163bcd318147f0464a1debc17c60b07

SHA256
30ff710c733b0232b64e4744c7e9074d3e7ddebffb09295eb00209c4c90eccd6

SHA512
18322f1906d9994eebafe5c3fc5acdc6e11980b6b2ecf8ad52c99747667376a0598b8922e6492b724fee806887a515eeab84345de887257dba15ba9957afc2bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d347cd22a5c367cf249e7c73852cebb7

SHA1
ca750bdc8891ee3368e750a72b01356e81538da2

SHA256
0033ee397bf533448f66fcc11aa87686109a3e95000f5ef3f5ea07521f057baa

SHA512
56a252a662b52885b4be745bf2a79f8552cad979013df9394fea9d22252b372d96085bc27143e39be8533cd977dff5d811e851b563c4297a2b837d67a9da7c21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
7929967cb4c34b91b45c1c983ce5cb2a

SHA1
d8851d7d5aaee86c9c09f07cb5e366fc398b297a

SHA256
2f2efedf02a3936d4dfd9c9d00d2dcb59c84f6410acbd464a43ad1bcea228e4e

SHA512
e05a4d919211dcd5bea06ab79972972d71ad4090aa589e07db07ad31c311bab13a375bd05ad9e31183d18db466dd086e7527465b01a47f9693daec135088c761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
c33b6061f9e8f0ed994eb9daeee68e0d

SHA1
0605eab2952fcb917867dc523099ddc77ce25344

SHA256
3a3173a5964c5c0ab49f49694b63109753cdb60d4f1e596ee69b72a45f1418c6

SHA512
425e6c90fdf6bb0405937e216c673822c6291381a06b07900c7164282bb40ab8d3d7c50fcb0839ff4977b3ffb8d3dbb8d61346651d54e0d73e707aee7d1949a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
12ee23e6a3f390b9770b2340bab9fa08

SHA1
7b9d104e8496123f287b2e23298580feb6fc6238

SHA256
d2d7915b94a1fd38851775ed7d6de4bd89a158133c2750020150ae08b73c3809

SHA512
60991e0e5c797d7bbbf60057d8225f234cb02e790ceaf68c28bcab9734b8b926a486fce248cedc44401bd7bec2530a344c19a160ffd010102ecb3d907cf2a0c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
40d457fd756c6dcc531032bf0d77d006

SHA1
069909f98c294dc00f5290dcf5c9358a4c16376a

SHA256
593900f1b70d7670667be8f4e7a046b453f3f5c15f5cf05dd984a9f6e9e13fae

SHA512
131737747da19060e16b778454b6a3279f50ec24813838f6c83e6763ef4ce87f90bd5a63b1cb6982262895197f379a4ebeced38ef09dd6785f42f53c80ec8801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4fa861b509b1d0be67df569a5b24f4d0

SHA1
f4749f7c696315b5e276bcfac584bf8fcfa9f7bf

SHA256
e545806b8f0461b8ba70f226d7b7e1673c8b0378a60d6448972a364a813d50ee

SHA512
d5fffbaa3e532035602862753d3d53cb2bf879e94056507e8001dad7e554d9595f2e010be4c0e0c671b38c927d00fdb8e233b2efb48a8cede7afb6f069b5163d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ed67008da45a139891604b994b6566f

SHA1
055246a6bbeeccf09d72421a14663f125565c51f

SHA256
0747102161cae5f399e5cab45e19d29dce96f34cd2d22a048626c7ccda26a092

SHA512
142ca721b19ba9e51ee0bf28c7fe904ed07467c68ac75b7cfb918ecdbf3055e4305b170bb6c933d4d6b50a18db34586ab89b5a803737ac69bf3b73e4c225fec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d0c7baca12be9fc0da2c4a7d38bc6472

SHA1
fe3f36e918d5d9c2572071d75fbd317905aa86df

SHA256
ca7573a687e4816c093b8921bec49679ad6a2f01acf6e065581e1f6cc811d094

SHA512
29ea483c2fa559e3eff632538fd6118ba8a3d02e24ae06fde89ef58f160a8a5a0827803f69e4eb779102091ee4ecc0719d282750f6b3aeb95966de4957cf5ab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b5005b728ee33e246465b65ae58ddefe

SHA1
e458423cfec080714d3a21cf73c33d122a89fedd

SHA256
1d675856a8d1cd2cb823c029ce433f40605853e4aaa91de66f8446029cf2733d

SHA512
dfbe51713c30a881851a0044881e78720def362b2ba202bf6476c5385f593734591015e280135b37b3658ad89b08ea9e8f1acff9114d0506f5f0cb6f6c498624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4196b2a4375c93691a304b9a7d09375e

SHA1
3e478e72a26c1b0ecf777260d1f4e3632f4a7ea4

SHA256
ffe8b091b0fb0122c40a4d579a66a9c1a25dfeee196d50bf2ce939e587ff47c9

SHA512
38085b2de1f59c7df4fa19a7b4eeb1a2994dcf6fcf144aa8e3ea87070a8e316a9419a00c5fc816bf5901ae2cbab56b4e465f7b1a644a3b9d662765deaf4718bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d7814b2a2190cb3f4f11a0496e90eca

SHA1
b0a2099076bf7844090cf6adcb9a96a13980cd32

SHA256
9116778dd9dfb5ae7eec9a36282242aac167a3b839fdc8d8ced55ab4ddb9bba8

SHA512
89becbfa5e895476dedd777a39bbab7bac4e33ad1c5498b12fce2e5521e1deb7d45190019a9c4e54572bf6a21e4fb0cdf7651ea52c7004eb995cb3cdac777d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99d188df742a2b8e081218f378b13e3d

SHA1
53c727972ff139937efe06d81276f99685055c1d

SHA256
614471496b9e8c943dd9ad71bb4798929763bb28d99f7c046808de0f4dab30d4

SHA512
350b7b82b44f046795cd91ecb1487899fde76d4ea3ae371f064a9b715f29de5e876a5fbf6f5f7a7a53f918271236a7f234c086f571f36480bc7d4dac26fe2bd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4326cdc81af249d54d590e23a70679ac

SHA1
3c14f5128913fde3a111b4abd2ed007d65a7d5e9

SHA256
fd6a8365f820eb40b638182a570506fa126c50fc7968314901feff06259c7e80

SHA512
1cf18e6216a455a1745d1745c6603de2b7ca30d1406001b48218b6893d6b4b2d5b662c45697327e346d783f1864216b0b6f0488d810a8db4248c245662fb3ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ba245f1bd28a45638d09d63dd89bdb0

SHA1
e6ee44532e6fb059227af8b8b2bc5e96669ad0fb

SHA256
6f0e855426e19e22352d28013a915b3e73d24377fe0b412a777e020d6cfbf5f2

SHA512
dffd9834d1cd3507b6344dd7533b188a9a266a3f40acfe8afe42da153d7c2558a186cc3088c5533454fa412dc92cf2befab431664b771c8ee56ff2d1007c0922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
551d72ffa599a7bf045661a3883597a4

SHA1
c586f4135477d988607e84414431b35629e01c60

SHA256
cdf9d53486df78e77ac5737559f34de49c337a4c2da715942a0fa158cc9e19df

SHA512
1b77326804f0325c5c5320e46ed02a844d386548263b47d62b099ef8076411ee0c23f7759f2b8e3b2a4045fe5f60469a086bd66b55acd0f015fb621283adf1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c4972434f4074b515c46ef55b9ef771

SHA1
34d9554a2ba52c243d8add621f45104cd4abd81c

SHA256
c8c24e93fb7ad4c115f5a8ee6f39b5200023712b72c7cc3b405ef0ff7713135c

SHA512
f50ebdea1c328898c90d039d9462b684b964e803207fe5f59bca188e3418f7c3251f8bb8cd3f3d547d8e33c27216ea26ffa87c9ab365ec634e726fd1db27a27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3c08e5d907c3190cd350caf8ab488f31

SHA1
8affbca48e161e4308fd4f311fafe4a90c5d46e9

SHA256
379c8049cd5f7ddac8308afd95787fc998f1833887387b6c6b226e6b1b4a2467

SHA512
f6504a2725c7dd7038eaf514762a4995c8642d17af64478f54a59c118a3c640696cca24027690be4ae321fbb77cd67a237ed4fdb4aa0e27d4e3e608d730b10f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0b87bbf83a4503b1b2fa0418bfc1a5c4

SHA1
b1ed4a908f194e17fce5f0b4c5e40f4cbf5ba509

SHA256
7683eac5030b1f899b95c3f61976ec87297a3acf60e0480b23761daa4571751a

SHA512
9b2b10b8a25c098e459341024bb3944e0fd08268027ff4553f35ade640dd856e4c46dd7b68df910ff16624802f83e95a4c2bce34bd5397b9d2ac1d756c2a4bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9c28980cfc496c174502cdb533f535f7

SHA1
63f095df06dc9fd77775928d27c6a984eb333b53

SHA256
85b16c2f549cd95bbbed24791a2716bbba01b013362a02f08c0e98829770afa1

SHA512
c3d773c48b6082fba2753dfcd065065a4ec4708e49065aab3b417bd90d370b276d44d9e86983aa8cca7fb22d7c4e51acda1f7dfa77088197286ce2dfa742d465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
819553438ea676b6e52ec76a744a59cb

SHA1
8b0be8e93ab99514225f296126aa7ef805948acc

SHA256
cc492aa6de8468d90c65a4e06a0874be645b9f614d103bea8e02a82ee577b07e

SHA512
5e10590891aa8c7b47cfdf0365a7f4aa731c07a8b5bc86881824539b00a467c5f3d85a2360bd80b8c587c5ba850687ee4766a963cb7e188184c0a723268f784e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
5f844a096a965ce7c78ca8d45ee53aee

SHA1
7793ccec37a3e95951344eea944d68f97fd2615e

SHA256
5bd9068335cdbcf12591f78a4fc2f0e046f53409ef7c461b3a78028bc002b8f5

SHA512
19ac72b7efc8fe61f44afe450eccd4375f449ce3472d5879a61e83468bc220441e6bdf31b86f37ad1c1045d62dcb6b1afd09e0658af4fc72091618d3665b944c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9680d6046de2a53eca5ef1f27acad7c9

SHA1
a0c7b768fde9edd0c2a3354ac9346619d9c1eed2

SHA256
d609d7eb764c7cb13ead8f28048ca0688e47a5dd209030219e9bd45814af1eea

SHA512
ca49162d0b3d04052705ff5b9eabcae21d718c836639474ce5517fb5561e9d2b7e0d233f09d19a7b50cca2e413c4515d196e222ef0890502731dfb5a001b472d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
016152d2a8e08d34b88cd19b692dcbd2

SHA1
e3848f09265bb8a8879be72a247f62bbff3a995f

SHA256
0e020c4a9861df9903ed2fcaf9a292b87c73b2923ffeda4ddf000dcb1d962529

SHA512
724f56314061b58158a799bd665a1af998809cda203002e2d887512b445c30213428cceb27718cc2c101cca5bd7805dcd36c748981e45adfa21aa452ad3b7e8d

Download Submit
C:\Users\Admin\Downloads\AddEnter.vbs

Filesize
1.1MB

MD5
7121cdff4d2e94e3205d345959a54b12

SHA1
811d938696c327db03b5ffb09ae9d375d61cda56

SHA256
4ada6615099b2593f750818267f962268af775f9a92eb3e0cbdebf8738714231

SHA512
8774ed05d403c204c8b85579c285dc0192d56038f81beac60e245da10ffe5f23c7fb58422b6fda73923539e0865ee70d381e4a16c7029ba03ffe4b51469cc062

Download Submit
C:\Users\Admin\Downloads\ApproveConvertTo.xht

Filesize
1.0MB

MD5
aae9debe0a8160b54306a6005bbf5592

SHA1
7093a1b4ad64395fccc37b193d4d986c6d58fffb

SHA256
63b8157c0fbc751ab5ed991194dfebdc4a022ccc15e6258c529c5275fcb64464

SHA512
06c068eda5abab075978834c5b8ef339ce06eec2f9ed800676812b7c80afd33cc5571b72857c4405d817d3498a8f5503873453df4c20c583da379fe4f872a946

Download Submit
C:\Users\Admin\Downloads\AssertRestore.txt

Filesize
618KB

MD5
20bbe5343b44fb560cd95ae33632b56f

SHA1
b498c1b3cebda8840fbfe9ee47e73f441cdabdc4

SHA256
908ced57530616028489b2e1a5257b1f11bee0b12149d090a34cd5c842271b0d

SHA512
74924a25be399496c2fbff4792d078fcb00c740cdd865577f08552c13382c5887298d23eb2df331af4b6e12e66b0377585d383c105751b97512daed5363b4ebb

Download Submit
C:\Users\Admin\Downloads\AssertStop.ram

Filesize
444KB

MD5
1084bf18b76320d9b750332dc3176bc3

SHA1
a7ccb7609f93e495b63e48fb0625e463ab4bdfd0

SHA256
4cb52a17370e9ad9726fcaa4e0e3ca4e7089a3097ee18288bbab7ae407489ad2

SHA512
8667e40b663a0f4e406374a1f678a6b54a2a69717d585e71bbe0cf6832f7051d6becbaa304e553a69931f7ad8f5c6c053241b50bb22acbbb70f711abac2f329a

Download Submit
C:\Users\Admin\Downloads\CheckpointRestore.pub

Filesize
639KB

MD5
702366afaec862c6efdb821daaf69229

SHA1
cc7079a7e7b9b912fbd929edc323f54f7709b856

SHA256
b5ff46df02fd8e1f4e81abc726a10b97f6d374f7b2fdf47b2a03bd6648fe04c6

SHA512
eedf8f0b85faafaedb360e05956bbaf8c974e53c9bd626d13575b0e975b0fe678979ff04724af7b2315044a8c9c6bb07159dd7e861baf677810ef813d6fc84fa

Download Submit
C:\Users\Admin\Downloads\CloseExpand.pub

Filesize
986KB

MD5
1b9d8338330b2fc9d523156f78c0bde5

SHA1
93a1b84bd4dee037a9c3c5bd12e5b985627557bd

SHA256
f55ee065287f6a5694773fb6d803a0fe3c3925628608a8ddaa4dadfe5b0e9dce

SHA512
bd4668d2cfb600f48078cffbb07ecb991a55dde5d5cb6ac8a73868e595cbe99dcdb0b63a8f5406e0c8584b9380410ca60c0d75535a9d74d821cc7469d205dbab

Download Submit
C:\Users\Admin\Downloads\CloseMerge.lock

Filesize
509KB

MD5
8c9146933e6179d4d02d2dc0083c0c7f

SHA1
11660404ff11efbc3c888a9a0d4bc2af3a341686

SHA256
d920e53a72650a5a67e885f689695c5c64dcd4374564728f5f479bf841661b68

SHA512
3299885a15a1399a67bf19ff9db7a97748fe9f8321e93acb57a28675bdfd9a78668c3ea6e635bf06716ed8d3c79fcf37d0eaab2f67c77c5373e2112b8f86f279

Download Submit
C:\Users\Admin\Downloads\CloseRequest.vb

Filesize
748KB

MD5
1b46edc86b4bdfb930f45180439976e3

SHA1
06c37c5f74ab01d5bfca3324deae4a8fdec1355d

SHA256
9ae86ca05a84c9fe41eba48e55965e4c11a96cef4542fbdcb9d035d1d6008479

SHA512
069932bb010267410d4c36296bcbe268fc0935ea31ecfd7be9f91f3ea331bb0e001001d3edb034380e2f66072f92a1112f8270a663088cc3319a65f3eaaf85fa

Download Submit
C:\Users\Admin\Downloads\CompleteConnect.html

Filesize
574KB

MD5
d4457533fdd9f2e67061629432dec2ad

SHA1
945b8930f98b05eef1161a444ece7a24a616548e

SHA256
31bed63ff76f2293232d8ae54fed528188f3a129bf94865a9756b78e1cbccd3c

SHA512
ee41172f6939bf8089f4c9aadb79babcb68e48d1584289c0aefbae6de27b50fd2609a6fefcc184cd8df2bad9e0fe25fdbb39625c831c31abb27252c2ee160652

Download Submit
C:\Users\Admin\Downloads\CompleteReceive.ini

Filesize
835KB

MD5
3856bbb5ba1c4f67ad467ceda08c89dd

SHA1
650650bd4f34a83eba662b27a0123b434520da81

SHA256
61b89a9f1dc38d1cba7277ff15cc7abba5d1dbc6ea8d9800140a3ba4a0df00f4

SHA512
243132e0b17910a613f9d0c2a8d54e8dadad2a2e90fbe82c6c1585aa6531bd64ef8f4eb29816a20309067c0d5c13ff7217e6f4cbdf2d01e745548f40281a55fb

Download Submit
C:\Users\Admin\Downloads\CompleteReset.mpeg

Filesize
770KB

MD5
e9647b81bcd405cbcc933bc99cd0cb22

SHA1
89e52c5ff3bf7fedbe64fe57a8665975c2db575d

SHA256
a2782f85a02b54c4ae5d3d1e97f58f415003806e6092b0af1e546d8451462d75

SHA512
fe6570e6286937216bf94f17e7e2df9540765d093920373aecf781e9cf36515585af65cb9e013ad2e101a2888744d796711d65c52b4fc2ce1cda96989d8f13af

Download Submit
C:\Users\Admin\Downloads\ConfirmEnter.M2T

Filesize
1.1MB

MD5
8d3d8f4a4d09666b2edcc7db57d6e5f1

SHA1
d8d7e1b64a3bb8dc4721adcff6553c8947760149

SHA256
a9df79a90fce70d37f3a65a36002a5a49c4b12e156430b7e7629be0d08ee5a6f

SHA512
73f15fa2f34b7e943e8edadde9d970ba8089939194aedcf3a576f0e12d4bc6939be8fc2ed034232f8b89e4e1e63c6520ccd02b90baa0f79f48a978746e79f405

Download Submit
C:\Users\Admin\Downloads\ConfirmSubmit.au3

Filesize
1008KB

MD5
8ea271f3059424f5591bfa36cc6c878f

SHA1
288a5fd41c703ecda394164ebc2672532e11f4d4

SHA256
8e76c8be988b9e65c5db52f814ec634968b1336005e19506d77e946db20a5107

SHA512
9135171b95672b1c30114f1ec065ab15c1620e33dd3add1a08041ab153ce45899feb7a26a83cab6b9ef9619f34b74950557a836bab178775cb5bf2a74b370483

Download Submit
C:\Users\Admin\Downloads\ConnectRead.mp4

Filesize
856KB

MD5
fd3c2bf4dd0b75311a1f4041feebdfea

SHA1
0eba3a614d0913f4dfd0b082f0f767c78d7fab3f

SHA256
5aef856e9c559cb67ca2b4429f07470a430ea072460d2cef10ca2f9436a2aa94

SHA512
fc5b3b3b2b0b990cafe86c47662ea341e67db391f557cb42401cf35af1b0101a341adb33443f75681877671b6546d0703e0b4fc2d52dd40f26afcb99dd297dc7

Download Submit
C:\Users\Admin\Downloads\ConvertFromPush.docm

Filesize
401KB

MD5
0b91011fd23e5aac9ebc046f4185572b

SHA1
ff7ac57a9f111ac71885762ee431a986bdff8f58

SHA256
110b18f45c4742484926cefb551d0b7a7a397d7fdd9a5a33f3bbb3646b0db40b

SHA512
e3668c5a6856d678afb52a0fe065b1c16cc726cd716e0d7eb4997dfe366b38b4de32a77eb11497883bbb96a7adc4725810c719944d8d5d2afe3af0bb081d7648

Download Submit
C:\Users\Admin\Downloads\EditConfirm.sys

Filesize
1.5MB

MD5
27d997f9e98f30fffcaf1e4dea7b7e5b

SHA1
ad5c1fdc466e7cd237a5e2e0a74a52a5bf932b01

SHA256
1c5c772fa6848e52289bd59abb747b7adf5599f867655414c9ef0c523817e731

SHA512
3d66a007a478161a6990bc08685f8b2c616dad504d8a7b61c42dacb41237cdf339c6c47a6ffc3f34b8f504e86fb70ae36f3017b6563fce451d2e042cb1654f1a

Download Submit
C:\Users\Admin\Downloads\EditMount.wm

Filesize
900KB

MD5
9b6596b229d772b0f382d020c1da0d3e

SHA1
cf57b233d67bc7d9798162d18b5f50f330cbe6be

SHA256
4f127b22ad0d6e14b24419c72628bf6661c1efe95b41c7a97d8b776eab35562b

SHA512
95369952ed1ad53d1dc1acfa3c855eed24d5b6ec6370f8bfffe07fa5d33d318ee3529b9996ab19dbdfb35343e753c98baeb9e605d7a2424a5d38993157949083

Download Submit
C:\Users\Admin\Downloads\EnableCopy.tmp

Filesize
726KB

MD5
3a18c2bdec6998e83100b743002e5bb8

SHA1
49a681cefbbc52c4769ab983f3e25673434fedf7

SHA256
ec34c230ac5c9e7e26c3550292f7fce4171ea8ad3388c60544f766ab1cfeaa5c

SHA512
802dd13eb5977f4f82629ede3f95eb273bc757602e8903bcea3a8c14c084aed4c309117c723e7de0bbc4f1d86ba50259ee9c9687b806ba30903ef5fea7ad5210

Download Submit
C:\Users\Admin\Downloads\ExpandPing.vsdx

Filesize
422KB

MD5
ee56977f7de5d886b18904db61cd09cb

SHA1
477d049591117771b73661191e56276a87869c83

SHA256
6161f2dc2a5be72437ef5525b0ea3d28b3ae8234fc54a958208066e75a7780df

SHA512
1c4819e8542e0b706590e26db166d50bef3293db30046811a9964fb169749c1592fa8387eef3144c63cbdaba6a51082cd73726b43dbc6e1764ac019a6a38162a

Download Submit
C:\Users\Admin\Downloads\FormatNew.cr2

Filesize
704KB

MD5
ff6c5b9bed28c7565bc6c8cb8616461a

SHA1
77f58610aa948b787b50932fa3a72eb0b0e43aa0

SHA256
e4bb2a3d42dc681f9f76e3d406a406da9cb6faa4283e7f2725d38e0d34e363a9

SHA512
2ca5b48a3f7215e72837883334ee8294777f3c990bd8d420bc22c2a212d2cedf453ac5130a67c1050a74a23aaf7f3c03162d74bf9c26502aa1a63fe5e2024a18

Download Submit
C:\Users\Admin\Downloads\GrantSkip.MTS

Filesize
1.0MB

MD5
9f1b95716a0930dbf7a74fd9c934f819

SHA1
d920fe41d454859fd1bed8b1054f5cb7b7b79e46

SHA256
c6b87f62024e29617d99044463b7b3315a897d0c0d4c0a325f97b69cca0a0f23

SHA512
c3db32a862bdb04c7d81a7a021aaeb10ed3e0787b7a1b040096b9521e4cf6db1439ac73b90d7c96eb94cc8dbb2bb523040e2b4ae7251658af239cd4830253752

Download Submit
C:\Users\Admin\Downloads\HideEdit.xhtml

Filesize
791KB

MD5
d3467692877af963742e2c63daa444df

SHA1
6d1272e969a794d9c977274ebf928943dc0465e5

SHA256
ad7b92a6f1c9e96460252f687962d97269d23d98bd813c4f7811d9253047df24

SHA512
a815b7afe81e02298a79fa707b2417e3d7b7f3d48ecbb5298df40a768932de110f889ede1830905649bf568c89868c0205740fa67bbe145dcd3d8eb67772071f

Download Submit
C:\Users\Admin\Downloads\MergeRegister.ADTS

Filesize
878KB

MD5
d239d7360b0168eb8decdb97661f744e

SHA1
f0d00b6a041a8b813cb5f0b9be3b268a7f6d05ee

SHA256
85f1dda1d0365317b399baa2a6af8fa4dc09dbfa9a7effffea4bdc562561fe56

SHA512
f56fb583c59cf6de76be4e2015803cbacddf3c1a807b3805ddfeaab77e93432821eb9408bb445fc607d7687c251ee908f7d0666e2941c88e3743f54564d20d9f

Download Submit
C:\Users\Admin\Downloads\PublishDisable.ods

Filesize
553KB

MD5
baa02bc7048b72857b5bdba8e158c0d3

SHA1
0561c01e0ee3399c1ef9aca20138c33b610b781f

SHA256
b25a628f988f5c87014457c6699dc8c7f1b78b46924275ef0a9b617bfbb3e613

SHA512
c8c61467a7f1cfd0ee66e08550600b9ab68a8dc544b6a860c6c37f86477df961d9c5d98fd96f2bd5bd745cd46647c0dde52932597a4d78d41ab7aa22301b2a11

Download Submit
C:\Users\Admin\Downloads\ReadNew.xml

Filesize
965KB

MD5
f0244c97971318b1ffab0dfd79d4e54e

SHA1
c4c46043a10da8d41de7aa975e814c47a697c052

SHA256
17b548d4208fe12afe2409c606f8b4cf308d2c48da7484492e1f37b79cc3fc8a

SHA512
a8bf7df83d9f30597c83eebc528a5f9e6e6109f4fc46696dad574c40de8ad07eb7619dee6a34990208d2b64dd6477880d0aba428dea7ff1652ec2e51bc839c7a

Download Submit
C:\Users\Admin\Downloads\RedoUnprotect.xltx

Filesize
661KB

MD5
8316c8fd26e3411d09da91b30be3609e

SHA1
521554f3be76cad807ea4a5ab2c2c362d5e84b4a

SHA256
df9af7a3c629defba721c1a3d40144000b1c26925eef1980e6262e5987f52700

SHA512
b5c16505fd44d90aa4c7ecd5fd5df1162c6eb2a9d92ae81ab49d43a8b02224456779e54efe3fac02b4c7b243761b503430e32c8a120a388d272e0f2f79f61b37

Download Submit
C:\Users\Admin\Downloads\RemoveConnect.mpeg2

Filesize
921KB

MD5
4e0f98fc4e8506aa5acfbcd6b10b81f6

SHA1
5e2036bcb409edca984b192b3db57512bb272ea7

SHA256
5ee9a3ad9159f614e82da975aafef0927dfa10dd69afcef359fd4ede8a522d70

SHA512
2b94efd31055a51c9675fbebaa4fd95f7f76ed9ab332c4934c90eb4d819891ecce2d4a673536556700f19e96f4c3f8b69cad7515dfdb3d23be7d6337fc5f4842

Download Submit
C:\Users\Admin\Downloads\RenameReceive.mov

Filesize
596KB

MD5
0f1a462549241db3ddaa1e7343d13c4d

SHA1
a0a2a879028a9124ea275fa0dd7f3f03780fb14e

SHA256
403993c3b121e45779a09669cea24905558324f5e395d5de53cd3ca104f569a3

SHA512
353de25c531a65ff8a5b73a38f50e7bb9ed94971d772592ba33e6faa8ee56422dcc80ef1a70eed724f9fa2579c03a6913beaf2a431c34f183c481710b17c9609

Download Submit
C:\Users\Admin\Downloads\RenameUnlock.ppsx

Filesize
813KB

MD5
98e6e1def1ca2eabe09c7677b7828ebe

SHA1
d2496f188c87b6f43abc57e8044dd85482ba0bc0

SHA256
80c69f0c842c05c6193ccfb21b961e5a91d740d06ce558a03cb86cf4429e8aa6

SHA512
ce5cb892c3a617287e0f3d00d03ccf687267f46d42b18ece31a46e53accf8ad7b3864decf5d1d273d93931bf431d1f7f9e1471812c26b89684a7d7a2da8d590b

Download Submit
C:\Users\Admin\Downloads\RequestDebug.ini

Filesize
1.0MB

MD5
02619d64b2cf18dc49b60616772d5b02

SHA1
40b45c6c67a8418e2a00d1d7f983625f0dd0ed75

SHA256
2f47fc4c53e4cbe3901265ae6254f321cde5dd1e5298b0c0c547842989c34e0f

SHA512
e7c8763d4d4de8038302468bae62a0cfdf03aea2732df4c46e9e1c741a632b3b3ed12e0249fd1303920cc11e9d54f48e2193acb093a7b78e6f8f568a23b23910

Download Submit
C:\Users\Admin\Downloads\RequestHide.ini

Filesize
488KB

MD5
85fe7177fc97be68a06f80d270749e44

SHA1
2e06f7d19f6d1ed0eecc2f558211dbd1f11da899

SHA256
bfc15c65d93d318a12b4725fca13354d4a730543615167fb206f256c6c3401c5

SHA512
cce9aec2a356ad5eb95b1a281461d9464b8a74782958bea6c9d1be7e6263dd1f812cf8aae4f22d188c14c2a1b02f852c155d28a3b2973107b3a6baa45cbd123b

Download Submit
C:\Users\Admin\Downloads\ResizeClose.txt

Filesize
466KB

MD5
2e57c389a34454b94c2d3a3f82026cc2

SHA1
9016d77cfd31b8251129f4449da76a92a9e4a878

SHA256
371602110dad10e7c3537547ce87db903ffed92484f10f15b242a1dce05c40ed

SHA512
b49cc3d28215d8a74e1199c94c9144a018cac2596fa3bc503f73bd270250be4918270ee8921353f3b01362310f227c1ca74706d96f031c646337f10987d90cc3

Download Submit
C:\Users\Admin\Downloads\SendClose.MOD

Filesize
943KB

MD5
4fa0842b22c8c4153b6589f00a22d2e4

SHA1
1fe2a99b341a55db72458839ad947951f1edef38

SHA256
993a8debbbec1f0e88e384f2dc8107ec9ebc131a5de21286805299c6f8166626

SHA512
5954f36943c366bed3e0d1ecff74a6d144bd2c7b464f7f336404e8d466a9e8fce9c476d1b52c6618c638fd6d3c5683ef8ca9a6041866948b27ffbf4537697fd6

Download Submit
C:\Users\Admin\Downloads\StopFind.emf

Filesize
1.1MB

MD5
0011a9a97f93cc6976a1b975db0922f5

SHA1
fe9d9cbd1c29b9e5e377eacc69001359cfbbbede

SHA256
bc08086cf75942af3758839f5120d9ff3c22c5751955857e87bc6aa362c59c5d

SHA512
c3b58ae64c2c9d55706a19ba20dac37a35b0987a7f9d91d617d2a4312676c49754de69916991bda2ab22aa63634ab7ec196e42425437093a1b4f6a0f2eda9c3c

Download Submit
C:\Users\Admin\Downloads\SuspendNew.potx

Filesize
531KB

MD5
76921a2bcfc0ed6fea22ca62ae461f81

SHA1
420471660228280e1e76af7468deb42fbd187c66

SHA256
ac04b58978c590239050c48de84b74972f6e419907b8911aa0085634bbf77469

SHA512
1b1bb647ca3a8a2302e632cf6c1ac079d0f1fb44415019e17bdb6f52958af1109d4ad0baf410858827412fa0711be1a7aa4137f2d3e50ba56fa3c0a0cdc59925

Download Submit
C:\Users\Admin\Downloads\TraceExit.crw

Filesize
1.1MB

MD5
dcb62eb00efa5b13bbe5543556a845f7

SHA1
124a9153710b396f4d6248665f30bbf6ec4ee684

SHA256
cc71f3de32b9a47f54de726d42da5197d4627c30987ab61a5727adb2f8ab6de4

SHA512
3ab63ad9c85fd14d0f7600e246bf67a2c0806edc61877b7a7a4fcf9075d6c8283d616fe7aaf1dc1d39b5cff1db3c1f4a6d7e3bf1c8569a55287c54ec4d34037c

Download Submit
C:\Users\Admin\Downloads\Upd_Xmas_2.1.zip

Filesize
32.1MB

MD5
19955dbb36cbd5ef70cd988f7ce915dc

SHA1
8a5ae0aae9f91c9be3268dd43036798b52992179

SHA256
b698c9828faed106c61e24d3e1d91c9db521b19ae2793265dceecf5f1c285fc8

SHA512
95904813d8ad634e4452ebfc246e4e3dd8eee8a6b3b62e0c4400c7f60a669bbd9a6af8f63fac51a50000fe3f330d799347a859c087a7718340d34083311a7912

Download Submit
C:\Users\Admin\Downloads\Upd_Xmas_2.1\ExilePath_2.1.exe

Filesize
1.8MB

MD5
83f32291705cd4498a10f21c3461c737

SHA1
4c1acd1e1b3fe6cf70340be991f6d29a0e52d901

SHA256
1953cbfc8265b5e281b1c7a1d1cdcaa2614e2440376b7cc94b3b717c7941b052

SHA512
77d65883b7d4a0b5b316c349e1d245b5a7a6c16594b946e306b39b49a94a88ea0a10827e2f9a3fa803cb048ebddbd6d18a9b2728554e24f91dd5b429d8a0fd5f

Download Submit
C:\Users\Admin\Downloads\Upd_Xmas_2.1\jres\doc\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\Downloads\UseResize.wvx

Filesize
683KB

MD5
3bcfb60dd5d2089d5c07e808a52d4bed

SHA1
80c16d93878f1f02dbbe9bfcce7f2baee8808d2d

SHA256
1fd680b9070e0a3f54f07a59c36ef39f4a9e31aa4fcfe32f3dd4a4b5942a75bf

SHA512
d4c9e3f0406020b3c78c1758b10cb0a13bc8b79efc07ea9b7e2a8dd4bb26f03c0b4e5c0c8778de6a2031febe221b30a504ffc8ed16186b5c352a6ff852be13bb

Download Submit
memory/2496-913-0x0000000003160000-0x0000000003215000-memory.dmp

Filesize
724KB

Download
memory/2496-932-0x0000000000BE0000-0x0000000000DBC000-memory.dmp

Filesize
1.9MB

Download
memory/2496-942-0x0000000000BE0000-0x0000000000DBC000-memory.dmp

Filesize
1.9MB

Download
memory/2496-938-0x0000000003160000-0x0000000003215000-memory.dmp

Filesize
724KB

Download
memory/2496-933-0x0000000002EB0000-0x0000000002F07000-memory.dmp

Filesize
348KB

Download
memory/2496-934-0x0000000002EB0000-0x0000000002F07000-memory.dmp

Filesize
348KB

Download
memory/2496-936-0x0000000002EB0000-0x0000000002F07000-memory.dmp

Filesize
348KB

Download
memory/2496-937-0x0000000002EB0000-0x0000000002F07000-memory.dmp

Filesize
348KB

Download
memory/2496-935-0x0000000002EB0000-0x0000000002F07000-memory.dmp

Filesize
348KB

Download
memory/3084-929-0x0000000003630000-0x0000000003687000-memory.dmp

Filesize
348KB

Download
memory/3084-925-0x0000000003570000-0x0000000003625000-memory.dmp

Filesize
724KB

Download
memory/3084-926-0x0000000003630000-0x0000000003687000-memory.dmp

Filesize
348KB

Download
memory/3084-930-0x0000000003630000-0x0000000003687000-memory.dmp

Filesize
348KB

Download
memory/3084-943-0x0000000000BE0000-0x0000000000DBC000-memory.dmp

Filesize
1.9MB

Download
memory/3084-928-0x0000000003630000-0x0000000003687000-memory.dmp

Filesize
348KB

Download
memory/3084-927-0x0000000003630000-0x0000000003687000-memory.dmp

Filesize
348KB

Download
memory/3084-931-0x0000000003570000-0x0000000003625000-memory.dmp

Filesize
724KB

Download
memory/3780-914-0x0000000003800000-0x0000000003857000-memory.dmp

Filesize
348KB

Download
memory/3780-921-0x0000000000BE0000-0x0000000000DBC000-memory.dmp

Filesize
1.9MB

Download
memory/3780-919-0x0000000003510000-0x00000000035C5000-memory.dmp

Filesize
724KB

Download
memory/3780-916-0x0000000003800000-0x0000000003857000-memory.dmp

Filesize
348KB

Download
memory/3780-917-0x0000000003800000-0x0000000003857000-memory.dmp

Filesize
348KB

Download
memory/3780-918-0x0000000003800000-0x0000000003857000-memory.dmp

Filesize
348KB

Download
memory/3780-915-0x0000000003800000-0x0000000003857000-memory.dmp

Filesize
348KB

Download
memory/3780-940-0x0000000000BE0000-0x0000000000DBC000-memory.dmp

Filesize
1.9MB

Download
memory/3780-891-0x0000000003510000-0x00000000035C5000-memory.dmp

Filesize
724KB

Download
memory/3780-890-0x0000000003510000-0x00000000035C5000-memory.dmp

Filesize
724KB

Download
memory/3780-889-0x0000000003450000-0x0000000003505000-memory.dmp

Filesize
724KB

Download