lumma | hxxps://download948[.]mediafire[.]com/iy187imy2ljg1tzMUEnATVv2SKSwmnhBAn_PDNpwxVbIzzNoQ4B4Inrgo7-asZN8DHXhWw_xeJg85EDMS22l_WP3UEJP_0Vol5QKzJODgeNT5_VIzLiGruMd7YOg40Haf1Q1I8anG1xVyjFcIYsgt-Q2MphrdV3FCr7oataYRtR_dA/lcnb76vkugha3eh/BoostrappersRelese[.]zip

Analysis

max time kernel
306s
max time network
307s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-01-2025 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download948.mediafire.com/iy187imy2ljg1tzMUEnATVv2SKSwmnhBAn_PDNpwxVbIzzNoQ4B4Inrgo7-asZN8DHXhWw_xeJg85EDMS22l_WP3UEJP_0Vol5QKzJODgeNT5_VIzLiGruMd7YOg40Haf1Q1I8anG1xVyjFcIYsgt-Q2MphrdV3FCr7oataYRtR_dA/lcnb76vkugha3eh/BoostrappersRelese.zip

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 2 IoCs

pid	Process
1272	SolaraVBoostrapper.exe
4252	Trackback.com

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
2124	tasklist.exe
904	tasklist.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SomewhereExplorer	SolaraVBoostrapper.exe
File opened for modification	C:\Windows\CardScenario	SolaraVBoostrapper.exe
File opened for modification	C:\Windows\LikesManufacturers	SolaraVBoostrapper.exe
File opened for modification	C:\Windows\HoodRoad	SolaraVBoostrapper.exe
File opened for modification	C:\Windows\SkThong	SolaraVBoostrapper.exe
File opened for modification	C:\Windows\CountedKong	SolaraVBoostrapper.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Trackback.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraVBoostrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\0\1\0 = 70003100000000007059f29d10004150504153417e312e554e500000540009000400efbe235a970c235a980c2e000000f1ab020000001c0000000000000000000000000000009fea16016100700070002e0061007300610072002e0075006e007000610063006b006500640000001c000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\0\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\0\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\0\1 = 5c003100000000007159c45410005245534f55527e310000440009000400efbe235a970c235a980c2e000000edab0200000019000000000000000000000000000000b2919a007200650073006f0075007200630065007300000018000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\0\1\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\0\1\NodeSlot = "11"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\0\1\0\0\1 = 5c003100000000007059f29d10004745542d464f7e310000440009000400efbe235a970c235a980c2e000000f7ab020000001c000000000000000000000000000000b7fd15016700650074002d0066006f006e0074007300000018000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\0\1\0\0\2\NodeSlot = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\0\1\0\0\2\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\0\1\0\0\NodeSlot = "13"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BoostrappersRelese.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
1344	msedge.exe
1344	msedge.exe
2324	identity_helper.exe
2324	identity_helper.exe
4444	msedge.exe
4444	msedge.exe
2232	msedge.exe
2232	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
2176	msedge.exe
2176	msedge.exe
3704	msedge.exe
3704	msedge.exe
4252	Trackback.com
4252	Trackback.com
4252	Trackback.com
4252	Trackback.com
4252	Trackback.com
4252	Trackback.com

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2176	msedge.exe
3704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeRestorePrivilege	1864	7zG.exe
Token: 35	1864	7zG.exe
Token: SeSecurityPrivilege	1864	7zG.exe
Token: SeSecurityPrivilege	1864	7zG.exe
Token: SeRestorePrivilege	1488	7zG.exe
Token: 35	1488	7zG.exe
Token: SeSecurityPrivilege	1488	7zG.exe
Token: SeSecurityPrivilege	1488	7zG.exe
Token: SeDebugPrivilege	2124	tasklist.exe
Token: SeDebugPrivilege	904	tasklist.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe

Suspicious use of SendNotifyMessage 17 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
4252	Trackback.com
4252	Trackback.com
4252	Trackback.com

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
3192	MiniSearchHost.exe
2176	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1700	1344	msedge.exe	77
PID 1344 wrote to memory of 1700	1344	msedge.exe	77
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4824	1344	msedge.exe	78
PID 1344 wrote to memory of 4556	1344	msedge.exe	79
PID 1344 wrote to memory of 4556	1344	msedge.exe	79
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80
PID 1344 wrote to memory of 3380	1344	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download948.mediafire.com/iy187imy2ljg1tzMUEnATVv2SKSwmnhBAn_PDNpwxVbIzzNoQ4B4Inrgo7-asZN8DHXhWw_xeJg85EDMS22l_WP3UEJP_0Vol5QKzJODgeNT5_VIzLiGruMd7YOg40Haf1Q1I8anG1xVyjFcIYsgt-Q2MphrdV3FCr7oataYRtR_dA/lcnb76vkugha3eh/BoostrappersRelese.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff989cf3cb8,0x7ff989cf3cc8,0x7ff989cf3cd8
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1636 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1188 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6788 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16466067593894228319,6172054690604719484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
  2⤵
  PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2496

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BoostrappersRelese\" -spe -an -ai#7zMap21581:98:7zEvent1554
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1864

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BoostrappersRelese\Relese\" -spe -an -ai#7zMap13043:112:7zEvent7439
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1488

C:\Users\Admin\Downloads\SolaraBoostrapperX64\SolaraVBoostrapper.exe
"C:\Users\Admin\Downloads\SolaraBoostrapperX64\SolaraVBoostrapper.exe"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1272
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c move Recognised Recognised.cmd & Recognised.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3564
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2124
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2128
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:904
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3012
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 484968
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5044
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Ratio
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1144
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "Forgot" Maui
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2928
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 484968\Trackback.com + Face + Terrorists + Thehun + Closure + Roller + Reception + Nested + Wichita + Casino + Clicking 484968\Trackback.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1252
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Powerseller + ..\Pn + ..\Accreditation + ..\After + ..\Continent + ..\Risk m
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3752
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\484968\Trackback.com
    Trackback.com m
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    PID:4252
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
1KB

MD5
c6150925cfea5941ddc7ff2a0a506692

SHA1
9e99a48a9960b14926bb7f3b02e22da2b0ab7280

SHA256
28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

SHA512
b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
38KB

MD5
95e6768c4e484c506b1e6710ed7f1577

SHA1
7e323d353b0ee29f0093a021f05cb8488b58308d

SHA256
9f296e4c817337c72d7bacea272cfdc901847b8a50db158bc7135bbb483fa05c

SHA512
87180930635ad1a7a70375ba0e3298ea5a403f821d2dbb9b0a3eabefbe21aa228bf7fcdd8ac5e7503ecf1a346e75f9d5cfc49c0e3d477dc83a14947ba8432252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
81KB

MD5
498b3dcbddf074f6bfbd65c440d1267e

SHA1
1ee6e82d434ff8c858197f1af57074daf8a52fd4

SHA256
f7e904c2bb5cb74aec2f0774f88eac8407c2192e994099e55e6195ff26917d4e

SHA512
8888cfa3a50a30fa5d9272a6ba5558dc3277156712ae42101a7bc365cc2795e95b07dfd04013ac6376bfdf2cf054ab7b084ef9f8ce1b8bdbfb85bf5cadada9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
3fc34cbadf40ffc36f9ed87b69b1ce6f

SHA1
4896be77b4bf6c8518a9df9135923912da51b982

SHA256
f915277f4f31295c22100f7b251e44ccc5e19e3e9cc557208132b2994b83de74

SHA512
3d87a7dfde53218f0f352f31c4ba713f88ee85a60ed6f00f46ee355dfc90c7a13fdfa5ecaf50aae501582b7f1b1a0e6a86aabb03e5ca5d8fc697424960eb8610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c5cf413996b5f9b2f01c7a4f94d21cc7

SHA1
4fa5fc15b6e3b2bdabfd735eacae9daaa7830d1d

SHA256
5855dde9f999fb69b5bbaf3ea4fd1b5b77cc62aeb54ea5bc08054c67cceb7684

SHA512
bed949755c2d152d2849cb28539291b07142177e28f5a23e90c391f7e86c7cf9e7bace7249184ba12f3e0b32c8338b3934e9bf94cf295a9b365821a8252bb422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e47d5ba79b6e777c23493b02cec6478a

SHA1
c3f91ee4146688c47cbddf886d3a3572d3a0d823

SHA256
0aa870ad7962a4c171e878623ef0e90983cfb205bc98f50cf899d80ad6fe4450

SHA512
855fdfb3d39b26c628eea3d75db85d82d092e4d017f178f8849fcd8433c85c2f82e5e3870156777a9e9ce5983028d5227ade6fd0d123d5c90405b670c128c54c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ff751ebba956a244240d271c37523bf9

SHA1
6e5dd50de5366a88e0c686393311374e694d12f4

SHA256
df3d01945db1369d11233af0d89cfdc466bb09dfb701c18683cf93599277d4e2

SHA512
5112b36576f6c2cf453995a10a054f74233c69d03e0c057e54321e19c3f3d5d7ac9cdcc8b54ab24c071372fb54d7e4e0890c6bc4346ba4ed87f20cd2076aeacc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
592cbd7d70830fcac871bf7ed1c9bc67

SHA1
03b9e14df3bebd8f8e7dccf303a0a66db0229680

SHA256
e91d74d1eae929da26ba69d02afc0e2648b40aee4923b5457c86268a604db4c1

SHA512
367cc6f3383070ad0fad89c620b9075d83fcd6903a0a6d000cb4c0e343ab02e852b3979249c03791404340f6db96f4cd555bca1f0e77d8573b5282c9ec7d821a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3a58c0bd97618fa56657bb9619e9e6d7

SHA1
e5e0cb456f5ce7b2b512992d096d3f93afd7a34b

SHA256
8a44fc807d8f09742fcbdc95f47c8646ceed100f8ef3409f8fbc25b510094b04

SHA512
846febf90e7a29773f409262dac0285130ce6bf088e96e1bab1c9e19f56df040bc4cb2a590099be8d68babbe44bfdefd5fec6c1b1cb22cccf80a574fb2138d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
649d19ba4ab3c8ac306821dff13697ee

SHA1
65677cd3838b40df9b7d8eb3e046ef8dd1511f83

SHA256
359eeae160f9334eab39b7ecddb2deb5f2cb2b067cbe7f11cd968a0902cc4952

SHA512
4483a788155cc9e35d9e5cac0c6b902a40d16bbd0f3a2bd24adaa21e883e9f1c64376a5d316f1874fd1fb1cf087478bc0d6f30b45324f6f152260f65af419b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
85c39c74dc44fc8cf65291e6fa70bb82

SHA1
569c434cb23a9dc1ed7f0fcf06e878be713c181c

SHA256
ee8eeb8b1a268c5ca6ca1fd5533da2d11388e41e896af8bf19718fcfcf7f01f6

SHA512
6ef5220919a9e52425ec83d6bb0b0172e40763416152509bfc5679966312371ec817f5a648b39d3d195e7d5fa5e405cf331b4fb314ac9c998cc31ca8491b330c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8b969dff3085c36a6529429978df5cd5

SHA1
aa7eaf5f0901553da117664b2b82605ba2d5029e

SHA256
a49db0c5cdf2cec1456cf8bb57fe6e060dac23aa512a7decbb9f64e8251ddd3a

SHA512
36b37ba79349939ff510ef1a750ab67e8cc2155eae939af73331793ab54c7b7f59b607d961ecc4182f6b9cd518208ca4bfe33bd9be7455b30961092411c8fe15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
587deaba8d0d778f784b5566bccb41e5

SHA1
3a4e853ffaf93d7542d35435c1f93db3b2ff6995

SHA256
239221a223c0c4353f91a95336f6099d62fef0bc74f31237dd8306fade93f453

SHA512
970f698d838d909fe799e03fc0ac04984b78ae4325a37beb1467b2c9a90d292f56723c941314fe8c2354fc8cf66891339ffbe6b3865fa062367b530c42888685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1a51218dd755c4b19f8e21e82e09707

SHA1
9a612d0e697730831e3e7960190c2b9515468238

SHA256
b5d95c48cf374ffe5cf08b1cd51802a2787903785bc20743199b23738acf68c6

SHA512
70759cd1e1913727da2e0d7a6b061a2012f7259505e29a9748a8fd93a82b0e006f464a00fa3bddebcc6ff0261bbccbf19127175e81825f89916d90df4ca266cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6e0a7cc5a7d91c9a2dfc90b7e40820ce

SHA1
07033609002c3a94c8395d211170661ea910e711

SHA256
b0ea9887f63100e1301236007a8fc1097ad24b690cb0bc57657cf6e946d75424

SHA512
c3b4470092356b61fb22e6a9c592d25f80dedb107e151254fa464882f3d9a96f2086f378b2538a17d213127ab847cb1cb5236490ad67850b2a6e2d7ac5d433da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67b4b109ca1611958f40960ef85e15f3

SHA1
b5416716e00db14611aba1088717db49d16fffa1

SHA256
6c960958440c88bb4c5403a62bf5b89b17ab79a7336492588ef205c526893487

SHA512
bb34c30220af637fbe79d09d1ec3349b4c427827ba66e87c094de10616c63023c669aaedbd085f5cac269011b12abcdaed84cd9707ed7bd1bb2684c4dcd1235a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3efcdcc7def3df1140a0c395c55530f5

SHA1
d1e9c3501b2339de2dbb43134c086e87bd6019a7

SHA256
dc7f5edcffdf44410cce26f027e8069f74526fe96219fd02c721dae15be9497c

SHA512
accd7d6d1bfc4f4e4876756537f027a553ec6b8f95f72ad6184e579840e44e23e8f0f2ec9ef64bae971ba28bb5fceb208d751a7980b09eaa5452709b673eaa65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9c2865ede5bca1b6e61ebdde1657a7ad

SHA1
14446aeb9d44246d2221a9339f389826971c2cc5

SHA256
be7461468ffdb9733308d4d0e47b03bf06ef0d4bd4bb7cd9b7bb121aae893bfa

SHA512
0028d989dd94fc8734237d21a87fb3c64072d8882316c5126eb78033276788527576b39735d852dff02049fae23577d3cbc2ce641802e1fec6791a40f4d3c875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fea4409cc91ccec3c8008eabff8c4188

SHA1
2debc40bb479775e31b4353289d9aa3dbce8a629

SHA256
fb8ddb007dd14190c839f618f73495610a1b3d94bbd678b27bd3e7526384e3f9

SHA512
308d1a3cf42bc28af039f92e241ba1c4026b44e3e96451d2494384f21df651bf73262f990b65ac7437c2fbfceb9ac557f7490a1b0dc8e18e2419b1e3ff33f781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8750345ba8e37f7fa5bbd29b3f86acf9

SHA1
f9371034b4b65295055aac8aed987bd324fa14bd

SHA256
f73d13c72df4a8a4c5455b2360a0508d0ec13fb52f3ccf1d1da5d9193667cbbd

SHA512
4ad6a74b80912c755c96f02dfb8bff80794f8c1c7b850775972263678d1dcab759eeb17d174c3501ca2a2d0dcec7e3b02924269eb3c188119fc02c15ca807797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
69aff2d94ccf2c0fad537ae51ac746aa

SHA1
a0fa6a1df32004df91e343be6734cd347e14550c

SHA256
bbca6cc0b1076f727127461f29f62e52ec2ea1f71d9c4e71489c98bce720fede

SHA512
f960c7e116b6de84f783c7e6365c336ccf1e710a72c78f6a090ec584a2d6db429220ec6bf41d633f26a04da1e61c1b42a1c4ec56a86eb553d7c8e5e4fbe96eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d4b1991f6f24ec8e6c8035cd2b7c19f

SHA1
4e47d2c1be07e7a53ad6115c75a8488afebe555d

SHA256
dc5721978182205d3c2b78d0db3bfbadf8e012167a3038e525170bd84fc41cf3

SHA512
455a398b97a09c8f180530e70016d38678c25c98d5c2102c91986e925cad90e5c5819c189f746dabaccdbb25f62474b1aec1931685e2c8b2af71b49dbb6b97d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0bc294b4f00f2a098ddeacfa0857d55f

SHA1
15eef51df04e4ffdd28b8b1f68848eb4cb0ead89

SHA256
47932532f828d2e9ce663d81362e6c6f48cb56a6b20583c8ab461a6de815359d

SHA512
b0db6f701c079b11cd0e2baf636eec2bf58fdf985021bb6c61082b39691246f3d25f99bc1b6f94729e55ad102a5ecb5416d43642855b13ce67a9c2c46b05a577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
28af4f193af6a8e0ce6b454ebc2e135e

SHA1
80a44c0957edea14a9c3f40e87341e74e6d30be9

SHA256
f044dfd2af262dc608df1237934c7c46ffee9738cc58599fceef3f71cad6d827

SHA512
899e51953bbd76addaac9bdda89139e57a8e66bd0f4d9c4cc4fd2d7c35b479135ec9e1950803760f400f43f0cf5cb4893d2313d7b8f5a2fc3addd4ed75805a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5806b2.TMP

Filesize
1KB

MD5
007400994f45fce7984987f11ae13351

SHA1
435010cb4dc632265ad0450c09b8b447f8f10b96

SHA256
fb2d2b5288c9d7072c910b248a126742f4cd626a57392ffd2af616f89c8b33cb

SHA512
c5ec5bdc9528436dcc08480c3086c413b9188aaa75db09c49536e6c311e047b91a8454ca3719e77291c280d27c14bf3967ed6cd15ec26e39c5fd2db93ae34041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6044459b78dd84755301574ab342ddc4

SHA1
5cf4c841982d7e17d8b950ea370cb66b08f20df7

SHA256
c5d6c1ee716e94e7b5581dddc3007e22d308ee082f85a220eda7225dc3314f6a

SHA512
e008bf450ff5b85f17467d570abc62b0752f4c903300504505a46295b766b60822cff7c8f00a0e47544bb7538af16c8f5900d84ddeeaed6897a5789d7370b31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3ef4095e68c81b86941c36dca17fe5d7

SHA1
40acd994f6252a5d4ed510dfcb006ac8655b4f96

SHA256
47520a0bb33486c653620391602e03d5cc2dabe1b4367a8fad5e7e8a6298d2a4

SHA512
71b001b0905660a499151873aa238649787278d4e865c0d90e9cf6177f246206b0cdc9a0ed327fd4b64acd182d4fab09c59c933efbc609ec781bb6d133e99de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d174dbd22477b65e1b5e5776a6abe0ac

SHA1
9f9b6f1e9cd2be9624d04d1ae2d7ba5e076c6d98

SHA256
b07eeddce10146ed5642e9a9d42b46c5b6ae582f5587c7c36cc9479834fe06ab

SHA512
b8f7d4cdd9ac4b7071a13d7d952f12bf25543e7d579fd2f2f866be9b375bad1be11225523fc58eb6b4415cf13a80a5531d0c9c7e53d960ca456819686c91b593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
37e127252782ad6bee8af49f89af37ac

SHA1
d1b372758d902857d853ac073108c2fe5a4f3a2e

SHA256
16e417207df6b7b02ab14f28a30246c61803f868450835cbe02882b6237a84e6

SHA512
ff3cb7c0b5c3be3756f00d78ecbfd57cb8378692497f691d8c9d32a1e6795501aaae8059451cc6fe6f555e45231a79a8232e1c5c58c361049ad04133e03e108e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
514210ea5a9a76c3ee44b856e940ed18

SHA1
e753785e6d90c22539d1ed2e344e295e9201f858

SHA256
8695636fda2f96ccca7815abc1737226139c47aada36e5b3a4fc83bfa1a2e53d

SHA512
4807562653dd15c9cb09fff3cf40e04cd6b751f3f1c2f500665f2a08456a89c0ed2f042c5dc7cd2057b0280ddaaaafe87b6fb9457524c88c0556dde38f16be70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ed567993ef9394cf13e1e7a52bddea4b

SHA1
f472def278ab7af4f81e7161da4a994c0c02918c

SHA256
b2b1cab21a99f91c3e8b94131c2e53eb5cbf38776019161908265d901b7e993e

SHA512
167c71a11b2c402598bc487ff346016a5bacfc58f765e57c53f7363edb0fd30d39eb4a72957752a4f038716d79a05c76fe17e500e6d75e83ade2116b5d7fd30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\484968\Trackback.com

Filesize
854B

MD5
88a3b03e13c9c4f5f5d8bf523c571819

SHA1
160f7260f5d7b13f4159bfd66e1596bfd5f81ffa

SHA256
b9d5b1f216686bf0fe3103d6ff7e51232fda59c229c8642adb634a7e2f25d695

SHA512
0c648a181d18fb81922b7d1cc86978952a1c260ee2f39d10dc3f47bac4e07f54786685985bf37702fcb4ec7704807668330b5c26c96499be1399786e65e5582f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Casino

Filesize
119KB

MD5
227bf9bbec8408a10b1a4a289ba77401

SHA1
86cf90b141a11ee7d27bea1807dc959aaae5f583

SHA256
a5277b8fa9b6f77ca6431d5c32f15f317c52f1efb7f88dd8521a585d902586b4

SHA512
a5c79ec530f449479cb138061f8b79a5d9d79d9d7bb854461059891c230a43a9c1843201cde47bf90e87fcb500ff31d98bfcedcc57079158848494f18a812c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Clicking

Filesize
58KB

MD5
76f557310c653be04b4f805e0c6397c1

SHA1
7e7fe5eef7b32f4455b6968c5e970eaf88da15d2

SHA256
c87c041619d47aed9b511042f2b4d6fba3862dfe6206818fa4570ad5a663aec1

SHA512
d9eb65aecf654d317566615c9176ab814c05ec5394aef942f8f13506833bb94ed669cfd8988f3821afd73b2b415d3ebe421f761bd50f98d5d4a7542b7b0d81f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Closure

Filesize
58KB

MD5
2077269e8ec2aaa990d23f0647dd4eed

SHA1
e2795853dba57687b71bf235165fb16eabd4723f

SHA256
3c5323eda19b2fafdd64a38ec9d9018cc8deb089fe9536398678777fbae8c8e4

SHA512
ad85ca9163a6a06e3a5199efc51890524f6ba1ee9054f1315b3629467784d10b66489332997b8688372363c0d57ac44c71a86e5aa0c5b651ad568badb49de49a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Face

Filesize
53KB

MD5
6f640def208d9e8360bda93298464fcf

SHA1
00b920245f01e6fb4c9cc11af17f074373fca79b

SHA256
f3393f291a3859b1eee2c7c3633bda2117feddd81540e0df92bf50cb04468c66

SHA512
aa712dfeb76e5b1c745059df65f46cdceda9a6c6ca1a2519c539d64bdc762bccda59f1cd58b5499e773d89520443b9364ba56b09f7a1d955b0b1e6e539aeddb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Maui

Filesize
860B

MD5
20514b7861da2bda60ab3e5457c55a25

SHA1
d088ba8f1d59357d491bd3c845314240a0dd1e4f

SHA256
a16dcc3dbeafbcadb2f63140ab693cdf23ce6e952a723e87af3de5d95e69cc87

SHA512
bc2fd3209fbf3af101614f7df8b9199efa16f10d498ae5226a148db2d7dac2ff04dd8c8880c35be020f1e4ce8e57098682502162b656a7ec55b8c17e81baccca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Nested

Filesize
91KB

MD5
9d13f05b9a71d8dde2e77812714f89be

SHA1
cbf85b87fe308c764d7c8c0a4b0055e0b29d1e7c

SHA256
c2683a6e3197d6524b212d53a5df1244a06e40056f7b79ec0733496f96f8fc18

SHA512
2884e6653e971366993453318fe102231ff3180d77d00d05374d7a45c2863e4fa9fadad3949f59de9c8282ea086cd201e10f96a13c8a9941a7659726f6b75d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Powerseller

Filesize
63KB

MD5
085b6cac39e894bd415175322c5c70a7

SHA1
258db05f3be1d0bcdeaacefeb392f5a29ed99353

SHA256
cf04190c6b7609df58042c6b603eec15ff543a1c815a66bb0f09b7ec95e6effb

SHA512
400331e5ccb51bdea7b1e7af1c84af741f07464ab90094869ae51fea88db9461a80769fe6ddb789a0be423da9dc903e9bc979509c72e5490846dfaf265f7db21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ratio

Filesize
477KB

MD5
d3c0d6cd4f80f6509ab2f8963488f3d0

SHA1
ee272122bc647d5bbd6e21cdb97245d5a1dd0763

SHA256
d5a172c7ae8f88117495c09d1bf3a469981ac5a540d082f9e39b0f39a1d5ca3a

SHA512
fb0afe20dc9b0b027cab3997b23772379c506afd5f7934e6108c59143611b187323808fb27d3f5d05377c6c3e49895440732841dcae39d2117eeaaef6b820e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Reception

Filesize
118KB

MD5
21038b2994a294b39e33cc501c1a05ee

SHA1
50c1d712ed63fdbf187f1d9ac9addac3503a976f

SHA256
20ce780c417f346622d0476e9aae17c62324397a5fda7c5f8dbc8ed9c71fcc9b

SHA512
2ef16b3945541d0fa39fc1d3da4f6f3748207c4c68206c70838215d314f84e513d55cf890b410dc30d60fab25c8605dcb898c822c9711035afca028fdf4a5bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Recognised

Filesize
21KB

MD5
e1b69dc2271076449b7fe047ac482984

SHA1
bcab3c731619749fffca84fca4d88756f3452cb1

SHA256
d281f964e56db7bb27148db0fbff842b4e53f123beade2d0e036f82d3a3a854d

SHA512
373c6af2e0a8dd1bebf34c4f897f9613a7d2843b07555b4c29420f3ac839384cd04b581529fc8e0cd16807442ba1c5e601e2f79cb132f8c284b09b9c4a9c7bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Roller

Filesize
141KB

MD5
fa81f3538e7caf8ad17d26969d8d87ad

SHA1
5b06ff33e4aea6c59dcb6ea034ac085aea25774f

SHA256
fbc991e234bf9c4b48514cdcd02c2646e65203d4fde35c22490806e869dace4f

SHA512
2ca23e42a13676ad4e87f12b8c8d195d729c86f327c5a5fff317fe78f9cb9b7ef5c8c1982f53e1111fb8b46230569fc4bb287ac94dc0437c99ae669b4932fd1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Terrorists

Filesize
64KB

MD5
1798c08ab7269e5dc50d97fa0fe4c1ce

SHA1
bdddb294c0d6792ebf3f3b9e4f4db2c2b95b6208

SHA256
5d4c0d897ed74e744542a76b03d67c292e6c28da120655472a2639abeda68207

SHA512
02883fd39426160aecb8f0507e9ba8a8015f70476217cce3a536270a574255f621616b0c2995d45cd41b726295b01ac22e777146462469f8cde78b84d35264ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Thehun

Filesize
109KB

MD5
7ce7c4ea5d8e0b48d5400093db7d6310

SHA1
b9d27c9f6349a24e9a163ff8e52f5b937be21758

SHA256
bc9279f5bdefd7b37e686f3347ee467661b9f68ca2d220630620416869780ac4

SHA512
0484767d0c8cb58221fda088f4202278b169da812c41e25bed66b3dd3ab4427d3cf968db3e7f20b6895eb3d1e1ff7a8a1dd490added2b9cac0600d30bea6ab07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wichita

Filesize
113KB

MD5
d77a611d6b2a51a697a734dc7b0fc795

SHA1
106d523c59f63d6ced9391ad9d48891b75f63643

SHA256
e79eccddd759fc7247b2dd2ec942e1ed52ed1ab9eadf897c172c7eae25bc5d8d

SHA512
4fe6dfb75d51eb0508019350465c88fe6f9d870a3817dc0614857ca45effe1efedf33a680bb9fb2e3675744bc3db14981052d630f1f551108a81dbf406d7d081

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
0c71204dc7dd088aa8f1b279e29d7bf5

SHA1
475dbeb8589312574e6b5f3ca2913b8b80af155b

SHA256
28f655f695c0992c73fa7b02fca2c93b65aec5b8c82297e1be30ed9016eb54a1

SHA512
f10ec78286923446833e4f19900a790be0440885688fe273a811648de090a765ea82ef8ccc062987ec12285e0de608b803671d01358a18dd4504f90845169826

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
76fbe77cbc68f3bd5f0decad25775716

SHA1
2ebc2dea0b2224ea73fb5413d94ad38218122bf3

SHA256
8d59129db45c9f234318144380c9d167d89a9faa8e2a6aede9b5a3bcfdf650b6

SHA512
1a5d850914bd033defe42de3a333c2a7497927a07289258acd5ec08e973b4ed45030b0f299d6da5bac16ad607ed471b3db52a5c9676a532ecaa0836682618230

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
5fc87d21f6b39eb897b4d026adbd5f75

SHA1
cf9e78a3621e47b261c93ae1dc1178922de9c059

SHA256
4f9d8664c250c4f405880452f2bca267a6dc52b4f720f167a5adcded8caef7fe

SHA512
c2e21ec263d08a5f28e8f8a442203a61ab0c6addc28fc77883ab6f8e974615fa08a39292a3de1d53993e69955acce24c6b383c5e575435fd339a316c155758b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
cfe8f9cf03253928fb8216a2e529bbf0

SHA1
47e43090ca5e2fa9ffb3f3c3037d9c0da4fb30e1

SHA256
eebe023659f102ea4faa72d78cd9fc4d533ba659f96ee9d4db715aa26c14353d

SHA512
bdb1927df81bddc5256900bd8fc550a6aeab9d75c5d0920e5a73acf95b5ed00684a138a1356d647cc1ba930085d572657fe4c72ff750e30e26a5b38b5c4a1438

Download Submit
C:\Users\Admin\Downloads\BoostrappersRelese.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\BoostrappersRelese\Relese\SolaraBoostrapperX64\PodD\resources\bn.pak

Filesize
780KB

MD5
cb203032925be270222dc2c20fe771e2

SHA1
2f2f20bbbd07ee01cc996247bd9c2f40037dff80

SHA256
297d52b252df0912490ddf26fa58706895e70c2a0f3f09d0dc756706720095ef

SHA512
052be75c51051949c84216566b462733b61026ba74e212b000cbed7d93cb852e74ae83d64d2eaadc3093af4265b6783184cf8e0368a75e077d4b75daba40f9b4

Download Submit
C:\Users\Admin\Downloads\BoostrappersRelese\Relese\SolaraBoostrapperX64\PodD\resources\el.pak

Filesize
664KB

MD5
8f5a15560710db2af852512b7298b93e

SHA1
30a13ebef10108effbad8c24b680228660658415

SHA256
bc07e403272a4d65305fe24a827404d7b931d01cda547f8c07a840d19e591430

SHA512
e3cedc0eaa82b10a68a40aca8ec1379a6bb924766e1c5abd97e39c621dcbc195d6c1ff80921c2320f0f1c87d160bc2a6258108399876339e5104f98d90a861de

Download Submit
C:\Users\Admin\Downloads\BoostrappersRelese\Relese\SolaraBoostrapperX64\PodD\resources\hi.pak

Filesize
787KB

MD5
1185163466551aacae45329c93e92a91

SHA1
0dcbfed274934991966ce666d6d941cfe8366323

SHA256
eda355e3785313e3d982c1d3652266dce1b6e08832056fe58854b825e0712ca5

SHA512
6fad3e24eb868acf78db0591c7ba77abc84e92cda28e8bffee435ea89940a8607e7628c6c5159349377a8d933f373db2dfa4e5715ca404bc3e67fd4a0f22a606

Download Submit
C:\Users\Admin\Downloads\SolaraBoostrapperX64 - Shortcut.lnk

Filesize
1KB

MD5
1e20c61d055a7d531591592d0e7cf2bd

SHA1
c583008fff8103283d216dd9d1977ce133247cee

SHA256
14cee8b7200c82ad0b64d6d09cf5600dd0a6a90ef386271371c8be0cf310d37b

SHA512
ecb20de276f54a01759bb9a8ad74284875ba6ed53254272ff8d32663b76afc23a87d4d35896924b49749c6143aea06b4e2fbd8e8fb7797a6d74b2d5c829de665

Download Submit
C:\Users\Admin\Downloads\SolaraBoostrapperX64\SolaraVBoostrapper.exe

Filesize
1.1MB

MD5
1c8f61ebae1e301d9b521e2e4661ea71

SHA1
e4419155b9e29c822bb82430222a466f8d18c979

SHA256
04cb3fda38692e884e8782a79b4b431cc2f50a3a0a7bd4c368f35df4b536e6ac

SHA512
c09777c8d426b3320c2cbe828b20dfe516773d28a8f24f8c1e58ad1bbcf838cbf3eaa6b0960a0ea2b939d1beb38c9a321681afe24cd49878c9cca9563c75bb50

Download Submit
memory/4252-1250-0x00000000040B0000-0x0000000004107000-memory.dmp

Filesize
348KB

Download
memory/4252-1252-0x00000000040B0000-0x0000000004107000-memory.dmp

Filesize
348KB

Download
memory/4252-1251-0x00000000040B0000-0x0000000004107000-memory.dmp

Filesize
348KB

Download
memory/4252-1254-0x00000000040B0000-0x0000000004107000-memory.dmp

Filesize
348KB

Download
memory/4252-1253-0x00000000040B0000-0x0000000004107000-memory.dmp

Filesize
348KB

Download