Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/r...

windows10-2004-x64

10

Analysis

  • max time kernel
    240s
  • max time network
    242s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2025 02:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/reah1jsn/L1GHTSP0OFER/archive/refs/heads/main.zip

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Loads dropped DLL 10 IoCs
  • Suspicious use of SetThreadContext 10 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/reah1jsn/L1GHTSP0OFER/archive/refs/heads/main.zip
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc704b46f8,0x7ffc704b4708,0x7ffc704b4718
      2⤵
        PID:3684
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:4912
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4976
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
          2⤵
            PID:4804
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
            2⤵
              PID:2428
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
              2⤵
                PID:4872
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                2⤵
                  PID:1160
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:852
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
                  2⤵
                    PID:840
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                    2⤵
                      PID:1488
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                      2⤵
                        PID:4340
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
                        2⤵
                          PID:3660
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5720 /prefetch:8
                          2⤵
                            PID:3580
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                            2⤵
                              PID:3316
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2008
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1923309083405398330,21677739572341382,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2660
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1644
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:460
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:4252
                                • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe
                                  "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe"
                                  1⤵
                                  • Loads dropped DLL
                                  • Suspicious use of SetThreadContext
                                  • System Location Discovery: System Language Discovery
                                  PID:2580
                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                    2⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:2288
                                • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe
                                  "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe"
                                  1⤵
                                  • Loads dropped DLL
                                  • Suspicious use of SetThreadContext
                                  • System Location Discovery: System Language Discovery
                                  PID:3780
                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                    2⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:4592
                                • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\GetInput.exe
                                  "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\GetInput.exe"
                                  1⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:4024
                                • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\batbox.exe
                                  "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\batbox.exe"
                                  1⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:3176
                                • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\batbox.exe
                                  "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\batbox.exe"
                                  1⤵
                                    PID:2136
                                  • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe
                                    "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe"
                                    1⤵
                                    • Loads dropped DLL
                                    • Suspicious use of SetThreadContext
                                    • System Location Discovery: System Language Discovery
                                    PID:4568
                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:636
                                  • C:\Windows\system32\OpenWith.exe
                                    C:\Windows\system32\OpenWith.exe -Embedding
                                    1⤵
                                    • Modifies registry class
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of SetWindowsHookEx
                                    PID:1444
                                    • C:\Windows\system32\NOTEPAD.EXE
                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\README.md
                                      2⤵
                                        PID:464
                                    • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe
                                      "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe"
                                      1⤵
                                      • Loads dropped DLL
                                      • Suspicious use of SetThreadContext
                                      • System Location Discovery: System Language Discovery
                                      PID:1564
                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:448
                                    • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe
                                      "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe"
                                      1⤵
                                      • Loads dropped DLL
                                      • Suspicious use of SetThreadContext
                                      • System Location Discovery: System Language Discovery
                                      PID:180
                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:4892
                                    • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe
                                      "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe"
                                      1⤵
                                      • Loads dropped DLL
                                      • Suspicious use of SetThreadContext
                                      • System Location Discovery: System Language Discovery
                                      PID:3748
                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:4024
                                    • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe
                                      "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe"
                                      1⤵
                                      • Loads dropped DLL
                                      • Suspicious use of SetThreadContext
                                      • System Location Discovery: System Language Discovery
                                      PID:1904
                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:3516
                                    • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe
                                      "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe"
                                      1⤵
                                      • Loads dropped DLL
                                      • Suspicious use of SetThreadContext
                                      • System Location Discovery: System Language Discovery
                                      PID:2240
                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:5020
                                    • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe
                                      "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe"
                                      1⤵
                                      • Loads dropped DLL
                                      • Suspicious use of SetThreadContext
                                      • System Location Discovery: System Language Discovery
                                      PID:4084
                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:3708
                                    • C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe
                                      "C:\Users\Admin\Downloads\L1GHTSP0OFER-main\L1GHTSP0OFER-main\LightSpoofer.exe"
                                      1⤵
                                      • Loads dropped DLL
                                      • Suspicious use of SetThreadContext
                                      • System Location Discovery: System Language Discovery
                                      PID:1736
                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:3748

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LightSpoofer.exe.log
                                      Filesize

                                      42B

                                      MD5

                                      84cfdb4b995b1dbf543b26b86c863adc

                                      SHA1

                                      d2f47764908bf30036cf8248b9ff5541e2711fa2

                                      SHA256

                                      d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

                                      SHA512

                                      485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      0a9dc42e4013fc47438e96d24beb8eff

                                      SHA1

                                      806ab26d7eae031a58484188a7eb1adab06457fc

                                      SHA256

                                      58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                                      SHA512

                                      868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      61cef8e38cd95bf003f5fdd1dc37dae1

                                      SHA1

                                      11f2f79ecb349344c143eea9a0fed41891a3467f

                                      SHA256

                                      ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                                      SHA512

                                      6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\57313352-04cc-404e-b44e-a9788a881bc0.tmp
                                      Filesize

                                      6KB

                                      MD5

                                      a931bd7cb4927827e828aa6d8016c856

                                      SHA1

                                      0409efa62c997f627861bd85b4d9dd0d274e483d

                                      SHA256

                                      14d00ecd5c701ef7ca0542b91ff360327d5706e0304ef4af7fbad065d6570966

                                      SHA512

                                      e8f571513518b3fb7320e6093fd36561b009b25b484577cb076af7ed38090c75fe87fb2cc071dffe4ab487923b5a07857cc69f45d8c993a86869b08ab04e6548

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      255B

                                      MD5

                                      d11edf9e08a127c768843acea41d0bc5

                                      SHA1

                                      ff1af9b39de4a3f547407fd9864ffdd2bb6c7354

                                      SHA256

                                      217e4d9d1412e45abf7a653f72a5ab8b53bc8fc6f377f52a042668a41abc7478

                                      SHA512

                                      92c3f0def567b0e2f2523ed25eb9d4abff06070b8be744fea4a6678f25f292439d7bc0c8015eaa6281b7f43149eebb3d3821cd6d6436598481113694b11ddea3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      0ed61b4da002f99759b7b6be73df8300

                                      SHA1

                                      d766d85daf714ce12a718a1f56e3f3925253ae8d

                                      SHA256

                                      865ed9bbeca5d86324529aac302111ae3faa62b5d5d39cee2dd38bf45eb4af42

                                      SHA512

                                      a5653eadf3b36f67b7f448b320991e9b5ec5cbc3da0bd1ca6804be76825c2930886b463e3273d38e135d6a2e056dc156f11ae1ee85bd0c9034de6c8d25087819

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      d77b8b79f65efbf74975f794d78f8692

                                      SHA1

                                      d4e97c928b84af8694954c43e7a5c43073d1bb13

                                      SHA256

                                      1e2b60371b403b4cadfe4d86673bab98feb80f8ed82a0450150adba93879f4e6

                                      SHA512

                                      799ca3395c60b034790b975c762ced0e2fc8698558a13f43fbb13ee34ab0b8a0803f337311b4cf8649f97041c0648e070b59b544b3fbb6d74d6d29bd93149281

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      901d1513f6747373b5efe730ca91a43e

                                      SHA1

                                      9925b7c072b2bf6c3cece1aa74cb3889aac2d43a

                                      SHA256

                                      da4a6429e65b9fa21e21e109256ee92b517e52b338c85c9d91d0b26f169828fa

                                      SHA512

                                      2eae573cb0debe8c5eedc13cf65509fe3772f8400e4a23bf3d5c2c6d9bbda705dbaa93a818347f0d6f9a2e276a02d80dc860fed6f14725d5b4e162e2528c99aa

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      b552885eb0ee2b7c3d2b1fc6b0fa6485

                                      SHA1

                                      8c882c562dd8c90be0e77b09fc8bd06da15558fe

                                      SHA256

                                      2b6dc761a67991a5021186be9fbaf98d1ab8c20f5cc3f1ded4b5d866d62dcd74

                                      SHA512

                                      c641825b21033b82d59e3c1f4d266b89b4baec870f331722b7661df6ca0f36fcd42d1ce3e98c5896352a8b70c649a163a673e78a67540c479aa20323b5a36c83

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      de1a805d2c7f5d1c6148b31d1baafcac

                                      SHA1

                                      3ff3c34f1089899e06a9d6fadd14f3c4ba509dc2

                                      SHA256

                                      9ed456d1f04530755c9531525ba9c3b34ec633eb736a9325747dbc48f1b03cdb

                                      SHA512

                                      a98244255783223dd358301bdc088d1dc0d7ec0a8e92f6c6238eb30fbf76dc0f3f472b63e5be01fbff04b7f7c5af03b751f22c13be31bddcea499d2baa7caeea

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\gdi32.dll
                                      Filesize

                                      428KB

                                      MD5

                                      36c0b5018242a87d99e2b5000dfc29ad

                                      SHA1

                                      d46f1ba661e3d18c8b1e7895920368e9bddbc7ae

                                      SHA256

                                      94cc3d303105493943c6cce20473c82eff3942515bfd73df976e802d97be78b4

                                      SHA512

                                      8f10af3f519e2c52539fb79ec16cd82470f25c0863b622030ed4bd59f437c9109caf46d151c18889c4939a44672339d75029c8f757cf7118e759b90355317f0a

                                      Download Submit

                                    • C:\Users\Admin\Downloads\L1GHTSP0OFER-main.zip
                                      Filesize

                                      779KB

                                      MD5

                                      3eadbefe0c1d6afacf633ea984b84e62

                                      SHA1

                                      0144ddd4b475c3c9b7ae8a7c9893c2b5380f3be6

                                      SHA256

                                      4a7b68785058f0cbdebe19e0136e04523ff244f203985c15d0630c7542c09ee5

                                      SHA512

                                      617c611bb23c5bc0d8d3bb9e07345c796a3ad28db4f849d4e07de6dbfa5fa9ab6dd621abd8bedc448807c247539a1b896c5196b6fe4c5df0cd78402f26d6f845

                                      Download Submit

                                    • memory/448-187-0x00000000010F0000-0x000000000115B000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/448-190-0x00000000010F0000-0x000000000115B000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/636-176-0x0000000000FE0000-0x000000000104B000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/636-179-0x0000000000FE0000-0x000000000104B000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/2136-168-0x0000000000400000-0x0000000000402000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/2288-105-0x0000000000950000-0x00000000009BB000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/2288-109-0x0000000000950000-0x00000000009BB000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/2288-104-0x0000000000950000-0x00000000009BB000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/2580-97-0x0000000000550000-0x00000000005D0000-memory.dmp

                                      Filesize

                                      512KB

                                      Download

                                    • memory/3176-166-0x0000000000400000-0x0000000000402000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/3176-167-0x0000000000400000-0x0000000000402000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/3516-223-0x0000000000D60000-0x0000000000DCB000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/3516-221-0x0000000000D60000-0x0000000000DCB000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/3708-242-0x0000000000EF0000-0x0000000000F5B000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/3708-245-0x0000000000EF0000-0x0000000000F5B000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/4024-208-0x0000000000FA0000-0x000000000100C000-memory.dmp

                                      Filesize

                                      432KB

                                      Download

                                    • memory/4024-209-0x0000000000FA0000-0x000000000100C000-memory.dmp

                                      Filesize

                                      432KB

                                      Download

                                    • memory/4024-212-0x0000000000FA0000-0x000000000100C000-memory.dmp

                                      Filesize

                                      432KB

                                      Download

                                    • memory/4592-152-0x00000000008F0000-0x000000000095B000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/4592-149-0x00000000008F0000-0x000000000095B000-memory.dmp

                                      Filesize

                                      428KB

                                      Download

                                    • memory/4892-201-0x0000000001230000-0x000000000128C000-memory.dmp

                                      Filesize

                                      368KB

                                      Download

                                    • memory/4892-198-0x0000000001230000-0x000000000128C000-memory.dmp

                                      Filesize

                                      368KB

                                      Download

                                    • memory/4892-197-0x0000000001230000-0x000000000128C000-memory.dmp

                                      Filesize

                                      368KB

                                      Download

                                    • memory/5020-234-0x0000000000EF0000-0x0000000000F5C000-memory.dmp

                                      Filesize

                                      432KB

                                      Download

                                    • memory/5020-231-0x0000000000EF0000-0x0000000000F5C000-memory.dmp

                                      Filesize

                                      432KB

                                      Download