Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://up-community...

windows10-2004-x64

10

Resubmissions

12-01-2025 22:37

250112-2j8yraspgx 10

Analysis

  • max time kernel
    165s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2025 22:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://up-community.net/dld/

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cabbagebettys.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 11 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://up-community.net/dld/
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4228
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd875a46f8,0x7ffd875a4708,0x7ffd875a4718
      2⤵
        PID:2840
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        2⤵
          PID:4812
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1644
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
          2⤵
            PID:3288
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
            2⤵
              PID:1428
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
              2⤵
                PID:1820
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
                2⤵
                  PID:3588
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1192
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                  2⤵
                    PID:1772
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
                    2⤵
                      PID:3900
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                      2⤵
                        PID:2584
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
                        2⤵
                          PID:3252
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4636 /prefetch:8
                          2⤵
                            PID:4748
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                            2⤵
                              PID:2308
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
                              2⤵
                                PID:2560
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
                                2⤵
                                  PID:1728
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
                                  2⤵
                                    PID:5508
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
                                    2⤵
                                      PID:5516
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
                                      2⤵
                                        PID:5524
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3048 /prefetch:8
                                        2⤵
                                          PID:5880
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
                                          2⤵
                                            PID:6096
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
                                            2⤵
                                              PID:5196
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6964 /prefetch:8
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:1572
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8579258319286898045,15072741242475008348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5516 /prefetch:2
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:928
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:208
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:2368
                                              • C:\Windows\system32\AUDIODG.EXE
                                                C:\Windows\system32\AUDIODG.EXE 0x504 0x514
                                                1⤵
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:5920
                                              • C:\Windows\System32\rundll32.exe
                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                1⤵
                                                  PID:5440
                                                • C:\Windows\system32\mspaint.exe
                                                  "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\Complete🟆Download🟆Setup🟆File🟆Code_6259\PASS KEY.png" /ForceBootstrapPaint3D
                                                  1⤵
                                                  • Modifies registry class
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:792
                                                • C:\Windows\System32\svchost.exe
                                                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
                                                  1⤵
                                                  • Drops file in System32 directory
                                                  PID:1684
                                                • C:\Windows\system32\OpenWith.exe
                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                  1⤵
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:4460
                                                • C:\Program Files\7-Zip\7zG.exe
                                                  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Complete🟆Download🟆Setup🟆File🟆Code_6259\#Pa$$CŌ𝔻e--6259__OpeN-Setup&!!#\" -ad -an -ai#7zMap9560:210:7zEvent28460
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • Suspicious use of FindShellTrayWindow
                                                  PID:3292
                                                • C:\Program Files\7-Zip\7zG.exe
                                                  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Complete🟆Download🟆Setup🟆File🟆Code_6259\#Pa$$CŌ𝔻e--6259__OpeN-Setup&!!#\SET_UP\" -ad -an -ai#7zMap27349:226:7zEvent16637
                                                  1⤵
                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • Suspicious use of FindShellTrayWindow
                                                  PID:5704
                                                • C:\Windows\system32\OpenWith.exe
                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                  1⤵
                                                  • Modifies registry class
                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:3320
                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Complete🟆Download🟆Setup🟆File🟆Code_6259\#Pa$$CŌ𝔻e--6259__OpeN-Setup&!!#\SET_UP\.reloc
                                                    2⤵
                                                      PID:1132
                                                  • C:\Users\Admin\Downloads\Complete🟆Download🟆Setup🟆File🟆Code_6259\#Pa$$CŌ𝔻e--6259__OpeN-Setup&!!#\SET_UP.exe
                                                    "C:\Users\Admin\Downloads\Complete🟆Download🟆Setup🟆File🟆Code_6259\#Pa$$CŌ𝔻e--6259__OpeN-Setup&!!#\SET_UP.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:428
                                                  • C:\Users\Admin\Downloads\Complete🟆Download🟆Setup🟆File🟆Code_6259\#Pa$$CŌ𝔻e--6259__OpeN-Setup&!!#\SET_UP.exe
                                                    "C:\Users\Admin\Downloads\Complete🟆Download🟆Setup🟆File🟆Code_6259\#Pa$$CŌ𝔻e--6259__OpeN-Setup&!!#\SET_UP.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:1576

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    56a4f78e21616a6e19da57228569489b

                                                    SHA1

                                                    21bfabbfc294d5f2aa1da825c5590d760483bc76

                                                    SHA256

                                                    d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

                                                    SHA512

                                                    c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    e443ee4336fcf13c698b8ab5f3c173d0

                                                    SHA1

                                                    9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

                                                    SHA256

                                                    79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

                                                    SHA512

                                                    cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    144B

                                                    MD5

                                                    d7979e6c5ee9aef00eafd3e283f27302

                                                    SHA1

                                                    eaaf18a6e0910e84c7e99d5725864178399ba43c

                                                    SHA256

                                                    630abcd0be8d927203ee79a942e152a0cea49a237e653f761793e3c8c61de641

                                                    SHA512

                                                    b1b1fe28b35768a1ab07898c93e947928408580992408018734f75cbf6dfd0feac031fd7936c96eae756053ab5937d988a2db6c17493f3a09ed82a8e779f32d8

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
                                                    Filesize

                                                    16B

                                                    MD5

                                                    46295cac801e5d4857d09837238a6394

                                                    SHA1

                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                    SHA256

                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                    SHA512

                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    5302dc568308208f8663e60158fc4541

                                                    SHA1

                                                    5192944c09ee13169ce7ed0cd2ae1678b010991f

                                                    SHA256

                                                    b0450579b56e00e74515f7c83d647247810180ae906a970b2c07b66577a91c90

                                                    SHA512

                                                    eee2827e9905d37b6849b6501d18393c59ae542f89c37e30edee44d96479d1a76d6bac58697480b33e0da9d7037d044c370ecd26a0d4a8eafbec3bdffef158a2

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    111B

                                                    MD5

                                                    285252a2f6327d41eab203dc2f402c67

                                                    SHA1

                                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                    SHA256

                                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                    SHA512

                                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    69dbc49e700be059ac544ffa488a5499

                                                    SHA1

                                                    6952e92048d0fb97d2f897d1d7c8330d30bf2bdc

                                                    SHA256

                                                    ceda3561efa56adc7e833ecc05be72bbf21c219f6cc59f95650c291b6bab06c8

                                                    SHA512

                                                    d89b653e24d904931596b1dd84139722f3a7bda4b79d97851086fcd7a72226f5b02921a9008c26b313c2ea992bde065c4e99783986f4641c9e055e4be992fd02

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    ccd22f42312dec6a9c25ce713fd30366

                                                    SHA1

                                                    71ee55d856a81c741bec472fc04ba4548d7ff1ec

                                                    SHA256

                                                    f232c3d11ce106889a33c6dd24b8a0a17eb679408f7c30e828b923a184b55e00

                                                    SHA512

                                                    43b7f85c04f41bfcba210ccaf73a07f1e250714acb92398bef3d48c14b5b8314c65fc8b1d6799df1baca1fdc55ddc960c16dce82c8792c36fae0196ebdeaf8cd

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    7cfc3f4679c60272b7b3b5d6971f9f51

                                                    SHA1

                                                    f767a1e33ad63d0232ef2458698bfa54f302fd78

                                                    SHA256

                                                    835ef2a4892af8523c5fff8f59ff821ed473169afc4f5e507c1496ef24934271

                                                    SHA512

                                                    23694c4a946a23649a61e0d706696943661c14309f7a88ff8d1f8c750513fb1024f959955bb45c47cb6b34f64bf09d4042973735c1e2f3125585ec4407716bb6

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    5KB

                                                    MD5

                                                    7dc587f6e4166d6b46a9d8e451368107

                                                    SHA1

                                                    40f429423222ef6c24a8863f2469814bfe245448

                                                    SHA256

                                                    1c4a9f8a3aac76830b1124b61d98ab323cc5f4aa3e8def69b827a9e64d41ca1f

                                                    SHA512

                                                    5728bac4b572fcfa8a9ced9650050f480a736355ca17c8299110d4a31170e4402f5c919cc3bd3454fe50b166657d1b6cd83e90c382e8d558e2f7a15cf2c2ebc3

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
                                                    Filesize

                                                    41B

                                                    MD5

                                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                                    SHA1

                                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                                    SHA256

                                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                    SHA512

                                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                    Filesize

                                                    72B

                                                    MD5

                                                    df2faf5858a11562c0344130144c9e9d

                                                    SHA1

                                                    4d8b69e8312646418fca56e47826d671dbd1301c

                                                    SHA256

                                                    849757c8564e2f66a606e55caf03375009723d03c0838fba608f8517a36d2a52

                                                    SHA512

                                                    1a3e08ff3f00035f2d627e7fb19fdc24e6a77df643522fbcc42f6c0f5aa4797e8acc21d9f6846403772d1f9c3158ce9456a6e446a55f2be680a296ea97ead988

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5851b5.TMP
                                                    Filesize

                                                    48B

                                                    MD5

                                                    6ac7d33fed9273ec788e03135548f26c

                                                    SHA1

                                                    c630ab1a20eb34f34e37ebddd6f2a53ebfc6a837

                                                    SHA256

                                                    cdb1290cf3ad10627fb1b2a68ac98b7619ec0f371aac0a64a7db43b81750f2b4

                                                    SHA512

                                                    7e9d70f6ab4eee18cd0b99c65438a86f3a9df83d1bf5cffa9319dee2d685361e41238fff8f7792388fa2f089398f8cd16afdebf6b1bb4a63c5e9a07da8108765

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    371B

                                                    MD5

                                                    91683fb73287d1295226518569d2b565

                                                    SHA1

                                                    d6cf926f66ed67a98baef8411b58d7e11bd87743

                                                    SHA256

                                                    f2c6b23d200b064691ccc54ddaf087bc712545a03d959baa438d7f8d37eecbea

                                                    SHA512

                                                    02a0b89987bd41af1e64c80b743de5e53a0602f91671ceef0b0572cda49f4e0df4ed80b18811121be6e87c29efc0fac60d30a4c469b86d1e73f260b13274c57b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5804cd.TMP
                                                    Filesize

                                                    204B

                                                    MD5

                                                    d8c701a842b22cd5b806e56ab3a4d799

                                                    SHA1

                                                    2a013957b50b2036ed78963c28d3c96b884e42b3

                                                    SHA256

                                                    09b485641693478b10e851b721c8ba04a344ebdc9453fad483251b20659e91d2

                                                    SHA512

                                                    85b9efea5dd19d56f8b7d211acc8afe70ffcb2e06698e9563d5dc56433a4e077af163c39c098250e30adafd3439fc16fe7c285b8cede02f3b463f390e4735179

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                    Filesize

                                                    16B

                                                    MD5

                                                    6752a1d65b201c13b62ea44016eb221f

                                                    SHA1

                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                    SHA256

                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                    SHA512

                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    6677d0f99fbd0761db8e2a54cac5259e

                                                    SHA1

                                                    d9d6bc0c00debf1e2fabfc3e4789d64cdd1072e5

                                                    SHA256

                                                    0e45bddf29d1765915a2d4060197c0bb67422f9dee190d02cbbd81c5bc8d450e

                                                    SHA512

                                                    bdecf2ea5c5f6675a6f2e13dc571e7fe71eb9c809add0ea2e30d4b4fc088ecf98adeb5f6b73878dc1196f3aefcadac8aef67bdba3b20ccb7e862af5fa8dacbff

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    520ed0cf22cbd0c9c9f43450d349359b

                                                    SHA1

                                                    821817f31e85dfc7fc6eed8f38509c4872038c46

                                                    SHA256

                                                    41f25b2f6c6918eabf88cfb01ab87976853caaf4bf7b1d0a94d16a0019128745

                                                    SHA512

                                                    0ebd60b5378c2156d14ee27aec902e2b55faae2b9c28cf516eda5b4c4445ba1088146a74fba1c0bdddeb74957fe73685e356bee2cb15740e1dbdcf266cbad10a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                    Filesize

                                                    2B

                                                    MD5

                                                    f3b25701fe362ec84616a93a45ce9998

                                                    SHA1

                                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                    SHA256

                                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                    SHA512

                                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                    Download Submit

                                                  • C:\Users\Admin\Downloads\Complete🟆Download🟆Setup🟆File🟆Code_6259.zip
                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    4c8599625e513a3b837dfc4ade316a0d

                                                    SHA1

                                                    61ab7dda1dea0d14bad3347acc116c9278593ebd

                                                    SHA256

                                                    692e99d3171900efc927556806cec82a55017c3bca610de4004e381ada6024d5

                                                    SHA512

                                                    2cf9e7f207874444bbc73a6e493d15f1262ad8895bb6eb9956da57029d92c37af2866256d4bd75c9ee393fab8e4c27f676c50efd7bc97e8fd7d28f01d8180c6c

                                                    Download Submit

                                                  • C:\Users\Admin\Downloads\Complete🟆Download🟆Setup🟆File🟆Code_6259\#Pa$$CŌ𝔻e--6259__OpeN-Setup&!!#\SET_UP\.reloc
                                                    Filesize

                                                    432KB

                                                    MD5

                                                    3b0c72297d1b61e6e74359518622de2a

                                                    SHA1

                                                    f8ccdf3731e73862079352f58c589d1f3776b0b3

                                                    SHA256

                                                    1491ae64a1e65a237bbbf283b1918f2a8b96692eb7b9065745970d329e6e1d73

                                                    SHA512

                                                    d29c4bfc2e415130907ed0f33cb62ea3f10a1202d7bbf68a9f39b6b6217d42bb8f8016b12cd50a1e03e79fb2aa5f0f3ce679c9994451ef6c179a0fe6004bcad9

                                                    Download Submit

                                                  • memory/428-585-0x0000000002900000-0x0000000002952000-memory.dmp

                                                    Filesize

                                                    328KB

                                                    Download

                                                  • memory/428-584-0x0000000000400000-0x00000000006AE000-memory.dmp

                                                    Filesize

                                                    2.7MB

                                                    Download

                                                  • memory/1684-327-0x00000234A7390000-0x00000234A7391000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1684-331-0x00000234A7420000-0x00000234A7421000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1684-332-0x00000234A7430000-0x00000234A7431000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1684-333-0x00000234A7430000-0x00000234A7431000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1684-330-0x00000234A7420000-0x00000234A7421000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1684-329-0x00000234A7390000-0x00000234A7391000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1684-318-0x000002349E7C0000-0x000002349E7D0000-memory.dmp

                                                    Filesize

                                                    64KB

                                                    Download

                                                  • memory/1684-325-0x00000234A7310000-0x00000234A7311000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1684-314-0x000002349E780000-0x000002349E790000-memory.dmp

                                                    Filesize

                                                    64KB

                                                    Download