laplas | 9484a44f677fc8ebd6dbbb9480dc039f3e799ca9f2381c580e1e3914b2b919f7

Analysis

max time kernel
63s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
01-04-2023 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PC-Set-UP_SOFT.exe
Size

730.0MB
MD5

06c4093950b292b57084643fdbef20d8
SHA1

e9cfc6ef108e0e6ab1f33060a92bf91debd03bce
SHA256

9484a44f677fc8ebd6dbbb9480dc039f3e799ca9f2381c580e1e3914b2b919f7
SHA512

9b2d8b257982fc745fa8b5e906844ab54a66daf66f03f6482cec3fa584657270fd285ab15b6c9df19e44c29e52c7939c4d50e4de5683e9da0f6e886ce3eb389d
SSDEEP

196608:Dqkq7xWxHjSwvcWgSNXqAK/9CHeB5DiWSzvkICfH8HryeuqKI:dxDSJQolfnDiW66cHzh

Score

10^/10

laplas raccoon f49765d62e02586d0fe162b5d3a934ad clipper discovery persistence spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

f49765d62e02586d0fe162b5d3a934ad

http://5.75.159.229/

http://212.113.119.153/

http://78.153.130.123/

http://212.113.119.35/

rc4.plain

Extracted

Family

laplas

http://212.113.106.172

Attributes

api_key
a8f23fb9332db9a7947580ee498822bfe375b57ad7eb47370c7209509050c298

Signatures

Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
stealer clipper laplas
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	PC-Set-UP_SOFT.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	7Is9u008.exe

Executes dropped EXE 4 IoCs

pid	Process
1240	077Kt1g1.exe
3080	xpOi5Ll8.exe
5100	7Is9u008.exe
3676	svcservice.exe

Loads dropped DLL 3 IoCs

pid	Process
4160	PC-Set-UP_SOFT.exe
4160	PC-Set-UP_SOFT.exe
4160	PC-Set-UP_SOFT.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\telemetry = "C:\\Users\\Admin\\AppData\\Roaming\\telemetry\\svcservice.exe"	7Is9u008.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1240 set thread context of 4992	1240	077Kt1g1.exe	95

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2200	1240	WerFault.exe	93
1208	4992	WerFault.exe	95

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	PC-Set-UP_SOFT.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	PC-Set-UP_SOFT.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	PC-Set-UP_SOFT.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	PC-Set-UP_SOFT.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	PC-Set-UP_SOFT.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4160	PC-Set-UP_SOFT.exe
4160	PC-Set-UP_SOFT.exe
5100	7Is9u008.exe
5100	7Is9u008.exe
5100	7Is9u008.exe
5100	7Is9u008.exe
3676	svcservice.exe
3676	svcservice.exe
3676	svcservice.exe
3676	svcservice.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3080	xpOi5Ll8.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 1240	4160	PC-Set-UP_SOFT.exe	93
PID 4160 wrote to memory of 1240	4160	PC-Set-UP_SOFT.exe	93
PID 4160 wrote to memory of 1240	4160	PC-Set-UP_SOFT.exe	93
PID 1240 wrote to memory of 4992	1240	077Kt1g1.exe	95
PID 1240 wrote to memory of 4992	1240	077Kt1g1.exe	95
PID 1240 wrote to memory of 4992	1240	077Kt1g1.exe	95
PID 1240 wrote to memory of 4992	1240	077Kt1g1.exe	95
PID 1240 wrote to memory of 4992	1240	077Kt1g1.exe	95
PID 4160 wrote to memory of 3080	4160	PC-Set-UP_SOFT.exe	98
PID 4160 wrote to memory of 3080	4160	PC-Set-UP_SOFT.exe	98
PID 4160 wrote to memory of 3080	4160	PC-Set-UP_SOFT.exe	98
PID 4160 wrote to memory of 5100	4160	PC-Set-UP_SOFT.exe	101
PID 4160 wrote to memory of 5100	4160	PC-Set-UP_SOFT.exe	101
PID 4160 wrote to memory of 5100	4160	PC-Set-UP_SOFT.exe	101
PID 3080 wrote to memory of 4808	3080	xpOi5Ll8.exe	103
PID 3080 wrote to memory of 4808	3080	xpOi5Ll8.exe	103
PID 5100 wrote to memory of 3676	5100	7Is9u008.exe	102
PID 5100 wrote to memory of 3676	5100	7Is9u008.exe	102
PID 5100 wrote to memory of 3676	5100	7Is9u008.exe	102
PID 4808 wrote to memory of 4232	4808	msedge.exe	104
PID 4808 wrote to memory of 4232	4808	msedge.exe	104
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1228	4808	msedge.exe	105
PID 4808 wrote to memory of 1604	4808	msedge.exe	106
PID 4808 wrote to memory of 1604	4808	msedge.exe	106

C:\Users\Admin\AppData\Local\Temp\PC-Set-UP_SOFT.exe
"C:\Users\Admin\AppData\Local\Temp\PC-Set-UP_SOFT.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Users\Admin\AppData\LocalLow\077Kt1g1.exe
  "C:\Users\Admin\AppData\LocalLow\077Kt1g1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1240
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
    3⤵
    PID:4992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 1084
      4⤵
      Program crash
      PID:1208
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 340
    3⤵
    - Program crash
    PID:2200
- C:\Users\Admin\AppData\Roaming\xpOi5Ll8.exe
  "C:\Users\Admin\AppData\Roaming\xpOi5Ll8.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/alxhlILI#hZ7PSegQ73pZinlqDi3_fdSbyn1s0irbAj6TPTlFRPY
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8b11e46f8,0x7ff8b11e4708,0x7ff8b11e4718
      4⤵
      PID:4232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5500840090061779624,5852195616792844596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
      4⤵
      PID:1228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5500840090061779624,5852195616792844596,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
      4⤵
      PID:1604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5500840090061779624,5852195616792844596,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
      4⤵
      PID:1760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5500840090061779624,5852195616792844596,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
      4⤵
      PID:3736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5500840090061779624,5852195616792844596,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
      4⤵
      PID:3040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5500840090061779624,5852195616792844596,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
      4⤵
      PID:1192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5500840090061779624,5852195616792844596,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
      4⤵
      PID:4708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5500840090061779624,5852195616792844596,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
      4⤵
      PID:2896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5500840090061779624,5852195616792844596,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
      4⤵
      PID:2568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5500840090061779624,5852195616792844596,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
      4⤵
      PID:3036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      PID:2576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff651285460,0x7ff651285470,0x7ff651285480
        5⤵
        
        PID:244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5500840090061779624,5852195616792844596,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
      4⤵
      PID:4692
- C:\Users\Admin\AppData\Roaming\7Is9u008.exe
  "C:\Users\Admin\AppData\Roaming\7Is9u008.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5100
- - C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe
    "C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1240 -ip 1240
1⤵
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 4992 -ip 4992
1⤵
PID:796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa399d855 /state1:0x41c64e6d
1⤵
PID:3336

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\077Kt1g1.exe

Filesize
258KB

MD5
041b96460a5646b883436e0b327829eb

SHA1
52cff10434f104bda83a988f34c6206563d458b5

SHA256
831de4f721d72790aa397a9f8ad7b02eaf86b4d522748452922260b0b2127d92

SHA512
1182b0eaac12030b3a90e701ba0c1973bcbbeec0283341a84980648bcab23d4a8bc4bddb49197783d5ca0adb6f236ee7e46ea22e640b8f6cd74487dc3aac96ba

Download Submit
C:\Users\Admin\AppData\LocalLow\077Kt1g1.exe

Filesize
258KB

MD5
041b96460a5646b883436e0b327829eb

SHA1
52cff10434f104bda83a988f34c6206563d458b5

SHA256
831de4f721d72790aa397a9f8ad7b02eaf86b4d522748452922260b0b2127d92

SHA512
1182b0eaac12030b3a90e701ba0c1973bcbbeec0283341a84980648bcab23d4a8bc4bddb49197783d5ca0adb6f236ee7e46ea22e640b8f6cd74487dc3aac96ba

Download Submit
C:\Users\Admin\AppData\LocalLow\077Kt1g1.exe

Filesize
258KB

MD5
041b96460a5646b883436e0b327829eb

SHA1
52cff10434f104bda83a988f34c6206563d458b5

SHA256
831de4f721d72790aa397a9f8ad7b02eaf86b4d522748452922260b0b2127d92

SHA512
1182b0eaac12030b3a90e701ba0c1973bcbbeec0283341a84980648bcab23d4a8bc4bddb49197783d5ca0adb6f236ee7e46ea22e640b8f6cd74487dc3aac96ba

Download Submit
C:\Users\Admin\AppData\LocalLow\mozglue.dll

Filesize
612KB

MD5
f07d9977430e762b563eaadc2b94bbfa

SHA1
da0a05b2b8d269fb73558dfcf0ed5c167f6d3877

SHA256
4191faf7e5eb105a0f4c5c6ed3e9e9c71014e8aa39bbee313bc92d1411e9e862

SHA512
6afd512e4099643bba3fc7700dd72744156b78b7bda10263ba1f8571d1e282133a433215a9222a7799f9824f244a2bc80c2816a62de1497017a4b26d562b7eaf

Download Submit
C:\Users\Admin\AppData\LocalLow\nss3.dll

Filesize
1.9MB

MD5
f67d08e8c02574cbc2f1122c53bfb976

SHA1
6522992957e7e4d074947cad63189f308a80fcf2

SHA256
c65b7afb05ee2b2687e6280594019068c3d3829182dfe8604ce4adf2116cc46e

SHA512
2e9d0a211d2b085514f181852fae6e7ca6aed4d29f396348bedb59c556e39621810a9a74671566a49e126ec73a60d0f781fa9085eb407df1eefd942c18853be5

Download Submit
C:\Users\Admin\AppData\LocalLow\sqlite3.dll

Filesize
1.0MB

MD5
dbf4f8dcefb8056dc6bae4b67ff810ce

SHA1
bbac1dd8a07c6069415c04b62747d794736d0689

SHA256
47b64311719000fa8c432165a0fdcdfed735d5b54977b052de915b1cbbbf9d68

SHA512
b572ca2f2e4a5cc93e4fcc7a18c0ae6df888aa4c55bc7da591e316927a4b5cfcbdda6e60018950be891ff3b26f470cc5cce34d217c2d35074322ab84c32a25d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
4b1e8eb7382a48f9e0e6a0ff90ed86fa

SHA1
7908ad3419499099c6d62b46fb5848801ed2421e

SHA256
f960255c7402f8d0dec8f6bc42d65ca42dd9519cee1c36fc5f83d8cce32fc713

SHA512
ddb1ddabd825b7f7761b7e4c335436c88138198c7c615bf02294389331776b6f93323ac10de404ecd82498fde9eb1355b504d6f3b7ab9dcec3744e603b8bc86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d13f78944a270eb3870c9a5daa438d66

SHA1
15cf88ca3c39d7d7a975c9535dbdde2eec002672

SHA256
9faa6c30e2a204a6329266da2ed0479a2ae51e2f9cf584fdea54c7a837307007

SHA512
3b5842609765524f2b408c380976f6a388dfa15604bf275c2e4053f0c9e2d8d74ae22b0a91dd583c63bd59028917596ee177719dfb4a1d7f61501d7eac8ada60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
5fc1a5985b7dd25230444ac95a45fd3b

SHA1
684fcea0624a34db1934eebed35bffdb555edd8c

SHA256
9069d090a26014fd104396196de6e431af9202dd5a779bc42a60c41b609b3395

SHA512
dabf2285c98a115df545f94fcd3a64fff2135a4138fd2de2d9cb9e654fa0ec93558665f0ea03a5e8535c32ba9af58d8fd76d6b1a5b602495ae42adee4ef12ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
03da8e9f1c34251a6a9fc171f9972a58

SHA1
4817ec312c6bd1ce48635f652f4ea8d70a190987

SHA256
08bfcc15479ee1cf404d6d0c9aa3a5a1eba16288f4e432b56b66861d88052451

SHA512
d8df733d82c529cf321cb5ac9db4216b32b6b6904201207600fec3fcd26c92e550520335e02ff423747d3772ab672ad95528f8bc4a15bd70abf6421d6e0ac727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cbc41c8917b09ca89b7f36531b4e7465

SHA1
40223820e9f0c525139c6f35b96531d92ae9d332

SHA256
51971fb96f693fd123e8a60422f1c60b10dea2d18ee2fc97f30878889a7f06a6

SHA512
f5a3d4351c958e5524904526707e3a366ac099096a7eaf568ea4d966ef98cce22502e370a74e2c07512fe0f9f06935c5b82307ba96cc43dab8abde3d6493be6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
2e2914b563a4d191a441bbcb54d98c8b

SHA1
fd88f40cec165e8703011a05f66bcdfe6de3faa5

SHA256
5da1a66308f0e9e74c80a7d6e94b63f6bda7e572627989bc1566cd5a1a603c9f

SHA512
229662cd977b58dfd3afda3e88e904db1ff872eb56b8f3de27fd7882b3513b3fbd749feab5114f5fba0d9a4e0bdb7eed1894a2048b448da929dbe9c5db628449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8172b5181c26579d849f7554e57737f7

SHA1
687cb6b4164eb463d2c0f64c01cf5afbab28062e

SHA256
e3f29722c86dfbe55527b8bf33d9ed3ca332c5422d2c6fad4bf817b0fa7b75f3

SHA512
ca279ca2a4cd84166101d57a2ea6f78569ff11476356a3b1d01a99e804c0a18b410b673c78de4e87648c21845dab3afa632a8b56bcb27cb4df1a77a19a46bd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
708757dd55d48035047f507a4dc17bc3

SHA1
e0963b2cd6e056f6e3ee6e4202a5fb9d606f5c44

SHA256
0343a206aa6f1395a98d13fe06ba334b386c36f63480010f4b937f7928564834

SHA512
103b2de25081de6f1c082218fa0d891ceec11b937a62ac6be4ae6269ddfc94e7762ea9decb03a4e112aedf65af34dc527eafb030a0a7790134ad520bc963de8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
299ec3c6ffffa9f43dd79e9ce27a747c

SHA1
cf5184b83ba1662febc0ca997e3b5888cd9e6177

SHA256
8fe88092c8329e61106f2b370d188a4591a605fc0037362ca7e1d73990c8173d

SHA512
90e202f2b26cb74864a812a5663542bc5095892c0d2290e84692baba535dd5605426851e69043c718271339b74694f34a6e9376f7732414ccaef9f8d54f5d292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
28c951247175ab5a0d8176613bf5695d

SHA1
29389e0d4553a7ac19c174e116b1b5ac25490f72

SHA256
c7a6678b08fe57876333c244653c7bd0e5de8befa137d606266c5948d240cb4c

SHA512
e4161328c36072e0fcc6ac1f8ac6ad4ec72b532ccadcd50ec74246e712e2138b7e248dde70d5fd66eeb3fd33b2d09e6f1ad9886d4392ad6539d3a4930cf13a52

Download Submit
C:\Users\Admin\AppData\Roaming\7Is9u008.exe

Filesize
5.8MB

MD5
e7a69210f26c7944b6e267d0d73af320

SHA1
cc03fe693690e4f45a7cca31782292f69e505801

SHA256
64b965beccd214a869629c202905642aec12eb0814bd773c264f845cb7a211e2

SHA512
44345416a657e5612fe6af6d6203f25e5bb501862f83c0a688b8fbab0cdd4929b309e32fa6770fe18a47bf62d91688fc761761d0f457e37bbc11abe16adace07

Download Submit
C:\Users\Admin\AppData\Roaming\7Is9u008.exe

Filesize
5.8MB

MD5
e7a69210f26c7944b6e267d0d73af320

SHA1
cc03fe693690e4f45a7cca31782292f69e505801

SHA256
64b965beccd214a869629c202905642aec12eb0814bd773c264f845cb7a211e2

SHA512
44345416a657e5612fe6af6d6203f25e5bb501862f83c0a688b8fbab0cdd4929b309e32fa6770fe18a47bf62d91688fc761761d0f457e37bbc11abe16adace07

Download Submit
C:\Users\Admin\AppData\Roaming\7Is9u008.exe

Filesize
5.8MB

MD5
e7a69210f26c7944b6e267d0d73af320

SHA1
cc03fe693690e4f45a7cca31782292f69e505801

SHA256
64b965beccd214a869629c202905642aec12eb0814bd773c264f845cb7a211e2

SHA512
44345416a657e5612fe6af6d6203f25e5bb501862f83c0a688b8fbab0cdd4929b309e32fa6770fe18a47bf62d91688fc761761d0f457e37bbc11abe16adace07

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
8d8cba4a3b1212928dfe71532998f127

SHA1
0536db7f8aca5a55eadddcd20308d01404435a71

SHA256
20361fe81f69e06b5c866c91faa53ca403ea3bd58fd202f8cc7d35ab83b840f5

SHA512
20b764b549f63ee8a16e47bf3e877cb85db6f4e16088a9f65be71c5ed309bcf6be9f1bdd0329b698657635245d1146173087ff8e64aaf02eef3609ab40f3a6da

Download Submit
C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe

Filesize
365.6MB

MD5
aece5f3c84a93d2b439e8f7656f49b88

SHA1
07d4fe0a212f8ede5446122fd1181a0a6eb1d391

SHA256
815f707fb068b2f7a351fde75c71d73971428263eaf066d7ed9e98c7caf33f64

SHA512
1a5ba10d441dbafb436d9359ec03ecbdbc91733cbbef3f4c3fb925cbd6e43d91dabbb8dc68878b8b97ffa5d2289de0529153a15733b1770df01b58dbe8811ca5

Download Submit
C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe

Filesize
364.0MB

MD5
588bde11947bcfbbf11c8cd082a125a6

SHA1
fba749cc31e1bd92d532d77a3e6f8b9d366c02eb

SHA256
3c296c5734d6b3f04424774d9c98685cca3250aab909388926b5b5853d36d504

SHA512
e2e1f9404cd5935fef9c25d554541c11d18a22e8ff6373ff366150af28327ecd4415529f131580a215a6765b3c9cd3a06229b8d6278126c4cf50a3765ff59467

Download Submit
C:\Users\Admin\AppData\Roaming\xpOi5Ll8.exe

Filesize
52KB

MD5
13e943e4a218b36c30fcc7fe865d5d93

SHA1
9fb188959cc18b754db75a50240973abe05d1635

SHA256
3fd21096eba51f31191f95a3771c54274748666f101868a5b061847f0853cdb4

SHA512
c3d646f145f7044d37fbd7eaecba508eb8d54be4741216c9d75e43f44c0370dcc67d05566e9772519f44c1c34e3bda77466e7a12ce0cd6b00e7e895ec5d6241f

Download Submit
C:\Users\Admin\AppData\Roaming\xpOi5Ll8.exe

Filesize
52KB

MD5
13e943e4a218b36c30fcc7fe865d5d93

SHA1
9fb188959cc18b754db75a50240973abe05d1635

SHA256
3fd21096eba51f31191f95a3771c54274748666f101868a5b061847f0853cdb4

SHA512
c3d646f145f7044d37fbd7eaecba508eb8d54be4741216c9d75e43f44c0370dcc67d05566e9772519f44c1c34e3bda77466e7a12ce0cd6b00e7e895ec5d6241f

Download Submit
C:\Users\Admin\AppData\Roaming\xpOi5Ll8.exe

Filesize
52KB

MD5
13e943e4a218b36c30fcc7fe865d5d93

SHA1
9fb188959cc18b754db75a50240973abe05d1635

SHA256
3fd21096eba51f31191f95a3771c54274748666f101868a5b061847f0853cdb4

SHA512
c3d646f145f7044d37fbd7eaecba508eb8d54be4741216c9d75e43f44c0370dcc67d05566e9772519f44c1c34e3bda77466e7a12ce0cd6b00e7e895ec5d6241f

Download Submit
memory/3080-233-0x00000000007A0000-0x00000000007B4000-memory.dmp

Filesize
80KB

Download
memory/3080-235-0x00000000050D0000-0x0000000005162000-memory.dmp

Filesize
584KB

Download
memory/3080-260-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/3080-259-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/3080-253-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/3080-240-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/3080-234-0x0000000005680000-0x0000000005C24000-memory.dmp

Filesize
5.6MB

Download
memory/3080-236-0x0000000005040000-0x000000000504A000-memory.dmp

Filesize
40KB

Download
memory/3676-274-0x0000000000D50000-0x0000000000D51000-memory.dmp

Filesize
4KB

Download
memory/3676-275-0x0000000000400000-0x0000000000D10000-memory.dmp

Filesize
9.1MB

Download
memory/4160-134-0x0000000000400000-0x0000000001518000-memory.dmp

Filesize
17.1MB

Download
memory/4160-190-0x0000000061E00000-0x0000000061EF1000-memory.dmp

Filesize
964KB

Download
memory/4160-133-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/4992-239-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

Filesize
64KB

Download
memory/4992-237-0x0000000007DE0000-0x0000000007E46000-memory.dmp

Filesize
408KB

Download
memory/4992-238-0x00000000089E0000-0x0000000008AE2000-memory.dmp

Filesize
1.0MB

Download
memory/4992-217-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/5100-254-0x0000000000E20000-0x0000000000E21000-memory.dmp

Filesize
4KB

Download
memory/5100-255-0x0000000000400000-0x0000000000D10000-memory.dmp

Filesize
9.1MB

Download