80d3125138b6c91f3a279cda223de8b2e2c58381f1553da988267e06ff17312f

Resubmissions

13/12/2023, 10:13

231213-l86xpabbfl 9

13/10/2023, 09:21

231013-lbb12sgb7t 9

25/04/2023, 02:57

230425-dfyrlshh5s 9

Analysis

max time kernel
788s
max time network
1521s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 09:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Spectral_Engine.exe
Size

2.9MB
MD5

a650df649db9d55f262cb25f1dadcf2a
SHA1

70a873b7654c739b17039025b36465f30ab5946b
SHA256

80d3125138b6c91f3a279cda223de8b2e2c58381f1553da988267e06ff17312f
SHA512

6e2f59cc5c52c721266462e01dc10c1009294e2542cbf1d42b8009c103ed26b73796f535dc9b0118edd42d0f4981940e0b3b7f97478352a7b6ca2a2f6171c58b
SSDEEP

49152:Dtjp+g8vpvKQ5GktOvxRGzho1spNFDkTyOJxkTSivi322VS2QWVmSn4q8UbGpoHm:ZI5vBr5GkwJMtVBDOymkTSivIkAVvnPi

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Spectral_Engine.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Spectral_Engine.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Spectral_Engine.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Spectral_Engine.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Spectral_Engine.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Spectral_Engine.exe

Executes dropped EXE 1 IoCs

pid	Process
4040	Spectral_Engine.exe

Themida packer 62 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/4908-0-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/memory/4908-2-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/memory/4908-3-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/memory/4908-4-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/memory/4908-5-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/memory/4908-6-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/memory/4908-7-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/memory/4908-10-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/memory/4908-37-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/memory/4908-42-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/memory/4908-529-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/memory/4908-756-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp	themida
behavioral2/files/0x00090000000231e1-1029.dat	themida
behavioral2/files/0x00090000000231e1-1070.dat	themida
behavioral2/files/0x00090000000231e1-1071.dat	themida
behavioral2/memory/4040-1072-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-1074-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-1075-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-1076-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-1080-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-1081-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-1674-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-1675-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-5957-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-10069-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-13990-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-17951-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-21592-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-25913-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-29784-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-33595-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-37046-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-41117-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-44958-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-48839-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-52240-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-56291-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-60122-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-64553-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-68664-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-72585-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-76726-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-81017-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-85227-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-89479-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-93790-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-97671-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-101972-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-106333-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-110654-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-114765-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-118438-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-122739-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-126910-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-130781-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-134692-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-138913-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-142674-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-146675-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-159546-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-162490-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida
behavioral2/memory/4040-166623-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Spectral_Engine.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Spectral_Engine.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
23	checkip.dyndns.org
139	checkip.dyndns.org

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
4908	Spectral_Engine.exe
4040	Spectral_Engine.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 884916.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
4908	Spectral_Engine.exe
4908	Spectral_Engine.exe
3088	msedge.exe
3088	msedge.exe
3636	msedge.exe
3636	msedge.exe
3524	identity_helper.exe
3524	identity_helper.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
2076	msedge.exe
2076	msedge.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4908	Spectral_Engine.exe
4040	Spectral_Engine.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4908	Spectral_Engine.exe
4908	Spectral_Engine.exe
4040	Spectral_Engine.exe
4040	Spectral_Engine.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 2940	4908	Spectral_Engine.exe	94
PID 4908 wrote to memory of 2940	4908	Spectral_Engine.exe	94
PID 2940 wrote to memory of 3636	2940	cmd.exe	96
PID 2940 wrote to memory of 3636	2940	cmd.exe	96
PID 3636 wrote to memory of 3220	3636	msedge.exe	99
PID 3636 wrote to memory of 3220	3636	msedge.exe	99
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 1868	3636	msedge.exe	103
PID 3636 wrote to memory of 3088	3636	msedge.exe	102
PID 3636 wrote to memory of 3088	3636	msedge.exe	102
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104
PID 3636 wrote to memory of 2096	3636	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\Spectral_Engine.exe
"C:\Users\Admin\AppData\Local\Temp\Spectral_Engine.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://spectral.website/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://spectral.website/
    3⤵
    - Enumerates system info in registry
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa9b5446f8,0x7ffa9b544708,0x7ffa9b544718
      4⤵
      PID:3220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
      4⤵
      PID:1868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
      4⤵
      PID:2096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
      4⤵
      PID:4780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
      4⤵
      PID:3748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1
      4⤵
      PID:1728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
      4⤵
      PID:4344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 /prefetch:8
      4⤵
      PID:1164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
      4⤵
      PID:4600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
      4⤵
      PID:872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5536 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1440 /prefetch:1
      4⤵
      PID:1828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4228 /prefetch:8
      4⤵
      PID:3012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4936 /prefetch:8
      4⤵
      PID:1592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,14180074373878012721,143445106188422418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2076
  - - C:\Users\Admin\Downloads\Spectral_Engine.exe
      "C:\Users\Admin\Downloads\Spectral_Engine.exe"
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Checks whether UAC is enabled
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Spectral Engine\Settings.ini

Filesize
344B

MD5
8a33e694d90a662a2dae5771cbc5a410

SHA1
b789b1ea4c41e52f9f8449318e8a01ab39d7245d

SHA256
8e8541691c048be722ac6b1a470a9a7c02cb37ce06c8a42082982242ff734ac9

SHA512
456121796a76837f2275d7c1ed90bcbb725245b99a09658c6e38a73b43d9d139a523529eca7a94c4237e5c4831afbcd8923f35eac345e934b4ffe92240d866e7

Download Submit
C:\Spectral Engine\Settings.ini

Filesize
344B

MD5
8a33e694d90a662a2dae5771cbc5a410

SHA1
b789b1ea4c41e52f9f8449318e8a01ab39d7245d

SHA256
8e8541691c048be722ac6b1a470a9a7c02cb37ce06c8a42082982242ff734ac9

SHA512
456121796a76837f2275d7c1ed90bcbb725245b99a09658c6e38a73b43d9d139a523529eca7a94c4237e5c4831afbcd8923f35eac345e934b4ffe92240d866e7

Download Submit
C:\Spectral Engine\Textures\discord_logo.png

Filesize
3KB

MD5
27bc310eb798e8adb9fbed45a537b643

SHA1
3e47e4e6256eccfa3d428eca3ac3f093b1d685a3

SHA256
80c06bafb2a82ac544b06de5c457d15bef6ae99c36b18b566a1b285912816f05

SHA512
20a38446bff5633849b02d3a62ab82e495f1df6fecbd7094a1cedb0c20ff1921ecc8160da83007a728593275daf1493ba6ee88c08f204e22e5c0731d9fc8ccee

Download Submit
C:\Spectral Engine\Textures\discord_logo.png

Filesize
3KB

MD5
27bc310eb798e8adb9fbed45a537b643

SHA1
3e47e4e6256eccfa3d428eca3ac3f093b1d685a3

SHA256
80c06bafb2a82ac544b06de5c457d15bef6ae99c36b18b566a1b285912816f05

SHA512
20a38446bff5633849b02d3a62ab82e495f1df6fecbd7094a1cedb0c20ff1921ecc8160da83007a728593275daf1493ba6ee88c08f204e22e5c0731d9fc8ccee

Download Submit
C:\Spectral Engine\Textures\loader_background.png

Filesize
264KB

MD5
4255b2cd993b3355ca6ef3fde692910b

SHA1
ae272af753b7586dedfbb9e40c28fcf7a425e28c

SHA256
73860a2fc21db902aa2a827d26cd700d3d8681dbfbcd51ff1a9f432d7579f108

SHA512
244eef37d48f4c2213f86f79f0f0f411c2def9bff9fa442745256f0526d41246f4e517697dde837842e4af9f7d957b7ab0a9579441ef0a15a5dab7ce5c7dee29

Download Submit
C:\Spectral Engine\Textures\loader_background.png

Filesize
264KB

MD5
4255b2cd993b3355ca6ef3fde692910b

SHA1
ae272af753b7586dedfbb9e40c28fcf7a425e28c

SHA256
73860a2fc21db902aa2a827d26cd700d3d8681dbfbcd51ff1a9f432d7579f108

SHA512
244eef37d48f4c2213f86f79f0f0f411c2def9bff9fa442745256f0526d41246f4e517697dde837842e4af9f7d957b7ab0a9579441ef0a15a5dab7ce5c7dee29

Download Submit
C:\Spectral Engine\Textures\spectral_engine.png

Filesize
19KB

MD5
ff033c48106393a15e3ded4374256068

SHA1
4f7307708c6f5d8692c90f7ba65a1685c319d8bf

SHA256
c0cc02c0bbba213c21876002563bde197355e30b5d4228d92414cc3d54b77de5

SHA512
1a3629dc760fda1278ae8a83e4f62bff3831c4645d59601c639c6a77b418930a2067866d24e4650cd6fc6590000378df0dcb4ba6d2419b4b448d22de903603dd

Download Submit
C:\Spectral Engine\Textures\spectral_engine.png

Filesize
19KB

MD5
ff033c48106393a15e3ded4374256068

SHA1
4f7307708c6f5d8692c90f7ba65a1685c319d8bf

SHA256
c0cc02c0bbba213c21876002563bde197355e30b5d4228d92414cc3d54b77de5

SHA512
1a3629dc760fda1278ae8a83e4f62bff3831c4645d59601c639c6a77b418930a2067866d24e4650cd6fc6590000378df0dcb4ba6d2419b4b448d22de903603dd

Download Submit
C:\Spectral Engine\Textures\youtube_logo.png

Filesize
18KB

MD5
8170c0b0cddec975b7c2553c20c1ab7e

SHA1
1000130079a1ec889ea2d80ac69dec9a5ccf3ddb

SHA256
9fdf5a383893ac06de3369aca5c890148c421d40406a0bbdb5cdd53660b8493f

SHA512
64d16f313bce435c0071029d911b2867121ba5eaa3a8c6be310c0a862852422c9cfab8f29b59eb16619424fbb274ae59001e69123dccbb52adfebb83e3912b24

Download Submit
C:\Spectral Engine\Textures\youtube_logo.png

Filesize
18KB

MD5
8170c0b0cddec975b7c2553c20c1ab7e

SHA1
1000130079a1ec889ea2d80ac69dec9a5ccf3ddb

SHA256
9fdf5a383893ac06de3369aca5c890148c421d40406a0bbdb5cdd53660b8493f

SHA512
64d16f313bce435c0071029d911b2867121ba5eaa3a8c6be310c0a862852422c9cfab8f29b59eb16619424fbb274ae59001e69123dccbb52adfebb83e3912b24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
60fe01df86be2e5331b0cdbe86165686

SHA1
2a79f9713c3f192862ff80508062e64e8e0b29bd

SHA256
c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

SHA512
ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\700A924A5A9F840ADC962A3C43B14924

Filesize
503B

MD5
ffabddb2d7c00bf24cc1bd805ce2205c

SHA1
bac771e53887fbdfc4df833baed1b1fd4b3dc367

SHA256
25251dcfd9401f8555cee1de1944b9a82be629a75d635365a31ce90d5c5589e4

SHA512
0be17c976b140b3fd1bc4537794796de327dd262a9fa3df6d8efaa6202593e319e752c8cc7c81404f72ecdc20400fdcfa1512fc1e0d6d66e916f2a4aa82d8f6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
e521614bd0d6c741f42475f70a016c36

SHA1
abe938b89bee75b1fbf38b43e30ee2e6d7de8bb1

SHA256
73ed71fa77ec5c30d856e0da9bc28d2105665ac61db0812c063db1c5ddcb9e2b

SHA512
7b82e604389f85066fcdcd1e070b7b14adfa0c07df97de4221954df64e8d948d84caff6839ba6f316af0d02a695a1b769d565fb9c25602eae7d64ffef1c3d0e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\700A924A5A9F840ADC962A3C43B14924

Filesize
548B

MD5
84417a50e4210d8f564044dee17f4f04

SHA1
377e315cc2bbfea91a7df4250d156ebf98b9de56

SHA256
b52990a42e4b245801650aa1d5b15d6d65e53123da0f1b66766fd32cdd8c5a85

SHA512
b3b7a1ea071ff7fc4e9233286a632412a8b4b8dc68a1610d38a8353b1230190eb7c5fa5e0214aaf5f73a89ac20f1eba1c84e3da9f8af9d62c8500787d92a0d8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
3cd9524ba4fbec0563e6b0b3132415c3

SHA1
b34910c5ec2d4ae6c46e0d8ae477fa5abd58770d

SHA256
0b6072f3bb779a8876305f86a8af0df38801d7da6470c6161a7df851fddba228

SHA512
dffedb8a5e534319e1b4b0969458864d9e33c30bf4f4215d3c1dde4055472f10588a23ac7ed3b7f8bc10f45b0eafa0d5eae64d4771b211bf0c79138ef67cb668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
868B

MD5
371a609a10b04ab2ea8a44449341acc5

SHA1
b3db834160b4f32e24baee792a059c06b318b47e

SHA256
3954e80bb2247e843aa1f567aefe29c870e7f48ec94b1c33e6d840f5821c2e33

SHA512
0960d371b16b8f2942474144ecc02de51624159cd4e2c41b175ce184de48f340dc09f946a104005dfb5f59d6d3dfa49e58fac701ac353c9eb417ebe9422711df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
868B

MD5
e9e336323bab143f3c1ebf993626373e

SHA1
2a47e8f66880eb00f3604ec96df18397d67d8520

SHA256
891c54d3d1980443cb432613dbaf7df56f624f6d63f1ea139337a6d0606c4eee

SHA512
3d62cda470bf7cfc4d457e6f7e1fc33fa54b6e712bdf2a7b66cee45ccc2ee63675a23b0d234417c5228e20a9b8281ad3e325309479f7ee35114aa5c93eefe7e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
868B

MD5
7c21fc0ba03ffdb418c0473f197f377c

SHA1
d16e9fae746886fa57694d704c854926c08b1820

SHA256
6e7e53e38b0d53acdcd199dd323075f13cf688e732f61644176b483c6ae1ea42

SHA512
83d0da18024ada4c11656f82e3c86409cb930f6c55cd205f2e05b4154f6653c88a82fced91e43204e0a7a9a7b94bbc9067bae98255d4366deb01189f7723d212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
768e69ba122addfbd1fb74bbc84a8edb

SHA1
eb6e2c43dac288ba4b8162a1a8adf12e7091c81b

SHA256
1fade0d69e9c58c3464e955100ad57c7aa145da8355227a03cb4cd8bdcefefbc

SHA512
29c5d3196bde79548954b51fbaf07df6946588843539ab5c436d122fe2885315d18d44c0b4c85746b2193f3d6f74bb068546bec7088bcdfbd7e79c04190ac49e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b3b89062ac29db8eabeb149c993f1777

SHA1
774bbdc9951a5b6e1eaccc68bff0bc1daa077c50

SHA256
13ecd2f62795298d26bf40d3064e326320fb92966ca982408a6a2bc5894fc1e4

SHA512
d961f6257d2eff8322bb8426711ef723ced70ca38d36023ba2de492293b7a7efab1d8282b8df5efad6ac123183192524d54bea4b986eefe1d48308f4563f9be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
acfe3f407b2cb0bd0ecc2014c57ba1b5

SHA1
408fa04e458793591bfa3e15926daa9defa16168

SHA256
5407d8486613e9caa2c2f52f4b15ec2b5c15564bd2b6c560d2784c3950023c9e

SHA512
c7668b60c8e46cd260ec52895b3c6bd954b36320f64db6fd2d74909ba55a7ca0442d26c4e4dd344a67d77293ad18324da5b49e51e7d92fda4ede17895fbc4876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6bb272aa0ec814a9beb6cf05bd89e575

SHA1
41cc22e335e2983ce2903af8689a59e5cffd815d

SHA256
6c3160a3ce4de968f5c024713c5774a924fb436f90168d66b754b15695efb183

SHA512
1c2aac17ae596c2d678c565f19a1bde061fb1cd11daba28774ef7ad4ec6aae2641af72b816273ec60fffe5654c64af139d8142459653613bb2ee158656f39986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ee3c0b7aa80aa3ca20455b24b185675

SHA1
5675e2216b4912c515f70afcf879b38f11bf5a2b

SHA256
3f7ece03bc98aabc6ab3ac9f64db509266b40a60a624f226e53d421fa1ae57a7

SHA512
3b9d311157b6ada27d8d07d100e29ad8bc80210d17c77134ae0a8caaff9efbd83476222d7335af5025709da2e7d95521cf06249dc39d72fd7e3b6f4cfd087032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3bc307301d1c9dde63d0d30b0c867834

SHA1
6c44c3c0a840515543f69c2c026ef4e40cadb77e

SHA256
c269cb979bff6fc05014006fb9b64efe8f9b25df7e59c0c5d614b0cf51366e09

SHA512
4a5b54fb33cf0612cc9d3a5e7baa5e0ac1cc17560e4cca6de2ec9e2e130beabfa65d952002b4907d7bddfa85bed36f971736b6f79d6d0f8e532e8a0b45e941da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
15ad31a14e9a92d2937174141e80c28d

SHA1
b09e8d44c07123754008ba2f9ff4b8d4e332d4e5

SHA256
bf983e704839ef295b4c957f1adeee146aaf58f2dbf5b1e2d4b709cec65eccde

SHA512
ec744a79ccbfca52357d4f0212e7afd26bc93efd566dd5d861bf0671069ba5cb7e84069e0ea091c73dee57e9de9bb412fb68852281ae9bd84c11a871f5362296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
48972a9e3af3d00aad80f25cf53d85cc

SHA1
bf6bc356afa01b2ad67cd2922cb47b356e57fec4

SHA256
736e668225050431e44ba6a1e503f1167b6eff3dc2f1ef863aa153bbafea80df

SHA512
32bebc60a79d820932bccaeb1de3b128035f0517307afc9bb6c505c96f7e6a8aa4540516e1f3d0c56150594b20b99027bec5f928afac0b4d678d4e5ab1c57b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21cd65d124c56da5523fd39e60629eb4

SHA1
17db60a617b0666b936d6e5189465a60231e4649

SHA256
8ded72b5e54a56d4c3f3b060cdf629e160e9b52c662685360eedeb72ece04605

SHA512
2e941ba337038febefa22d5918a2a5c168ab9f3e3b9c3151cc369caf00ebf616cb9f39aa8a95ee0f7e0aaf3ef228216e82ba4b664f295dd1ea6f4cc6ac5f808f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e230727a6cfeeac873c8c1816b8141c8

SHA1
0f66a63ea786a66ac0deac4901cef156cf8e0363

SHA256
076636d224b61cdf0df59896d14a0b62eeb1013c770d26c622b199f10a5d649c

SHA512
f6bafaab9b9f85dc1be0fc3e4a62d3f9d3921863e40777da8e17ad2832bf1a454ab0db63b4006ee24bd2c0ac5ddc9b1f8cc1803cf8060d1b7ef41781ad5295e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eabbdf730eafcdca8196a1c74129ec92

SHA1
b3cabca2e22b3acbf0c92824c5fe6100b6c09182

SHA256
1d1383117a9394f709f356ce325541be24ef083ec4044249c7ef574bec2f0f0d

SHA512
7512e74366c26f69341b1802de89b8e1ccd58cccb8960491836797ed5302cc5e0748a925fa7547a1cd8582fac5cd519dd51aae1441e38d1192b9c6422022ea18

Download Submit
C:\Users\Admin\Downloads\Spectral_Engine.exe

Filesize
2.9MB

MD5
c8d54510d65f293e077f8741670904ab

SHA1
eedb22f84bc6b59567aaed27065296d9f923b5e2

SHA256
129768c0648d52603a5049d09c1b2875aed3b1e4bb56615bcfeda3bdc9569adb

SHA512
9177f22ee1223ee18a03ffaf87885a050eedc56414bcf65a85d174a84093c305d893d2df48bb846b4f4f457f0dc48ff95dd51219a5de6155af780d9cad1004bc

Download Submit
C:\Users\Admin\Downloads\Spectral_Engine.exe

Filesize
2.9MB

MD5
c8d54510d65f293e077f8741670904ab

SHA1
eedb22f84bc6b59567aaed27065296d9f923b5e2

SHA256
129768c0648d52603a5049d09c1b2875aed3b1e4bb56615bcfeda3bdc9569adb

SHA512
9177f22ee1223ee18a03ffaf87885a050eedc56414bcf65a85d174a84093c305d893d2df48bb846b4f4f457f0dc48ff95dd51219a5de6155af780d9cad1004bc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 884916.crdownload

Filesize
2.9MB

MD5
c8d54510d65f293e077f8741670904ab

SHA1
eedb22f84bc6b59567aaed27065296d9f923b5e2

SHA256
129768c0648d52603a5049d09c1b2875aed3b1e4bb56615bcfeda3bdc9569adb

SHA512
9177f22ee1223ee18a03ffaf87885a050eedc56414bcf65a85d174a84093c305d893d2df48bb846b4f4f457f0dc48ff95dd51219a5de6155af780d9cad1004bc

Download Submit
memory/4040-1080-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-101972-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-166624-0x00007FFABA290000-0x00007FFABA485000-memory.dmp

Filesize
2.0MB

Download
memory/4040-166623-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-162490-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-159546-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-146675-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-142674-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-1072-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-1073-0x00007FFABA290000-0x00007FFABA485000-memory.dmp

Filesize
2.0MB

Download
memory/4040-1074-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-1075-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-1076-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-138913-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-1081-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-134692-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-130781-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-126910-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-122739-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-118438-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-114765-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-110654-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-1674-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-1675-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-2316-0x00007FFABA290000-0x00007FFABA485000-memory.dmp

Filesize
2.0MB

Download
memory/4040-5957-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-10069-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-13990-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-17951-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-21592-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-25913-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-29784-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-33595-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-37046-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-41117-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-44958-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-48839-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-52240-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-56291-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-60122-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-64553-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-68664-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-72585-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-76726-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-81017-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-85227-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-89479-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-93790-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-97671-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4040-106333-0x00007FF6B0510000-0x00007FF6B0C8E000-memory.dmp

Filesize
7.5MB

Download
memory/4908-6-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download
memory/4908-10-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download
memory/4908-2-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download
memory/4908-3-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download
memory/4908-4-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download
memory/4908-5-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download
memory/4908-1-0x00007FFABA290000-0x00007FFABA485000-memory.dmp

Filesize
2.0MB

Download
memory/4908-0-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download
memory/4908-757-0x00007FFABA290000-0x00007FFABA485000-memory.dmp

Filesize
2.0MB

Download
memory/4908-9-0x00007FFABA290000-0x00007FFABA485000-memory.dmp

Filesize
2.0MB

Download
memory/4908-7-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download
memory/4908-37-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download
memory/4908-42-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download
memory/4908-529-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download
memory/4908-756-0x00007FF7BBE10000-0x00007FF7BC5C3000-memory.dmp

Filesize
7.7MB

Download