74ca0e628c79d64b8801b16abef652a0144011750b04b733a7493e6592445ab7

Analysis

max time kernel
80s
max time network
81s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11-03-2024 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lightroom_Set-Up.exe
Size

3.0MB
MD5

b08acb09d628deefc3661d53879024cc
SHA1

2bf63fe0a9d80f005761c50818c16db6b6127402
SHA256

74ca0e628c79d64b8801b16abef652a0144011750b04b733a7493e6592445ab7
SHA512

0dcdf411a35bee983b11d6450a377650a4f4802eac74b31556118f7792ca53202388b4bef35199e447e2f3a3af94ccb9f47ed268d3ce901fce36d44d91f283b5
SSDEEP

49152:PZnCRw3438x0TVDKNxOafuUYUc9no2IWkAyf1CQ+v5XxCv6Px2i:PARw3UJKHOa/Xffs0S52i

Score

10^/10

adobe phishing upx

Malware Config

Signatures

Detected adobe phishing page
phishing adobe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2652-0-0x0000000000BA0000-0x0000000001565000-memory.dmp	upx
behavioral1/memory/2652-259-0x0000000000BA0000-0x0000000001565000-memory.dmp	upx
behavioral1/memory/2652-341-0x0000000000BA0000-0x0000000001565000-memory.dmp	upx

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Lightroom_Set-Up.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Lightroom_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Lightroom_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Lightroom_Set-Up.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

Lightroom_Set-Up.exemsedgewebview2.exemsedgewebview2.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Lightroom_Set-Up.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Lightroom_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Lightroom_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Lightroom_Set-Up.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

Lightroom_Set-Up.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Lightroom_Set-Up.exe = "11001"	Lightroom_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Lightroom_Set-Up.exe

Modifies system certificate store 2 TTPs 12 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Lightroom_Set-Up.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore\Certificates\686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB	Lightroom_Set-Up.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore\Certificates\686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB\Blob = 030000000100000014000000686df0a4a89f7cb6bfb4d33c6a48e2ee5fb6c4fb2000000001000000c3050000308205bf308203a7a003020102020401cfbd1c300d06092a864886f70d01010d050030818e310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793124302206035504030c1b41646f626520496e7465726d6564696174652043412031302d3139301e170d3233303830373135313132375a170d3330303830353135313132355a308191310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793127302506035504030c1e41646f626520436f6e74656e742043657274696669636174652031302d3830820222300d06092a864886f70d01010105000382020f003082020a0282020100d119f9b8d2d41d892abf9f1f3cd1f947141b9867e9be6d96e479c74c87e42f61f5b927bccb7caebe27b26465b8e2f1118c2041980b88d7f559b8f9d041110e19f29ce5033fe9b8184d47982257e97d1b62744521bc329a7861a2376eeb8f3248eb031a7b43b1f22174fcc3c642033770137cad8329b240970127edd3030d9a69af242fc7405b5867d0f5950bb0b79f702e84180ee43ca21f46adce07ad014f5cfd7be25e735eb0431889bcce40a4e94791fca5a65da24838d189b85218c9961eb1bce8db4cb2ffc7a2c3419788e68098350cacc6aa61dfb3d8476454927f9ab767037a84ed4e39862b3f386a065b169403259617150679e34af188035d8bebd9f4f22544cbf81f0d0516799d39a17a56c12e5c151945d65084367647c6f6a78ade46f7bcc0b8aca7d8abfe3eb34ab2d1fb7800a98da86c8da956b267e309634d55ff7f6570f9b926bd602d4a94e77c662d1479c576b972d87bb35ea634b5f676774d40e04a0a908948c269c7dc71778ed5d15d9b8f4519ee858bc273a49afc7a206afd97286716b832e64154a074305d7bbcb7f2205017d1ed5ca6e42edc6d35fabc88dd188028b15e5aa5296e12c03486a80a6e3cb0c001e4742b1edf02fa70c2ebdcbec606480054fc467729e99d1eb80bee04b36fb17c722068079146fde54b06c3ec5c4bafaf113d2000ef36aebe8454560e81d0cf982a798bae3c39cd430203010001a320301e300e0603551d0f0101ff040403020780300c0603551d130101ff04023000300d06092a864886f70d01010d050003820201006bf0137ee63d74f0df4ee19376625ac33574898a025b764e9bd69f8c7d9fa1c7f9b58f0355f206cab84927d626275a8fd0d1c6a3b9a7811b361a68523ad86199ec1188922ce525246bfef1b4dd23eb5b8ee0894d4495ceb1c0f27bca3812c7c02432f9a693c7a331c53162a76c687c0ff60b31389a0e11f9da1fd8ceae91ff671222083643e0a7c0b97f170ab051856ab58c8b3278d16753cfaac05cec9a08c0fcc2e993aaea79225d70e9ec8bfb53c93be8915b2026a35bf05d3c9e5e417fabc5648d9fd8f153e8787f1e3cdd637fe2abd8c8a5d1c9171c342e588a77ff2739dc6b88c79dc933dedf535c496ba652a184b6b65b831aa7706251494108d58f8565624e37a343696f2e42c029333dab8b1a9e34bda64b58546906e9bd3f0d67f3cb830e8b6bf3b01f653c938da93b53a6878a14fe75550b546d580fa40f0e6e6fac25113513f48c9fc79b27689b906afd59d11abbdf4fde466d2a93431606db3938d9e9f7505d1a0cd91e4f116a2f3e1837ba0c1ab0cc74724916a65d9b2c09b00eef96bda7156f789449923371b5aac2a6728b0b3e71ac656ebc820bad65977cebaf56611c8d322c78af95c5dc1c2e56d95eca6efb5664010860dd6c82faf60a9cd493eecc6b013449633928d96bb0d38f28f838564db989958ecfd5325fa51f8ec4148545c5a94705beb7200b427f978959cc7a031fe58f7e2f42ad48e3bb82	Lightroom_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore\Certificates\85E2C5B0D9CFF505363FA62A5E8B8C1D76A60B46	Lightroom_Set-Up.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore\Certificates\85E2C5B0D9CFF505363FA62A5E8B8C1D76A60B46\Blob = 03000000010000001400000085e2c5b0d9cff505363fa62a5e8b8c1d76a60b462000000001000000bc050000308205b8308203a0a003020102020426c66cd0300d06092a864886f70d01010d0500308185310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f6779311b301906035504030c1241646f626520526f6f742043412031302d333020170d3138303831373137333831395a180f32303638303830343137333831395a30818e310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793124302206035504030c1b41646f626520496e7465726d6564696174652043412031302d313930820222300d06092a864886f70d01010105000382020f003082020a0282020100b533b875034a0e7563110700e026d838b4ed1369ee54d6db09ebf764a4778ef8a7dc7dfba9386a78e61be8ff8722d2ca1535cc02c111f9fae54fdc09698d22d9d936b3133aab757b596a1c093cf3559f351d3f10dc44fb0f9787e1f685e83dc775c74d0e563f1509071a1d4bcd919d0b9ebaf925867a85e7e5b9b13040760dfbe2a9bd70e028963dd69631e9cf2f5ca3a6634ac8bfe2dae5cde9df35e935b4f88a17fc78786052badf6e5a378e34a16d16ec7eeb69bf0917fd7210ae129ae2b5f3473e28ea73e25e81176229f0ad99b74069cf6c30413ab85d86f7fec519e01806a928cf2e5ea9c9aae9f57a60401e76313fd017bbe23541b455da6c7d49e39f6b451a67ea2160056781067c489526d297410ac05e87fbeca66d75bda1eaeec9652891598957f4c19fb53ec491b1d600d1ad75d7c164d613ba6ce275682f44399515c247d11d72dc440fd800225a13ae8d16494eaa9f1f82120d2f51243683d2aa62cdcf5be075720b7d566eadb5e46ee3299b43296a49bf3fbe2e672e72e42e7918e608466028de4f215cd362cfd921200ff946168717d09af99095950812f5a4de4073e2c5697a318b9eb51a585a36e74dbd8fb7277c8aeb7ddd42ffbeb32c181f9edaddc1480b95f16e7ea37d0dab3f2f5009d570aa4624b66a7017c75f1caa7c544e15def0c6e6cf6a4f26312b68f633b7a5a4203c97e77a32141e7cf4970203010001a3233021300e0603551d0f0101ff040403020204300f0603551d130101ff040530030101ff300d06092a864886f70d01010d050003820201005bd66c82ca184490136b886ef3b5f5b6866768c8cfd13f701025aeb8dc8b7b4539c071032663327f1b55d773e062ea01551038bc12895b4a760a23ec0ef1e24c1d25649b12dad880b576a952ba1f9d1ed0c5bdf45e8a9f9465c091e22ff7165912fba642b3e2979897339ab2ae511615d3e20b27e3e60e13fe188c7c7119f14029ccfaf1e9fef5c7e53ce1c0d1cfcb8507131c446af5b7f67b701e1ee4151cadd14048737cf0ec86f8964d75b8509bf07a984441641622568d5ea1b9124101db76c578bee86acdb651a90b5c3abdab541f3a41e82cbfc0d30319e1975924540a71e8d1a3603caade3cefcf0b362b62fa09efe97827276b0b79f58553136c89aa72a9f3f7fdaa87e5789978abe6af28c04f7d673954594329ace012159c5ee6b2cb43b55f507e0e0f68233e8a3c6fe13a2cb23b4f38ddecaeae21e99bd6e152793ad59b8286256ede041654cb8a7c069d773868f8bddea44fccdcfc4c0cfec6f9357093024d88519a40bdb3b77b0988051418fcba0a67c5caabc66f21d094e5d612dd7f951291892a4f8ef35efdb2c9d940fcbddfdb75d19b1b215a36dec147c9d716bb4a06047e90d0d0fad64a56f24a6b650843d5cdd2aba7e8894b4693d775aebc8d65063d1813b0be5c9c6357c43be7aea9b3b6021935acc2b8f38746aeab5eaa06f447be0cfff20b38811e273023cd035f14ad3a7babee646909282cc3ef	Lightroom_Set-Up.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore\Certificates\4C7C2E87F0BC79A039D39B05F899A1CC521FDE99\Blob = 0300000001000000140000004c7c2e87f0bc79a039d39b05f899a1cc521fde992000000001000000c3050000308205bf308203a7a00302010202046e271780300d06092a864886f70d01010d050030818e310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793124302206035504030c1b41646f626520496e7465726d6564696174652043412031302d3135301e170d3233303830373133343834335a170d3330303830353133343834315a308191310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793127302506035504030c1e41646f626520436f6e74656e742043657274696669636174652031302d3730820222300d06092a864886f70d01010105000382020f003082020a0282020100ad280d5cfb35f4129a580996209e83cd117cab917f7f8b85e353c39899fa07bc7050077db622fe4b43c477c0abb8325a1ee90f76416e2af5cb76ed9ccec153694c6add14358e1c5c45d32db721654781ba134e981ae3b21d56fe739afd397db8101fa65554ad67d9b808d45487d9913bd7cf30e094a948546da75f51395ab7b0f122244976683d87ce6797aaea3d5ee468553fc658b2b9530e33e2aa418950458d4147270f8773e3d93da7df6a1e8f58e439218236d110a658bf5037260d3f596e1f06b9e963f758eca3f99faa454640628e3bc66c16e914aad9bea5a47f954ca0ff73cf4237e8545e5e82f66795493508a6852f4564ef44dbb31b23c27d6dcc54e749094bb404073ed05ab6bf54afadec8ea7b58ce2d935c4b0ec8a054bef86cebfd63faab8fae41104e8bdaf1f3f2474d78e050c8f33510c80abba83c0da198107e47b40cd119b71827a510ae65e9b97d5e617b397cf517cfecbc47a890bbc350c5b631a50f254151d4d84cd512e0f57241e10b1bd1569287a900d4bf4a23532556266bc1c8b1014972f126b20a2e2e7db73774eb822669fc2bcf56d817ee3f5d20f9b029ec62d377d5328000ce5d921c965337c500416a6c3e828ed27ad8ed370f8b9035c322ce75ed6de25002e363475f95e24ad6e30b9350eb2934a431bf09c8b4df073213fd6393192d796022b4275a73e5b4a2bf3b226d6a537e96c450203010001a320301e300e0603551d0f0101ff040403020780300c0603551d130101ff04023000300d06092a864886f70d01010d05000382020100315188a437cb6a526ab679d888ef1051ea301191b36ff818d3e7e1b8cbc8e1c078fc058e0d7bd61b11fd8efef27b411c3f494f6734c286008ffb39d2eecf012929913628c5b160f6ca24fab63068fc48cb91293fc302f3d16f5de8dbdfe3a57abca9a081c4cfa82fa3e06f36a318251a351c5e08fe4f4a286d1ebb4bf87278f7e54faf53e1b37148f19f210136c5f3b5981a89a3aaf8351490555d001aee6c9ab2bd27cc13d162ef6314c47fce2c668e16ed641d2b6871ef3b0afbc8e5e2b93d775049061496057a361c2cd1ed7cbdadd143a0f114e9d5066c6e2f2bfd771b44c8979cf0f094d2d89e104c935ef362eabcccda4559bb33e640b3c1920cf314688fdc639665e8e81f6b9312516d937a6db751fd39e044271432d0e83bfcb5e8df5cbe2a7c15e272e09aa96f939ac7b6655fcfe91e59474b3a4cecf12490cb1f3aa2a80ae53cbe867ccaeff9ca84d487bf438f4213b253148ff8be54caee1e4aa157353f707a966f946e89a8fc8964849eb948bd54b2b2e6d1dd85ba7df45208206472a5aa93860c5ee8f6460739ea3231ec590f09602ff29f09ecedbdbd635cb42670c8288b3f051dd6c393240d0a668b9a2c20bd70f182ce58d152089385ab717c7c624826ec39424050ad45048927d2e771be6f6693055589f3612df47c206d6ae8600f9d60f7aebc5567458d8a423b76d6082ab213fff88584909e76b458ab	Lightroom_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore\Certificates\A5C8D928986EC17FCC7D5F2353885D1709B73A29	Lightroom_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore	Lightroom_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore\Certificates	Lightroom_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore\CRLs	Lightroom_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore\CTLs	Lightroom_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore\Certificates\4C7C2E87F0BC79A039D39B05F899A1CC521FDE99	Lightroom_Set-Up.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\SystemCertificates\AdobeCertStore\Certificates\A5C8D928986EC17FCC7D5F2353885D1709B73A29\Blob = 030000000100000014000000a5c8d928986ec17fcc7d5f2353885d1709b73a292000000001000000bc050000308205b8308203a0a00302010202047ce3bf47300d06092a864886f70d01010d0500308185310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f6779311b301906035504030c1241646f626520526f6f742043412031302d333020170d3138303831373137333831355a180f32303638303830343137333831355a30818e310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793124302206035504030c1b41646f626520496e7465726d6564696174652043412031302d313530820222300d06092a864886f70d01010105000382020f003082020a0282020100a0e7345276469020a420dfb0569684d7adf0f493a0a0a53742c25e1bf39a91a481ae07efcf40586a5b42a776dad12710078884bfcb2c3af2bdd70b4301490e58de99cb28b1dc5befd617dadfc34c653d9ef643ff6fd9069cb2ad740ebf1abc42c9fabb8a65cd0d76e9b0b64c77ec0e9350da1ba5f3aabbad9e076e2aebb3af34809dd50bb29cb26577536791a0c672c843fd11a60ce5aa99e0ac5ff81819ab8d4306e790040b6d9d4eb9e37b88d9bdfd8271ee8ba557aff9ec66da32c1f483cc84e0e9af352f5fd083e0933047a13529568e22491266b576b50af641676031593285135758d3f86467159b00ff3662b885dc7a331a1b658c42ae8e76101a67abf22002b4ccf330b966d05f63a91870ef56916ff131a0b8737e111413bc3620c593d5c1452012ec77d77b99240ab972c2fd0d20474bb9c63f1053cfded7de55d57e2d735ac280e1faa8f8af095fb29d5b03b7e45ff8c6d1a7c052e0854418d27c9adb3e40032000e988fd8f6f556bd956e85eed4e7c4d1916c4fc090c27e6b1a3bdaadf8eda48c81b212feee1f1b97ebe4b2ed98b49662c101efdb212720d73a7a432af6d816c7997a5485dae77209f060718e50c524d089750a51bfab47e04fccbf04017762c3597fa5b52b2394b7159053034065e17c184c25736ac793c6e2b25e04d59dc1fe74f9e338c719573d6d6b4b29ea7adbc259e5d4fb4d0fa89a92b0203010001a3233021300e0603551d0f0101ff040403020204300f0603551d130101ff040530030101ff300d06092a864886f70d01010d05000382020100501c3b74f2e4857d8171cffe355895c8241c0590b0f5a81321aad9b328916dc68479ed41c47396336cae923db8c14276504c81f99ee5d961fae32ea75fa707717fe6d3a0cdea05bd40c1d69f21a619b09209f09be929c02125020d7eb9e94670ef57bc02080be6718832fd9f5e7fbfd1bd75c278665582452f66a282d7bcb7936bc336ff64ab06a4a5f12f4a4592dd13ac944fc5a2dd8b084fa429d2eecc10fd7e9a5be17b8c235a12c3e48e0df101837bcd4563cac3e02d7b93e172847881db7ed7e3c01e5e426fe51ee67262154daba09ea358bd10e8d10a9028e6dded33fa8c0b5e5e88d751a73bc68cbd30ebed017024affcc1a3942010531a398ea8120158d78c214e813d6023ec021e80967de3131284f80d0650b1a068d7c5e2bf7f8e019c70db26ee5f0d1719240c7a06c66344d95749b73aff74d6471d97297a248370f30b76d15d576e24fc4f2ac5960eb03d44d9fd145415eb99960802ff81c17439d9594187ffeb98e6e6f1ec11b44fb24eaadfcc1e9107e03eafb42bc717d3a0db4a73c66f0a22c7924a400b02742ea8609051927fac69131dba15df08d152e226764f30438bdb422a895c7d0e60b1da26370806914e4cc1dac1777385d470c81292d597def9c7bbdbca6ed5d8a36cbd97c159590fd075b93c32a22e2405fad8c239b66cdc016e3ffe13c191065ecfefcabdaac7164846611cf24ac9506e7af7	Lightroom_Set-Up.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

msedgewebview2.exemsedgewebview2.exeLightroom_Set-Up.exemsedgewebview2.exemsedgewebview2.exe

pid	process
2136	msedgewebview2.exe
2136	msedgewebview2.exe
4156	msedgewebview2.exe
4156	msedgewebview2.exe
2652	Lightroom_Set-Up.exe
2652	Lightroom_Set-Up.exe
2652	Lightroom_Set-Up.exe
2652	Lightroom_Set-Up.exe
3792	msedgewebview2.exe
3792	msedgewebview2.exe
2852	msedgewebview2.exe
2852	msedgewebview2.exe
2652	Lightroom_Set-Up.exe
2652	Lightroom_Set-Up.exe
2652	Lightroom_Set-Up.exe
2652	Lightroom_Set-Up.exe
2652	Lightroom_Set-Up.exe
2652	Lightroom_Set-Up.exe
2652	Lightroom_Set-Up.exe
2652	Lightroom_Set-Up.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedgewebview2.exemsedgewebview2.exe

pid process

2020 msedgewebview2.exe
1588 msedgewebview2.exe

pid	process
2020	msedgewebview2.exe
1588	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

Lightroom_Set-Up.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	2652	Lightroom_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2652	Lightroom_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2652	Lightroom_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2652	Lightroom_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2652	Lightroom_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2652	Lightroom_Set-Up.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msedgewebview2.exemsedgewebview2.exe

pid process

1588 msedgewebview2.exe
2020 msedgewebview2.exe

pid	process
1588	msedgewebview2.exe
2020	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Lightroom_Set-Up.exemsedgewebview2.exemsedgewebview2.exe

description	pid	process	target process
PID 2652 wrote to memory of 1588	2652	Lightroom_Set-Up.exe	msedgewebview2.exe
PID 2652 wrote to memory of 1588	2652	Lightroom_Set-Up.exe	msedgewebview2.exe
PID 2652 wrote to memory of 2020	2652	Lightroom_Set-Up.exe	msedgewebview2.exe
PID 2652 wrote to memory of 2020	2652	Lightroom_Set-Up.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1764	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1764	1588	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 5092	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 5092	2020	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 1588 wrote to memory of 1100	1588	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe
PID 2020 wrote to memory of 1068	2020	msedgewebview2.exe	msedgewebview2.exe

C:\Users\Admin\AppData\Local\Temp\Lightroom_Set-Up.exe
"C:\Users\Admin\AppData\Local\Temp\Lightroom_Set-Up.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2652

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=2652.836.9336157659633605494
2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1588

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7ffb8a393cb8,0x7ffb8a393cc8,0x7ffb8a393cd8
3⤵
PID:1764

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1908,10952137139074300333,29032610507610655,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
3⤵
PID:1100

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,10952137139074300333,29032610507610655,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2228 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2136

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,10952137139074300333,29032610507610655,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2556 /prefetch:8
3⤵
PID:2728

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1908,10952137139074300333,29032610507610655,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
3⤵
PID:3980

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,10952137139074300333,29032610507610655,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4760 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3792

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1908,10952137139074300333,29032610507610655,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4116 /prefetch:8
3⤵
PID:5028

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=2652.836.1993667476860670255
2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2020

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe4,0x1b4,0x7ffb8a393cb8,0x7ffb8a393cc8,0x7ffb8a393cd8
3⤵
PID:5092

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1868,13764104759386097709,13000790299125244992,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
3⤵
PID:1068

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,13764104759386097709,13000790299125244992,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2212 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4156

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,13764104759386097709,13000790299125244992,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2480 /prefetch:8
3⤵
PID:2768

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1868,13764104759386097709,13000790299125244992,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
3⤵
PID:808

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,13764104759386097709,13000790299125244992,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4616 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2852

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1868,13764104759386097709,13000790299125244992,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView" --webview-exe-name=Lightroom_Set-Up.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4724 /prefetch:8
3⤵
PID:1028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1976

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
Filesize
471B

MD5
ba25b25faf256829d339af7900e404d5

SHA1
1389956a8d13cc3d49f5b0309a25a7132a8a3c9d

SHA256
71cd327b45891d3b650fa8248b5f722cec8fe4cccb4a876f91374feeebe38422

SHA512
693248c89489f0f4e59ae321431eada5d291835f6caa4f8229809800087dc8ea92d1f5d3e3c336d71c2763f836aad577575aed13a8c91e99f22d4d6fdd52f2ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
Filesize
471B

MD5
b43ad38df856585a0e4735f45bb1c569

SHA1
616bbde757f231995457dc16d8bf1ebd69239391

SHA256
753339b5189e2e49337b676875ace1b8cecce4620fbd4750e9a93d52d4f13e44

SHA512
f969c27fdace2aaf6c99f5e59ff91c76b8a0b191b006d9cb5cde8a3118dac41242364a17d2a90ef96725855bcff7d166457770585ab7040953ddf809259c5ad4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
Filesize
412B

MD5
7e211a4412cdcbdca53857fa7e996ff8

SHA1
ba0ffa309a5020b62fa0a576aa24b5d6460862aa

SHA256
ef5c8075a2200ff52f21b3f1bbd40cec40ed74fc51c2907a46af65b7ead061ab

SHA512
998191f194355ff8eff976f3d4d06b2245596040ee8c800a8785989eab58c0a1f3fc084f114a8b84aec3a2165dc2a89cec1d909b293d1b12a060369730295c98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
Filesize
412B

MD5
0501d6f2b1375c2e7b1deeec57ec31da

SHA1
5fe2c66482a3d89cc1a0336a0348393703c939b1

SHA256
56c0fca86c26bc1a763aba91c61fbf85ff190582e652437e250d6373b82e904f

SHA512
ba27673e76be4cd09aa5f87870d4e5159b5a32bde3bd7d9dbfa8b734267ba4528fd4b0421b1c3769c0ff8aebbde476e449d94f735d21f9ebdf1f28770d42e483

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
2fa95179f44155c89728e74af7e7eb79

SHA1
192445f003bd52d51f5667b3930777d973ffed22

SHA256
a350e6d51d414f378d1285eb0f265329df99c47a95e05489b89c53689b0e0c34

SHA512
e5c76191b8e4336439a7d0572a1a4f320f23b8b7d9de06cf5fa560bbffcad52e902baddaafbb8a36b9d9525a76e1cfa8172ce6de36a3c51bae9f469c55f7ceca

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
0b54384a06185b33201193d99b767a70

SHA1
d11b5724a07c9beb88c51228a0afe6aad1bdf3eb

SHA256
bc3944a3e527790fd5b986af7ff97dcf147207d3c0bcc2840f5f8c0137b7885d

SHA512
b063797dd3b42e959ea65a484ff0fac7b19bd2d31a5c6c5b9c28fa33bde2d25d9f79e81a570fe61abba4c04aafac1d1859c6c73aeacc3ac66e0500cb63c45d35

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
cd52027365fea89a86f370c3c3d36c24

SHA1
a1fc7a972c5b7310110029fc4cbb06c2910d2f55

SHA256
84d987c85f9834a8aa41122c8e39ded1ec008af05b48e42129b2814a941d3faf

SHA512
312b9c83ca9d2051917ead775822ae2224909bc78d83241cff37a80ad600ede82855e8abc9bfc54b9f00470b22bf4982c1eaed753a6d5d1090579790b35a5d2d

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView\Default\Network Persistent State
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView\Default\Network Persistent State
Filesize
383B

MD5
e08dd87483855ae8d1a625053bcdfa0c

SHA1
208b101613131d512181843a5872352ffafb6f67

SHA256
04da666603e92b95f1802087aac4b55b878d67cf30ae34a07967d1aef7537f17

SHA512
4b23dd2e2db63c046e31026de8c3dfef35024167470e72d3f3a2a20b7c336b0d7550404dd3fee0cde6df745634e4b38201caae179a723e45e04988c5b9effb5e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView\Default\Preferences
Filesize
3KB

MD5
3d4548815b60cabfe1bc7d8db491a016

SHA1
bf93e3f66527806806300dd77bb127e7f4f3a36d

SHA256
2424ea3c14a5dcfe20fc28fb4786d81f393c11c2f58efd7e12696414e10e1cda

SHA512
8df4274a5b2019408cbd2a8942e89560f55c3bf00f2a34065f683719d390f8e55485b8126a5d9565b6d31858264e7f25297637b737bab81618905f43c464c27d

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView\Default\Preferences~RFe586a3e.TMP
Filesize
3KB

MD5
fbf39829c305ae0eaa4bb5078f32fc70

SHA1
8c0a21f0a0e6eee385a8e28eb2e6c144eb29d87b

SHA256
8a6ae823b6eaa19d9063334a04956ddd00546cf3222b835252fb8773db031861

SHA512
e5c21f13ecf3007e1b34998b48236984aad6217bd7b672d1510d37d9e5f6f419d41a5609bfcca84dfaef7f30c5c622a4d593a705bbfb20450b8fbd107a182efd

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView\Local State
Filesize
8KB

MD5
a6cae6b88461dda32f32c41d7611c3b5

SHA1
e58f6a50fa637bab1947eaa56480325401ee5e45

SHA256
25652de4a5d284baee2957cdd2ba62e57828811319f09bf77e8ff3f3918bc016

SHA512
da047afecdd3c14fa307632156026320503a1b7e40c72681a7add5af7c6f4650a843388a87f8d3cafa4b184a565d1dab49a69da1dfc91b42038167987fb6545c

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\Lightroom_Set-Up.exe\EBWebView\Local State~RFe57a45e.TMP
Filesize
8KB

MD5
462f8e1e297ddba067cd4c57a0aa0500

SHA1
42ca82658a7b8cb8e8c219e7108b1b4672bd3f9b

SHA256
7ec1ec53128ee6f2485d2253ce40c63ed4f03ab2fd1e8d4a6c62e4c2baf9db1e

SHA512
1f8e48a942ae21f0df735217b6e7aa970fe79d3aca8a36b142d086f942623e6ca6f5f522381f649eb9391725ed3083b55ea6b104b3a44199542975f01eb534a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.ses
Filesize
53B

MD5
b5f8b4c830860b6d5e87118f33af7fc0

SHA1
0040fcef51e46c40c4785440c6c59178f1b06363

SHA256
ad16500a43f5f76b671e7892757abb15d1c625a961a13af1b1240719cc345585

SHA512
982d1dd77a7ae9d15555fc099622b91b793d84322ba960f047b301aad5c9ebaa6618a34ad4bc6adb2209f37f609f7184c142d6ef6fcef1d4bd1d01185be6cf59

Download Submit
C:\Users\Admin\AppData\Local\Temp\.ses
Filesize
53B

MD5
b68116e8a0edf40d8f5a463da74fa495

SHA1
73dbb74d059fcdfc3a42275def4804b3eadd36fa

SHA256
5341d2ed81bda1518e40c2de8fb6f0e760b4405db34bbe8688665abc9efa04e4

SHA512
c938fdb8942e79fecb564228a26a343093b59a731a3bbd6c3c9f38449d60d60e38b3d67dd225e092f773246139d395cefd93c50d0ac26af1a15c29c53188ec47

Download Submit
C:\Users\Admin\AppData\Local\Temp\.ses
Filesize
53B

MD5
836c65a4c004b29223fa0b399e635c01

SHA1
1f016196556f67538862a25d132b68370cf49f45

SHA256
f2dd546623e5412c5b05f170c80e7e8fa6b62ac243fa9504a0bab04faab37fe9

SHA512
45fdcce4becf60e2940c6137395df2c567945d56762a5ee75c1cb27abe6acb96a8803284c70171b68e0586217e002c8b693e0e94c8d2f83db7f781e63904ceac

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\CCDInstaller.js
Filesize
1.2MB

MD5
fb970bc9889933229160723a60571dde

SHA1
b1b68348b77101b31bea510311c6e85451f833fc

SHA256
39e34fc3dfd74d25631ea2fecaca70a5d767b5f3f40f24380237dc06a80252e2

SHA512
65c4b44e42c7d94a89be9b18ef7589f16f247f47f459da2e8b59b4ffbbba25cbb07971f8484e9bc25bd8c6f953a291ab9384a154aab9ad1572375b3b30c31886

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
a6094868eb6b70519344c598532c07d8

SHA1
47f1a53b746ea793f525ffcd8c3d7f405cee18fe

SHA256
a29d9b689a11b6646585a76ab5b2419ece7cfcad300f39a77b38fcafbbcaa943

SHA512
dc68ea5d96b680a85958a5e1f4d9af80c5f753d24702e79862375f25eefbf29534d6903cfe9bcdede95919ace1350c8e99181892cb8832b58731d83ce7853d7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
89c0e09e4867980b59e8c61b252db813

SHA1
05ab095b2adcd8731645a13c8d8a39362a2a6d2a

SHA256
57c5f07426b64e605649a83db034c93a3ab07a9f9b6234a4361742353dc512fa

SHA512
b18db23d9368d63c01062cb681cc8da04956a50343e117b4c350f48099a191337c9d1b8f5232ae247a8b8e4fd19ad0170cbe5d5093f72347c014aa849dd31913

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Crashpad\throttle_store.dat
Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Default\Code Cache\js\index-dir\temp-index
Filesize
48B

MD5
d0bc6763238b7ad225a702eeec97ae7e

SHA1
cb7524d775bbdfcb11fba49ed8bd81cb58f45ea3

SHA256
0e05039f9792e47d885b7c8fbe7aecd05e444dfdb8e174584ad31d4988b44bc7

SHA512
1008f8736f82f98acc78e39af5d1f388bf1eaae9d8d77da3f25c7683d5b704095007a6dbc8d1841d78fd47b8effdce0c35b6f64eb68a499afa886bc0d200cae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
ffe9e3907682abcd92d01652729bb6a7

SHA1
dde2cece58f077747601251b85fddf981c12e07f

SHA256
ff5b3f7ffb865d89f5b2a5eaacabc8ec3c7fbaf07adbd0b7d71dc2e6a5daf921

SHA512
bf1e969f69d4aa3166397ff82b412bbdcef4c82e21175135e268a6307a9454e50ff65d0670576f871669d29e5c1e7a3b8b73909cb02d771356fdfe2d99b3373a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Default\GPUCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Default\Network Persistent State
Filesize
1002B

MD5
b8cffea90ab429381247c088c9f9d686

SHA1
03d257280dace63be032929f142066efbb0db30c

SHA256
679a588c2bba8bed37e81ab2e1a6eda712a63249f777807964f9a3fcb654ee39

SHA512
7738abc76c9c6297c6878a17c89367d00983cb11dd7384d25db4f4efa6f56ccc0437e7142fb623bf017f4fd73494fb72f88dd974681993319e207a0acd041ab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Default\Preferences
Filesize
3KB

MD5
2dd5afc6497298578fffd3922099d0ed

SHA1
6b823af5db807905a85325140a368c183fff1d76

SHA256
9ba78104a4f8b82b20acb890d35af54bacd2e5fc933d5c636a71b41692b1f545

SHA512
90f5a0835b1b8db324154f63cb780ff5b8505f52196a3e5d97dbe018378c0593479d6a4293ff2954db7c258be14f81e49e811ef2755b5b43cad4e81d8f0cdd2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Default\Preferences~RFe586a2f.TMP
Filesize
3KB

MD5
d2d264ef4c55d4dabbcd62545d9a0d56

SHA1
43205c41f699e10814fa9e0100c1b2faa33d38f1

SHA256
f4cb91c2dd0e06f384e3b68a44df354057cc8f26aff68a5b22fcfe5b8b1dcbd6

SHA512
1845ccffbed375eac8776033cb24241dbf37a54888f0ab6ed46e0e53d0735b8d8a12ab4669d0084851aebd06b76e5ceb04dd24c137fe3b8970afcb777ae9112a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Default\Sync Data\LevelDB\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\EBWebView\Local State~RFe57a47d.TMP
Filesize
8KB

MD5
4d5d3bc7b4dff40b1b86e09649ddf0a5

SHA1
b36e9e471945a858ad60f9042b6c75706c54bef5

SHA256
781c0c50049dcf85290334004b7bab337d4ca390ca7c074a29df2c1f795dbba3

SHA512
1b891d8fcc6a1485908bf821721c25ace3b0a331576069004b176d4d66cd8f30cc2d18db9479a5397b0af32411c0069d980a8102ae183aa53222f4d9f7083c11

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\index.css
Filesize
917KB

MD5
12db9598ecdd44d5f2fcf9c2eed93619

SHA1
8afe7f33f182c191657a52fab99805524f3c53b4

SHA256
22db89651ea56cd8fd6d2920c0bf7b02459989b60272522d4464cb43edd2f34f

SHA512
ae14e691c55a85e0897f8d16005f55d3eaa2e29649f6cecef54d1b78f577cff68a558a60141cb2f8e951c6cca90072232ea12e6f1776ab4c67c70f0f4a778ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B437D453-07D0-47F5-A3A8-7F4DF935BB66}\index.html
Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
\??\pipe\LOCAL\crashpad_1588_QFOIVHHTAFYVBXQC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1100-51-0x00007FFBA90D0000-0x00007FFBA90D1000-memory.dmp

Filesize
4KB

Download
memory/2652-341-0x0000000000BA0000-0x0000000001565000-memory.dmp

Filesize
9.8MB

Download
memory/2652-0-0x0000000000BA0000-0x0000000001565000-memory.dmp

Filesize
9.8MB

Download
memory/2652-259-0x0000000000BA0000-0x0000000001565000-memory.dmp

Filesize
9.8MB

Download