lumma | hxxps://www[.]mediafire[.]com/folder/6fk3a4tjt8jgn/MM2+DUPE

Analysis

max time kernel
128s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/6fk3a4tjt8jgn/MM2+DUPE

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Executes dropped EXE 2 IoCs

Processes:

MM2DUPE.exeMM2DUPE.exe

pid process

7832 MM2DUPE.exe
4424 MM2DUPE.exe
Loads dropped DLL 2 IoCs

Processes:

MM2DUPE.exeMM2DUPE.exe

pid process

7832 MM2DUPE.exe
4424 MM2DUPE.exe

pid	process
7832	MM2DUPE.exe
4424	MM2DUPE.exe

pid	process
7832	MM2DUPE.exe
4424	MM2DUPE.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

MM2DUPE.exeMM2DUPE.exe

description	pid	process	target process
PID 7832 set thread context of 8176	7832	MM2DUPE.exe	aspnet_regiis.exe
PID 4424 set thread context of 1980	4424	MM2DUPE.exe	aspnet_regiis.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
1780	msedge.exe
1780	msedge.exe
4460	msedge.exe
4460	msedge.exe
6088	identity_helper.exe
6088	identity_helper.exe
7852	msedge.exe
7852	msedge.exe
7352	msedge.exe
7352	msedge.exe
7352	msedge.exe
7352	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

7588 OpenWith.exe

pid	process
7588	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

Processes:

msedge.exe

pid	process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7zG.exe

description	pid	process
Token: SeRestorePrivilege	7364	7zG.exe
Token: 35	7364	7zG.exe
Token: SeSecurityPrivilege	7364	7zG.exe
Token: SeSecurityPrivilege	7364	7zG.exe

Suspicious use of FindShellTrayWindow 44 IoCs

Processes:

msedge.exe7zG.exe

pid	process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
7364	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

7588 OpenWith.exe

pid	process
7588	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4460 wrote to memory of 1500	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 1500	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 3668	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 1780	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 1780	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe
PID 4460 wrote to memory of 640	4460	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/6fk3a4tjt8jgn/MM2+DUPE
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd412c46f8,0x7ffd412c4708,0x7ffd412c4718
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 /prefetch:8
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:6736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:6744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:6920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:6992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9560 /prefetch:8
  2⤵
  PID:6636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9596 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1
  2⤵
  PID:7100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:1
  2⤵
  PID:7192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9600 /prefetch:1
  2⤵
  PID:7312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10392 /prefetch:1
  2⤵
  PID:7392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:1
  2⤵
  PID:7472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10552 /prefetch:1
  2⤵
  PID:7624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10764 /prefetch:1
  2⤵
  PID:7696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10792 /prefetch:1
  2⤵
  PID:7704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8776 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,11593016581308824281,16125686439059618854,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3496

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7588

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6724

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MM2 DUPE\" -ad -an -ai#7zMap4294:76:7zEvent7485
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:7364

C:\Users\Admin\Downloads\MM2 DUPE\MM2 DUPE\MM2DUPE.exe
"C:\Users\Admin\Downloads\MM2 DUPE\MM2 DUPE\MM2DUPE.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:7832
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  PID:8176

C:\Users\Admin\Downloads\MM2 DUPE\MM2 DUPE\MM2DUPE.exe
"C:\Users\Admin\Downloads\MM2 DUPE\MM2 DUPE\MM2DUPE.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:4424
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MM2DUPE.exe.log

Filesize
226B

MD5
916851e072fbabc4796d8916c5131092

SHA1
d48a602229a690c512d5fdaf4c8d77547a88e7a2

SHA256
7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

SHA512
07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
20KB

MD5
8dc2756f85fccea2e456061d06bdea5e

SHA1
cdb7f846722ae88cfcca334697b1c61e7945d8ea

SHA256
ff17f0a5c2b621ce0625cfd2d947bf0eabf322c95a8e75a27f42d0722329ae9e

SHA512
585b17e9f72a35299cf49d23567dd29d1fbc70caef0c8374f20ed43c16bcfbbe0cb95107a88e3666b88c1d09263e2180771effeb9fdfdd8423cc08840dcf0d69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e05b5c09c3a11cf8b62a3fd594062c1f

SHA1
7b785a5251b3739c01b5681638d738e246ef1d61

SHA256
86fe6623707cb071cf8c3816b8f3ca78d35a5c96bd645be8edcb141f548e8c34

SHA512
a90a58a197a3354f80d01ac36d412470731d42d1c3f389292d3c7d9cf5a6eb784af509f7e36f45e81af1a42d14ee39794277829e6b59d9c868a8e898e36a45e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a01b7ebff7c3dfd5947087065198a9f7

SHA1
6fa191061814a277257f65b6f15335a1460e1b4f

SHA256
1439c770f13e4cff3062e859837bdaae66cbd5d247f5e365014be86f731cfe36

SHA512
ad037c65144e21704321cf6f0f4e5099ce0c9b16fff631f5994be418ca4019922d7adc106dd3f8c4130c4519e5e1bd8ec12dacb91886738bc710a909a5ad2d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
b4d133f79c91706c331fb381d32676ac

SHA1
04afd565805cf80137edc389055fe95ba8023579

SHA256
4d39decc6732bd7db6a53dd23d3142631bdff0e954ed37ba54f4867d16396154

SHA512
f6a7ccfe36685e6f6c56344774b42906c563bafae05784a33f6c2adbbfe8e56bff8dd9f34b56cdbd89fa8048dfb9d6e87c7da2b53b7c4b2f7ee8b44b4c45006a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed690d02e9f7c522cb17ce88beec6e34

SHA1
995f860d242c7bab77f94e2463eb42de8d7fa355

SHA256
bec2c50c6b280a0513ebe0a3a880a7892a7e3a321c1b3d3537722b90b93161da

SHA512
324b1f1d58e76a47c2afc9e11f935115e1f9c8f44704fc2f4b16a3a4005c687a13301f620d03ce4c4b4cec452a3b6b0164533e31c753d0d1045619df864a18ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
5bb69979d84aaf7b99e818038ec2068c

SHA1
9878ebd9f51bd29b609ff61613c3d6fa5c7e6b03

SHA256
7f0e3d8bbe4542a261a4f768791119b21c09bb5e278848d6a30b10085524b824

SHA512
4036e714743fcb89994df1ed57c0a3daeb72a12d78d0d8085d3e5f4654346c5e3dbf47741786319977acd3fe6161452974c5884529727c691f58bbcfa10a638b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
0f0211fc6aaf7dcb7d0bf05f40a97f23

SHA1
3742191ceb91b0a0f9235d6d7466fc7aaacca706

SHA256
4138a112a0ae75251de78f750a522296aaf10d3bf571c3ce6a01fce70ab167f2

SHA512
565fda24e2d29368721e918d5f7b443ae198cb313e477eda9551a961f0e15dabb838d0c88e5f7cb47d756ef241fc1f6cfca242494453fb06a28205ba0682113f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c018ed730cf89137ae2f479809167d51

SHA1
c9f3e8de5406ac04bc254a021c3794d453f7ed0f

SHA256
4a8c6ed406a38684ba4c693039af9816e628ee35d69a50b9575c5c270c62c475

SHA512
4be7be05fdeb52ea5284b7487e8d11ae19cc4403a72b312c18d606c6658bfca79bd69683b5fc5cedfe4d1f031f70352dd2f1da91c2026f5c6c8af4e796c21d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
bbd4b5e681e2524834aa56b74590bae5

SHA1
54e00349731e9eaaa90ca79cecc138ff0135120b

SHA256
8eb9ad5cb1e478e1ddcdb7f023cf6b7aaf7174dde417a73fdb7e0035ccb966d5

SHA512
d53afca55166790aeb005d323afee69b1807c81893bfe68f19ea833123968ef9cff163225002af01a5dd9c4445cb34ce3b87dc022f219fdb93fa350d2a41e1ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3119866287fdd95da0c34239dd87e236

SHA1
d2cd7a048d54c3dfcee115093cde3ec880d83d19

SHA256
1c799e5fd4297bf44ad0719434646c94ad8f4176bbddff3f888ed944758e1fe8

SHA512
b09a43a9de214ea58288e1244e6febfcffa7df96539f5652e09a74a14519b2f7432b41859b26f6d2f24b60f6833fe2fb02547ed2f5e68e20200e5679da0d4cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0bc14d52d473fcba8fcf61a1321a4bfd

SHA1
f5160b59229b68ede925ec574e80f8f8704274a5

SHA256
8cdbf2dc93be4ce9d710f061aeeaba7b31f52f8277e5310afb5342311de2efe3

SHA512
de3e87cf2f6423fb76bb1121913042b9017d5482d4778b3fc4a28e43d69ac0b4a906290a68fc26be497533acccd2340e9160e146f1b93f42b5459180befad2e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
86aa62fe49e197fd67070a32e1937599

SHA1
5c8d6123f4d2c9e8ab4f72052598c682ea8cb6f8

SHA256
61ca7bf17fb78486c32afb7544c19dbe58e5e4373c0bf1fe924a32dc3b6c7f2d

SHA512
70ca7f8cb72c21f20b9ace99f2e31aa79de67d16a6a6ff521deb8e9489fd6520ba47859d7ddfb0713cb75119e07a2dcf69eec83abe6226937e7b1c91dd48ed2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
aa99e2a4198c08efb2173e7a15104a37

SHA1
0c3b3197e4b11c4e44250ef5dcc29d9b9f41b4fb

SHA256
f09d347c09321260602c328198c96984a146c58d33470a19ffe2da8a89ee8d65

SHA512
734116af66feba212332e2d0e8c615617f60782b796f33c0c577c4c1cc1475888cefdd3840649c6b301d2b57534bd25c75427232c376a675cf51e13f748a6044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
4f7f64988fa52f0095f977ffa826ff55

SHA1
97d00bd1f51f12d4fc5af6b80256aeb3dfcab8f9

SHA256
59e393f349fae20c24d64635c310ccad699faeb81c8590a8ca3ff1795da9dece

SHA512
3e1d55c207ff9ddc63937fe3790ed9d966393378999cb3751d00e6f71b9ee7298c54531f95855e4e5c255cfb2f8e6db435fc97fdebb73f83eede4a55289621b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a095.TMP

Filesize
1KB

MD5
cb7644f555f7e4a0204901cbe3672eab

SHA1
ab3212b4535aa7b27840612e8d66ba2aab632afe

SHA256
3437e4797a96e945cb03201fd27ee6c95a5fa9f069c5063454b2aa3c508dfeee

SHA512
7d3eb2b7530259b6a88878791ae9c753a50f77d59c4d417eb0dfa287a864a91aa3958e4b902dc64ec51d57af1dfa47e806bafa0601139bfb65bb021d79228ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8787767a11be4a448a64a4faaf04c937

SHA1
b91b3ea5320b318b6469a6971f5a5f95363aed2c

SHA256
2dd7c354fa81fdd7f51dbf3a9c8ff05e668758751f306ec07f01868c8111ab2c

SHA512
d48dbc89d4f9bb0cdf8a8139c870694752f536ecdc30e07fa63e76c08ad3adb8c777d03d0283265d21fea9b693f4212538ad70cb793cc0c460db2c3fdb3e6c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a3990fcac027087e0505586b77971a27

SHA1
301349e6aa5873a35fb211d469b6d47b67b045f9

SHA256
a190992030ab54e6ae9d894d6e0c9653781da54b3218d86f0cbcd0ebed941999

SHA512
e8a1b12aa13146ae45ed01ec3a53b08868735d2522df4cdd4bed9abb56c803e12b070f47557889f73d37a873787bb859aded1f2291e54abf3a9a7e8c94eb56bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3aa74b6d9a39cdd8e6bf192e32102424

SHA1
a6fd2067ceeca7f5c86d47c856af5c6624e5ae71

SHA256
871f8a0a8b5800ae801e59db066619963a4a2b62ee2c38d488cef5130793f700

SHA512
656caee510c69d1eb7de66d14f4ddb2e3bb142546e027b3ad1fe1ba56883448c73fae7309d3cd31b0c1e0e9c9069bd88910529ac67ecb71acf653a4e1d842724

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
404KB

MD5
b45de1e0d3b187783bb36bcca4e7155c

SHA1
cb55659f43e4afbbf5580d393f1330adea18da70

SHA256
5b8b2cffc880b389656ce7f5ba445f29639feaccf5cfdde4117aa561fc94464f

SHA512
0478bf54e4e6f0c5d3b983863a303879f42b5846b51bc81bad4950802b47abfdb1cb67335bd7633c0196d31278a209e80948ba8d52e704ca79294c8f6dbe0d0f

Download Submit
C:\Users\Admin\Downloads\MM2 DUPE.7z

Filesize
2.2MB

MD5
922a4b5ce57f0611bb71bc01790533f8

SHA1
85114ae148085d067c6532e4c7255639193a00d6

SHA256
6eaf16eef8fd050beaf0d67269db3373be5d27ca858dba8127d823155bd4e8f6

SHA512
aab6eb4ebbb93180cf558e7cd219d100ffcad707e7499a8f5c7393c6d4df703c876a6c4ed0f792904b377b76b914679c8a71db019d9b1787b6a8287fa53b12a9

Download Submit
C:\Users\Admin\Downloads\MM2 DUPE\MM2 DUPE\MM2DUPE.exe

Filesize
2.4MB

MD5
876ca35eab997050a8038ec656c8cc6b

SHA1
f0c0f804d20c6fadc59525e662992e7de0ed3277

SHA256
661f09a169ef3a3b6a0dfd8885c4a34c8aad30a7d70beb13e168e5088703004e

SHA512
f62962658aa51b8a22801b63feca93c41b1fa54c369452bf9248f90b1e1e57dc25cb0b6f37790630b33a8d3a5cdc383f5eaa670c6db684e7b179d733d9563b87

Download Submit
\??\pipe\LOCAL\crashpad_4460_ODQIMYIVZJVZLJPU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1980-499-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/1980-500-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/4424-489-0x00000000750E0000-0x0000000075890000-memory.dmp

Filesize
7.7MB

Download
memory/4424-498-0x00000000750E0000-0x0000000075890000-memory.dmp

Filesize
7.7MB

Download
memory/7832-453-0x0000000075040000-0x00000000757F0000-memory.dmp

Filesize
7.7MB

Download
memory/7832-439-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/7832-437-0x0000000075040000-0x00000000757F0000-memory.dmp

Filesize
7.7MB

Download
memory/7832-438-0x0000000000030000-0x00000000003D4000-memory.dmp

Filesize
3.6MB

Download
memory/8176-454-0x0000000000610000-0x0000000000661000-memory.dmp

Filesize
324KB

Download
memory/8176-450-0x0000000000610000-0x0000000000661000-memory.dmp

Filesize
324KB

Download
memory/8176-445-0x0000000000610000-0x0000000000661000-memory.dmp

Filesize
324KB

Download