lumma | hxxps://www[.]tumblr[.]com/appsetupfiless

Analysis

max time kernel
259s
max time network
222s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.tumblr.com/appsetupfiless

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://routinecontoradwjsk.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Executes dropped EXE 5 IoCs

Processes:

Setup.exeSetup.exeSetup.exeSetup.exeSetup.exe

pid process

5788 Setup.exe
1604 Setup.exe
5620 Setup.exe
1656 Setup.exe
4892 Setup.exe

Loads dropped DLL 20 IoCs

Processes:

Setup.exeSetup.exeRcClientBase.au3Setup.exeRcClientBase.au3RcClientBase.au3Setup.exeRcClientBase.au3Setup.exeRcClientBase.au3

pid	process
5788	Setup.exe
5788	Setup.exe
5788	Setup.exe
1604	Setup.exe
1604	Setup.exe
1604	Setup.exe
4980	RcClientBase.au3
5620	Setup.exe
5620	Setup.exe
5620	Setup.exe
5440	RcClientBase.au3
5524	RcClientBase.au3
1656	Setup.exe
1656	Setup.exe
1656	Setup.exe
5668	RcClientBase.au3
4892	Setup.exe
4892	Setup.exe
4892	Setup.exe
2112	RcClientBase.au3

Suspicious use of SetThreadContext 5 IoCs

Processes:

Setup.exeSetup.exeSetup.exeSetup.exeSetup.exe

description	pid	process	target process
PID 5788 set thread context of 5316	5788	Setup.exe	more.com
PID 1604 set thread context of 4904	1604	Setup.exe	more.com
PID 5620 set thread context of 5848	5620	Setup.exe	more.com
PID 1656 set thread context of 2360	1656	Setup.exe	more.com
PID 4892 set thread context of 4248	4892	Setup.exe	more.com

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

taskmgr.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings taskmgr.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exeSetup.exemore.comSetup.exemore.comSetup.exemore.comSetup.exemore.comSetup.exemore.comtaskmgr.exe

pid	process
4644	msedge.exe
4644	msedge.exe
532	msedge.exe
532	msedge.exe
2268	identity_helper.exe
2268	identity_helper.exe
5488	msedge.exe
5488	msedge.exe
5788	Setup.exe
5788	Setup.exe
5788	Setup.exe
5316	more.com
5316	more.com
5316	more.com
5316	more.com
1604	Setup.exe
1604	Setup.exe
1604	Setup.exe
4904	more.com
4904	more.com
5620	Setup.exe
5620	Setup.exe
5848	more.com
5848	more.com
1656	Setup.exe
1656	Setup.exe
2360	more.com
2360	more.com
4892	Setup.exe
4892	Setup.exe
4248	more.com
4248	more.com
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe

Suspicious behavior: MapViewOfSection 10 IoCs

Processes:

Setup.exemore.comSetup.exemore.comSetup.exemore.comSetup.exemore.comSetup.exemore.com

pid process

5788 Setup.exe
5316 more.com
1604 Setup.exe
4904 more.com
5620 Setup.exe
5848 more.com
1656 Setup.exe
2360 more.com
4892 Setup.exe
4248 more.com
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

532 msedge.exe
532 msedge.exe
532 msedge.exe
532 msedge.exe
532 msedge.exe
532 msedge.exe
532 msedge.exe
532 msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

7zG.exe7zG.exetaskmgr.exe

description	pid	process
Token: SeRestorePrivilege	6124	7zG.exe
Token: 35	6124	7zG.exe
Token: SeSecurityPrivilege	6124	7zG.exe
Token: SeRestorePrivilege	5636	7zG.exe
Token: 35	5636	7zG.exe
Token: SeSecurityPrivilege	5636	7zG.exe
Token: SeSecurityPrivilege	5636	7zG.exe
Token: SeDebugPrivilege	5880	taskmgr.exe
Token: SeSystemProfilePrivilege	5880	taskmgr.exe
Token: SeCreateGlobalPrivilege	5880	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe
5880	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 532 wrote to memory of 2536	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2536	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4664	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4644	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4644	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 2364	532	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.tumblr.com/appsetupfiless
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaaabc46f8,0x7ffaaabc4708,0x7ffaaabc4718
2⤵
PID:2536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
2⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
2⤵
PID:2364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:1576

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
2⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5688 /prefetch:8
2⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
2⤵
PID:5900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
2⤵
PID:5580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
2⤵
PID:5588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
2⤵
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
2⤵
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1084

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6128

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AppSetapFiless-win64_enus\" -ad -an -ai#7zMap21461:112:7zEvent21802
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6124

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap16091:112:7zEvent23395
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5636

C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
"C:\Users\Admin\Downloads\Setap-Filess\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:5788

C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:5316

C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
3⤵
- Loads dropped DLL
PID:4980

C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
"C:\Users\Admin\Downloads\Setap-Filess\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1604

C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4904

C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
3⤵
- Loads dropped DLL
PID:5440

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Setap-Filess\toughie.txt
1⤵
PID:5624

C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
"C:\Users\Admin\Downloads\Setap-Filess\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:5620

C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:5848

C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
3⤵
- Loads dropped DLL
PID:5524

C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
"C:\Users\Admin\Downloads\Setap-Filess\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1656

C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2360

C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
3⤵
- Loads dropped DLL
PID:5668

C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
"C:\Users\Admin\Downloads\Setap-Filess\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4892

C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4248

C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
3⤵
- Loads dropped DLL
PID:2112

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5880

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
0cb0c2366863355f52f636806b17289a

SHA1
522a271ae0160f78e0d2eda846b1e76e272c8ec8

SHA256
61f47ea1a55b934ec9cf2309d2fcf689b90694d7b8022da63c073f8f3494768d

SHA512
95ef96fd1fbe9dfb00c90a9bec477701462d3b4a663ceef0ccc566ec58078f89120df1ea3a20eb24ea87bcd957ca7f1276bd2a2eb4186ac60719740c3932b0d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
9ec40d6e47244bd8035460255bbf5f7c

SHA1
706a8322968e6c018a1e3edee92fe6ed08aa42d1

SHA256
07c4d15bbf637a378037f1ba2b899b2b253c1fda52f0f8ef7afb3f19a3d7ea69

SHA512
5fe7c67f0078942737d549635481998c5d3a9050563c0efbb706c174c6094d620b4208e5bcf0786e7a535603e2428b145d62f001ba5bb7c99340e144edb9830d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e887aa2e096d98b515f040022f698b97

SHA1
ea676deca360a3924a63cbd1a4e4408f0822dc5b

SHA256
0bee10bdec3866d5f8a6225d66b4afca7995cd676e30f08b3052844c9afed0ca

SHA512
d41dac2c199ab55a8a3892957f8b444904fd20c3a1746305825a621e59128b42e9f67e416f05c676dd3dee70bd67b81236b8f60f3e9c4f9c95db97d53cb91f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
80c820288e01337fb5e6a70ff0e0c8ee

SHA1
714449f07044f99a27cdad085511da7e672a6da1

SHA256
d9a7aefa1e10d92f49071b1e05b3610e4127df9bccf94d35c5b81f33aac513dd

SHA512
294d9d9fd46d7c184844101d6b1214ff92a2aa768d966ce620a40453b2b1bc9f135639c5824b519f773b1f9317e3280fc9701eec1af044e20033264dd88e0efd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
c4f586d98bde4e1ec56c46492fc31afc

SHA1
084292645ae0ffd7f78af13407b80d61643cf0d2

SHA256
6e38f28c0f558a2ce8fc2c446ee10e85476630c6eb2765c64b1aa3864136aa23

SHA512
abd17da8507ba16c48a514568318e0887e758ff77fd229be631f247b66c9fd7bafa1950cdf5119fc69f84830b966a2a982cf631cbc96952018ca312f5cf33e15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
cc5acf03fb651de243535bcba2575771

SHA1
ee3537bccf8d15e010f5d036b63e9c378fc8072c

SHA256
36d73febbdb1b3054844ffc03a61c78f97f0ea6b0b77906ba57d14fcb18e4420

SHA512
4e0b2d3464213670025ee2b3171cdfd43703e0f7abf1ff5f9d7ad98f46ed826a666cc7e883dce51d59c80b6ee83aa6989aaefc8482d796773d350e69e41c8119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\1ff00abf-4453-4a70-964a-9599c57ca0db\index-dir\the-real-index
Filesize
5KB

MD5
50fd18866a1cba6eee8e5c90ba514735

SHA1
a9a69354cbf148fc186e7e695325447f7023f4eb

SHA256
9efc88eb53edb092d4d1ec2f3a17a0239330a486a76ff9149f85112d73ed2fe1

SHA512
689a4972efd4a838418cc46c4950f144f54df62a21c45a8a8d7f606bbd9f5a58267d515e3d2c3867f8ff0ef32007624b3f15f3e78c03b2495ef466f0ad401680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\1ff00abf-4453-4a70-964a-9599c57ca0db\index-dir\the-real-index~RFe579c7e.TMP
Filesize
48B

MD5
ec5433c9990cdf1e414bc7bec96cda27

SHA1
f6db1ea87e5e836336fc6696d0cca042f391af46

SHA256
2d57c6b4626f753cb7451ee8b89711dafcf3fb5ce40a273433ac5abd21226dd8

SHA512
4a1aee35da07abbea65982da3ebc5166b92e08a6380038020c82261c3fc5d01d3e8df02313f1dc023e4f68bc67bb2ed0f0cecb345bd46a31c0a91d2135452e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\index.txt
Filesize
123B

MD5
bf1e5f63a5bee00bc2009e527324fbc0

SHA1
3395b65bf26c35b5d49791e63ea4696dfb0f2c2d

SHA256
b7a587a3a177d46f0a16dfb58252918baa6cec2c81389b8da5394ca1f6ecfa1a

SHA512
22fbf0d6e94b826395d5a6bbf735b57f7a2a0038f9e4502203e875b1f9ab80ac16de817c43bcad64cb2c76c4000a099ed799dedb3e9ff63577b5c0d211d4746c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\index.txt
Filesize
119B

MD5
dcc0b47a6f01cd5f913ecf2769250359

SHA1
2139110f58faaff7e49098812f7673e1e08f986b

SHA256
ee4aaf27a61715292bcb44143bef6f2b30bd603806f252412b5a1e02f823f5bc

SHA512
fb9a770cb4916a19178543d12db8479b6152bcdc2acf37943a6cf837987cfc552a3edd104ed7ee0e105a8d286809cc16f347bb997a8153eb98297f8d62e608b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
30fac32ec056960e0803af76b4fc7bc8

SHA1
1c231bc1a43715152fcabd6f5d7c6c1f7d2db600

SHA256
a206398b1ff90ee19d770a7e5838d9f5fb607aea1b79e8e60b9711fbdf5d458a

SHA512
1341c41d5a0184ce4f227b356b997be6a7960811c09e2f2b77d840ad528515000a3dcf64e4856645fe1035ccfdb4d4cce93bd1a7858a396bc678ae721e0ee9f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579589.TMP
Filesize
48B

MD5
006bf280f11692aa9cc94337c6bb83c4

SHA1
696d79c6366865b8519e333cf29c63c76281b8c1

SHA256
98b0ac6a6a0d1dce2d0b52cead1b7f85de74206b8616a2b1218527d18c9c31db

SHA512
65a62a3f1261f61caf50d3ca318f0d8feca7e2334a1eae09945bba9df7872a09de4fcc273ad37ddf7c6e2b170ccce4eb2e7861286c49480d67b89fa82cc69fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1821174bc4c886f485ecdc7f34c6f091

SHA1
bbc422dc496b1fe3f447843c3aa3619b12430a04

SHA256
26b1cc9ab9720e4dc4822328e01016fbda488b251f043b82b47e957532dcc944

SHA512
2658b88b67295cadca00a35800cbbd6fc857f471c2306646a21e7c6ff6c97966933a97f57bb497885bb1b93122609af412a8860412a0b7ddd071f95434f2c571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe577b4a.TMP
Filesize
1KB

MD5
feb53f42006cdc3cb4d559f6daca6993

SHA1
cde43572435a80a6555f70d799780c3fd03eb733

SHA256
9198209af34a3c0418634503ded6596d20023267f9db17de702a9d5a5b512bab

SHA512
d4cc38bd8f7ba027385d9c1ddaadda07c378ecd5b99174d1334370c296849db213178b478a63e945f43fbf88d6ccb9d82283233115e60510302cde42065cf364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
38240680ab59df19db54560a8dfe4228

SHA1
c5d21b4c84bd6cbef23b6c65f3ad256e0df9407a

SHA256
5ae28226da22c0a7a2dd8aba97243abf075e30a8338d7f9b420c91c8b5810515

SHA512
6d57390dd498a9466a581c4477150fee6b4e8e8ee3b9540b3171c34e363400340d35187cd432f52d77711aa4a4908285e20456a0d115aedd0e5f741bdc187a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f1600799d7440e5c07d6b913f0aeddc2

SHA1
b5ebec3252b18eafca9dfa290a0c68d02a54accf

SHA256
1cb108af1f97a830f295f64636e4c3e082c5620718f2f916c84102ce549e3c58

SHA512
836fb6a4cb7975df0de73d99353026ccb22960f37cc8a7aad860f82e2d6f5e1021b0fc4d0fdd3c925a0e48ca1bf59f6d43473f086d90e92fbc774298d7dac57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\5d7d1eb5
Filesize
1.8MB

MD5
49390c9725624f6bfe744e84797437ac

SHA1
98fbd0d0b813b3d31d10124eceb0d29f0f8f87d2

SHA256
78d49b6505aca405f4e9e095ca6254ce94e4f7eb25361dc0543fe1291f5c8f5a

SHA512
df4cc6e8dd4a52914eb761dbae75a4a3accccd30739466965ed97c7af9746259b93a3327ab57ac79f68fbcdf2ec7ca531443434e37241ab88f8a6502043f642c

Download Submit
C:\Users\Admin\AppData\Local\Temp\984c681b
Filesize
1.8MB

MD5
f0c3dd661b3c64143e3ff7442e63f26c

SHA1
e2c7212c0541962f1e087973ba90450aba7ba07a

SHA256
b40501c4ff9e89f406dd1b24d3aac3ae6115c642491fbdebda6d0d8769642c91

SHA512
7fc8e6fb0414a0790cb94b2f99c9bf699529bbe17aa9c7fe97927a4b938e669bed682069b58227287466a4225c6d28fcdf84c812a1c50734794afe9a276ab3bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
Filesize
872KB

MD5
c56b5f0201a3b3de53e561fe76912bfd

SHA1
2a4062e10a5de813f5688221dbeb3f3ff33eb417

SHA256
237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

SHA512
195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cde9e39d
Filesize
1.8MB

MD5
54c1853dbac870be8b5265e94a44474e

SHA1
a07ae0ef748ced71449ab6240ae5842821fe9131

SHA256
b800a6eeafd6d775deb1d497702738a533e661b6dac723af432853d3a080a543

SHA512
4b06cefb74c2bd5b18cfc2edeb1a5016f7298619557118d1659eb725d0f9a830b5467cef804d3e8416d94961cb3c98bea1369cec816a70146c2914b426c4e9fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ef461ff8
Filesize
1.8MB

MD5
fbfd1b776ed92186475f4d9e0fc1d608

SHA1
dafd8876acce5ea6a76a802db236741adb617cc0

SHA256
b77e187094dba6ffc85cbb1fa689e2183638709dcccd728b8f4c2ed2d12aa4ce

SHA512
512ddea7c45202c3864d24bbf0e714b2389f554bd253738b0c2c8548db84bb1c6fea3a05172c8b8fbd032c51894375a490ca5987a506da9844adb8e50350e4bb

Download Submit
C:\Users\Admin\Downloads\AppSetapFiless-win64_enus.rar
Filesize
16.9MB

MD5
b575972769490a1e3ca1fcee07537f13

SHA1
a60603fb405344f765d41db5e24c4fc07c21b0e7

SHA256
af0fb84a4ebbe2c4059d374e82f6a9c149d450de062c16e9e409422604a9c1e1

SHA512
55bb20e9b93e9ed8af57e22d183f277c1aa7b5e3b25cb53e2b3832e826afe942a4bdc8183c400cd02f245470eb5e8c554e5e4da8ec3b89f4ba82b74a714f2d0f

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
Filesize
938KB

MD5
b15bac961f62448c872e1dc6d3931016

SHA1
1dcb61babb08fe5db711e379cb67335357a5db82

SHA256
bf1a0c67b433f52ebd304553f022baa34bfbca258c932d2b4b8b956b1467bfa5

SHA512
932119f7dc6710239481c80ad8baaed5c14a2085fcc514b6522671b1a4ebbaf488e43453f11d5aaf6dcef7a245db8de44d93ff255f7cf8385b7d00f31f2cc370

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\WCLDll.dll
Filesize
590KB

MD5
47eee41b822d953c47434377006e01fe

SHA1
ad42e88bbcce1640aeda1397f82c826ba764d08e

SHA256
218106e2f5ee44e8ae3ecf62e5c2cb1c3db50e5825f4737c9d13bbd48114ed0b

SHA512
443328c44f0d4203c1d7ffc0cce0883c279db9a820e53c5ef4e4711fac451563b4f2ef114c21a4c947212def9f4218ef852ca0e9bfe8a8655668c757f591883f

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\garret.sql
Filesize
73KB

MD5
ccae01c00a7bba0bcffc9b1124b59dc5

SHA1
2cc8eaff7984a83da0dc81db7f0a97746dd58418

SHA256
c9d728b10c339685bea1c182c41dfefa105850d422f4f9d47d66ce058a0f9998

SHA512
910138e01bc14f4e8e7679e6997651e8ba4e946a16b9cbbae127a00d82d394cbc06becc7e390395c00913e2fe781a464d3cb45a98af71ccba0f45514b4bd6c1e

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\msvcp140.dll
Filesize
427KB

MD5
71a0aa2d05e9174cefd568347bd9c70f

SHA1
cb9247a0fa59e47f72df7d1752424b33a903bbb2

SHA256
fdb3d86c512adff90967cb860d02a4682850ab96727f0376e4d4836504c50e47

SHA512
6e65520528facaa4058720eb16d6bfdcc7bb36923b7e8e6551f3526709f0fabafab123999e618438e6abe7efed4a1332547cfc988f2b24b0e3d91198b95a911a

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\plugins\access\libfilesystem_plugin.dll
Filesize
59KB

MD5
8fac15d2a2da66abdf345afa45ac5e3b

SHA1
553d4c9f39726d8aadb15fed7c904048928049e0

SHA256
66ef741a9282b420b09b940fbdbf666cd1625a8da18daaece036fcc4e1a74d38

SHA512
f756e3b3368245d4670cf0f86a6727858e3ead983b3e10c11d9b13e67d86b632703f44df70e648bb8edcad295744c763a268f4eb02ace0055405c3e9af124548

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\plugins\access\libimem_plugin.dll
Filesize
30KB

MD5
b0770c82314e94afd0d793774d66290b

SHA1
79b280cda1ca944478ebad7778f642d415de523a

SHA256
a5c2f2030e2cb70837d35e434d9793cafa04132e1823430ebcfbd4d985899637

SHA512
21f4780a6da31c84fbc0fe117eef11cbd796d837b7fa38ec8c5e025c8b318f0b925775a7dec1e909ee14da77d800a01115758e803ddeb605e1da0ccbff047133

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\plugins\audio_output\libdirectsound_plugin.dll
Filesize
51KB

MD5
077990f957556e8a72a37f0ee09a2083

SHA1
371908e5515adb53a57f8d2bda47d59a7346fc1b

SHA256
412f9ec13da17b2f2269567b8397b587352070ce77a641ae40b7a243e26c57ef

SHA512
420d536532ccd474176e2ad2421e655708e0835faa1a60f9b2a70f8a54fdd8d787567c30f478639a367d913b5b34e4e0a81c1c38d95d14351affb25abc536770

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\plugins\audio_output\libwasapi_plugin.dll
Filesize
50KB

MD5
d217e0144d8d9237d284a38f9c3e6340

SHA1
fdf9f0edeecb0759fd8b502cd5314511e60f6347

SHA256
94eb16ffd5526836c715d0a1eedada03f0a1061920cbfd44fd4daee3dfabd1af

SHA512
22f7b1b05035011b95f3bf3f1ce4aeb43f8baaa8dde2f2d565dfbf83a9b0a00adaae9c941cd5a2ad4633444d9fe1410accb97a1dd16396afbe84679758738227

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\plugins\codec\libavcodec_plugin.dll
Filesize
15.0MB

MD5
fad5798d2177993c88072f28581750e9

SHA1
029bb1a51e948f649ed8af73bb54b99493b7e233

SHA256
ab10e941252965e338b8b9351902c8eec98c71fa23dd431769a732ca109b5f22

SHA512
def4e1de52122ed8826b46f00067bbd3420e2591bb854310aad05e2e4f01923dec5400ad242ce3e3a71ae344794688ebb084fa534ba50f946f2e6ad0d0649161

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\plugins\codec\libd3d11va_plugin.dll
Filesize
267KB

MD5
1137f05e3030ce4031dfa68731650f25

SHA1
c1e78b9ad6c834d71b0f42ca0f4932f37b7b1579

SHA256
c5cea8862585850e651cbcc5883c70ce7d54e1871b53905b210b55ed9bc1fab1

SHA512
7b03d88f75a30cea02c766741550fb781f7a9a9472145558989e90cb8294f58d7104c79f94f2775fdb90edd38580d189816e63e56aa7c5f022e85d8bcab20a2c

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libdirect3d11_plugin.dll
Filesize
327KB

MD5
267237343345265fe20a9688bd840de2

SHA1
99fee276074a4671e2b5ccceeaf71ec951df45e5

SHA256
0732c8978869bcbf11fa63f8cfbb5d6c75dfd8d34d176cae2dac99a261bcf2dd

SHA512
e354a8c0ec8c32792b6c356dc519d41319684ea2d20d18b61e19eeb8133a049db93ac6845e9ca7978f2933be9bf37eb3f608b81277dc14e3d7d240b206392196

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libdirect3d9_plugin.dll
Filesize
250KB

MD5
f910aee501d6fe100096dcdf9bd4b525

SHA1
c3aaf9ce5643695822cfa6935eefd4e39eaf3d14

SHA256
77a79184b2c81da3b98d501632fc8e5c8af6d078dd29414ae693906f51c343aa

SHA512
05fc6297fb44ef9e60cb975d941d98dd7bea9fbfea1e48723168725a887b1e1e8e00f97d8a5faf419039ee791c2f14404db61e65b40c767e17a1dcc2f6f84940

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libdrawable_plugin.dll
Filesize
30KB

MD5
defb6d6c7bfbddafd3d48d47a69d47a8

SHA1
787c35fa991694f54834d007c13646a219ba43e4

SHA256
aa8cdd685be3ffecb848dd4264061536d562b784c473c3ad1abc1fc3527ac1f5

SHA512
2284fdaec89b819b695db72c493f59b11d60eeab24450c500b0972ee097eae0e51578c0a3044ed100c8ea29e389e46183400ab17140407eebb86a418e04b005f

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libvmem_plugin.dll
Filesize
33KB

MD5
30afe05b0f7f8dbcb10fb9533b189754

SHA1
e92e194b6c0b9b3abdf16f2d6a80081e61f3af65

SHA256
2062d5c42d295e8f01cf0d1c8402460597f1e2b9ba9f86cdad22014364a92782

SHA512
1ac4386671dd47fc9826b718b345295ae2b1a35a1198f4a0d9c0003a3983940df118e440ae9b02e7ff1d821e38eedbdfe1650d6dd02ef39da4c08ace4b17d634

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\toughie.txt
Filesize
1.3MB

MD5
bc64e726ff9f079309711bbce16038b4

SHA1
ccdd42ce09d6a8b29a696f2c9924167bfbcc6f08

SHA256
5335f7aa5c4b96e7533990e22a81dc4d6e19262dc100074262dcf612d3d3c058

SHA512
92f7df5683c73475dd7fee405ef2c8f13482df75078e108a1337461e98c349b9c3e6efba1ce8a448cd54046368fa3f8bbd22c2ef9224b95d5f769c35788dfd68

Download Submit
C:\Users\Admin\Downloads\Setap-Filess\vcruntime140.dll
Filesize
81KB

MD5
16b26bc43943531d7d7e379632ed4e63

SHA1
565287de39649e59e653a3612478c2186096d70a

SHA256
346f72c9a7584c2ab6ce65cd38a616c77ebddc0bbab2274c4e89dd5e62237517

SHA512
b5b7b4b8c5ab4276a34956e43f586272b1803ec3609253fee1bcc0a549aed7ba11d47404b023f7b67af701726bab95cca55738e7bd5bca272eca5ac71bb418cc

Download Submit
\??\pipe\LOCAL\crashpad_532_DJQYCITWHCPUSYLT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1604-1343-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/1604-1348-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/1604-1331-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/1604-1332-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/1656-1397-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/1656-1411-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/1656-1410-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/1656-1398-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/2112-1458-0x0000000000150000-0x00000000001A0000-memory.dmp

Filesize
320KB

Download
memory/2112-1457-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/2112-1459-0x00000000001D0000-0x00000000002AF000-memory.dmp

Filesize
892KB

Download
memory/2112-1460-0x0000000000150000-0x00000000001A0000-memory.dmp

Filesize
320KB

Download
memory/2360-1415-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/4248-1441-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-1437-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/4892-1426-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/4892-1427-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-1433-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/4904-1352-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/4980-1356-0x00000000001D0000-0x00000000002AF000-memory.dmp

Filesize
892KB

Download
memory/4980-1357-0x00000000002B0000-0x0000000000300000-memory.dmp

Filesize
320KB

Download
memory/4980-1347-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/4980-1351-0x00000000002B0000-0x0000000000300000-memory.dmp

Filesize
320KB

Download
memory/5316-1345-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/5316-1321-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/5316-1324-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/5316-1319-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/5316-1325-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/5440-1387-0x0000000000710000-0x0000000000760000-memory.dmp

Filesize
320KB

Download
memory/5440-1378-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/5440-1379-0x0000000000710000-0x0000000000760000-memory.dmp

Filesize
320KB

Download
memory/5440-1386-0x00000000001D0000-0x00000000002AF000-memory.dmp

Filesize
892KB

Download
memory/5524-1409-0x0000000000780000-0x00000000007D0000-memory.dmp

Filesize
320KB

Download
memory/5524-1392-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/5524-1414-0x00000000001D0000-0x00000000002AF000-memory.dmp

Filesize
892KB

Download
memory/5524-1416-0x0000000000780000-0x00000000007D0000-memory.dmp

Filesize
320KB

Download
memory/5620-1364-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/5620-1376-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/5620-1365-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/5620-1380-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/5668-1439-0x0000000000B40000-0x0000000000B90000-memory.dmp

Filesize
320KB

Download
memory/5668-1422-0x0000000000B40000-0x0000000000B90000-memory.dmp

Filesize
320KB

Download
memory/5668-1436-0x00000000001D0000-0x00000000002AF000-memory.dmp

Filesize
892KB

Download
memory/5668-1421-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/5788-1316-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/5788-1315-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/5788-1309-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/5788-1308-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/5788-1317-0x0000000073EE0000-0x000000007405B000-memory.dmp

Filesize
1.5MB

Download
memory/5848-1383-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp

Filesize
2.0MB

Download
memory/5880-1450-0x000001C3686B0000-0x000001C3686B1000-memory.dmp

Filesize
4KB

Download
memory/5880-1448-0x000001C3686B0000-0x000001C3686B1000-memory.dmp

Filesize
4KB

Download
memory/5880-1451-0x000001C3686B0000-0x000001C3686B1000-memory.dmp

Filesize
4KB

Download
memory/5880-1452-0x000001C3686B0000-0x000001C3686B1000-memory.dmp

Filesize
4KB

Download
memory/5880-1454-0x000001C3686B0000-0x000001C3686B1000-memory.dmp

Filesize
4KB

Download
memory/5880-1453-0x000001C3686B0000-0x000001C3686B1000-memory.dmp

Filesize
4KB

Download
memory/5880-1449-0x000001C3686B0000-0x000001C3686B1000-memory.dmp

Filesize
4KB

Download
memory/5880-1444-0x000001C3686B0000-0x000001C3686B1000-memory.dmp

Filesize
4KB

Download
memory/5880-1443-0x000001C3686B0000-0x000001C3686B1000-memory.dmp

Filesize
4KB

Download
memory/5880-1442-0x000001C3686B0000-0x000001C3686B1000-memory.dmp

Filesize
4KB

Download