lumma | hxxps://www[.]mediafire[.]com/file/r228em7lp5h780h/PASS-1234[.]zip/file

Analysis

max time kernel
105s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/r228em7lp5h780h/PASS-1234.zip/file

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

PASS-1234.exe

description pid process target process

PID 3488 set thread context of 5280 3488 PASS-1234.exe RegAsm.exe

description	pid	process	target process
PID 3488 set thread context of 5280	3488	PASS-1234.exe	RegAsm.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exetaskmgr.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exetaskmgr.exe

pid	process
3832	msedge.exe
3832	msedge.exe
2308	msedge.exe
2308	msedge.exe
6948	identity_helper.exe
6948	identity_helper.exe
6952	msedge.exe
6952	msedge.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

2192 taskmgr.exe

pid	process
2192	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

Processes:

msedge.exe

pid	process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	2192	taskmgr.exe
Token: SeSystemProfilePrivilege	2192	taskmgr.exe
Token: SeCreateGlobalPrivilege	2192	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe
2192	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2308 wrote to memory of 3268	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3268	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4928	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3832	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 3832	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1160	2308	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/r228em7lp5h780h/PASS-1234.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c93a46f8,0x7ff8c93a4708,0x7ff8c93a4718
2⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
2⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
2⤵
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
2⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:1676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
2⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
2⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
2⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
2⤵
PID:5280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
2⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
2⤵
PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
2⤵
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
2⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
2⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
2⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
2⤵
PID:5680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
2⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
2⤵
PID:5696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
2⤵
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
2⤵
PID:5712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
2⤵
PID:6440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8208 /prefetch:8
2⤵
PID:6656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1
2⤵
PID:6664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9316 /prefetch:1
2⤵
PID:6904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9852 /prefetch:1
2⤵
PID:6912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10024 /prefetch:1
2⤵
PID:7048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:1
2⤵
PID:7136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10292 /prefetch:1
2⤵
PID:6188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10472 /prefetch:1
2⤵
PID:6248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10484 /prefetch:1
2⤵
PID:6256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
2⤵
PID:6460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11144 /prefetch:1
2⤵
PID:6544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10040 /prefetch:1
2⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10544 /prefetch:8
2⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10544 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8420 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
2⤵
PID:6344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
2⤵
PID:6996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
2⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14767075071188962783,3382623459178880193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
2⤵
PID:5468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7144

C:\Users\Admin\Desktop\PASS-1234.exe
"C:\Users\Admin\Desktop\PASS-1234.exe"
1⤵
- Suspicious use of SetThreadContext
PID:3488

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:5280

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
21e5d3e41684516b6e3e2a42564a9127

SHA1
608cff63fa6f7c6db6326f62a716a7c5fda8ffa8

SHA256
8332b60804062c51b6abaaac4ff16e4c3f525ef74f2cb2da5622c380436fd617

SHA512
14f10d42ac78ecae71de7e366c5b86c2ccba2b263276e16be0f802f52be873871fd7506caf37c0acf5082bbb4b3bd0b7fa9f5c5b46ca3e2da5a1808e5a3696b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
d980a9cc558405a98381a85683eabde9

SHA1
00f5845dbb42e35905cc79da9a66f484e8904417

SHA256
282f6dba7b66626aaa11db855546631c8586e2a16bb0452224848d46e66b3dfc

SHA512
f67399b00cc59f2834dfe0bc56370457419d4f847ae203fd5e8ccf985064374e2b05a5b21908b341a83055866290a00df5e1f8018f24cd3790e0c20b78c779d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
988a3a2c2048d2f7764700600510c180

SHA1
fca68a39bf1b6562e739eb16d43e88a46c2c6597

SHA256
c9b9dfa07ae02c8a0f65402a7b9d72a7e052c43490be7b3067ee14733baf2034

SHA512
394757d121dbbdf57ae9ffa319543ffd133899782886463e7d5586d5f6c071187813080b8d093c576028e5ea2acd06f8439894c72b89a28928d664be3e8b1023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
f6a2364decb32657f4f0ce68550af9a9

SHA1
0224725e070eb2526c60592808f8a8911ae72072

SHA256
6003f8e4acdb59e7c480518cc95d403c6bdf1e82e1a52eaae18d2940df09df5a

SHA512
51e3cab6360e6acdc0db6ec9f3fd22c8d413fbd449c9cb8e39737076b1256c8098bede8ac062e24980424c04a1479c780f9a33222a6de948c54e6ee542607a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
a8bb77ba1507f8e9f7e9eaf60e55c9c2

SHA1
aed181861cc401ebb309b3284b5c296c4b81cc24

SHA256
0a595ecd55928fe875c3b0e8326ebc6db625d3843ce81ec173bffdbefb7d2ee4

SHA512
1e563ca6cf0f343c7a9d35629bc21a7354f5edc8073a6dfa453793c35dac2cef18fdfc4d48de0cbbdb002dc2192f97521f5241d3e390b243d9d6243c25f0892a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
500d315500b3e0536a29b3905b860140

SHA1
b1f991313608903d35b07f60799f1ae00d2dfdc3

SHA256
ef3e842a0888868e8eea7c1cfe429d6ca4165db2647e57ad75613de8a1da5214

SHA512
e84da8faba6a5dba9637dfbd91566c9d69dde673ad4c9007ed5bbfb6a9c621f3d730d546abc23e791290cbf92dd8e21b69952ca16527682de3c65f2172ffb40e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579961.TMP

Filesize
2KB

MD5
95f471fc5ff4e31deb11d37be63188e3

SHA1
c5f46752ba92d68837a3ed35414fe2df7c07e4b3

SHA256
ac94ae925bf87d7e974d44ede4e713927618d4b911b7d21b8b0b8532c55286c8

SHA512
ebdd244fd81d96a851f2fc81b0621a288d73a83aa0737ff0340d91988da79d2f8c9c984613f6b355232b6b29544e21cb7ffaa5b9fd63203a02e344269e421941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ddeecac4-6300-45b1-945d-0866e0833cbd.tmp

Filesize
5KB

MD5
0e8cc368db260f3e16127d9cecfbc321

SHA1
ba8faff5b8eb64e8761c5d8d227c7aad77b2fe87

SHA256
56864515bf57b8952ff44ada74dfaadb65a563941ad2e0df5a1437b427cd66c4

SHA512
c451b4533743599e526a43f2cd0d11dd12669620d73dd69fb9adb0b9b376dd7d0dc4f8c326f3b552d42e9a900ad452a82249bbfadda586a2ca5e7c8a636eedfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d9535fe968a56bfcbf731e68b074432f

SHA1
90a07e909af00713590c37b72841ebb5bac94091

SHA256
88e861ba552e725fbcd08af0f664c72707120f2afee38a47642c60f66daa4f22

SHA512
d94c8e252db003e3192d6c96caa0f939447e9d125eaf016d72af1065556d1c3b084dcefbbf4dd3c20b37c50b4d1e6cb8c9d3bd5ef0c2aa3e71067af7b7f19349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
65df5cc0d71fa2d3f3d9b78307aac2a1

SHA1
2f65279aff4f537f145fce0a055733ece15f414b

SHA256
1718a49673b8099ea99fb73ea06e58ba5e0ac0f3eb7f3f789cab64240125311f

SHA512
01ae05ff515fe94cf2f774bf6b095b6aa47c18133ee92840896dd2389c68023b7317476637ec2fa3258ceb651fd87b274675e6d14259f517ff7f04b521c274e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
587a98da3fc021954f08e7b5a96e5e0b

SHA1
a0d2e140f630707bfe20bacdd2493c514c0590d7

SHA256
f1c26c6c0b2f81079f6791e84281b8b3d250f85043b56a6b8616eb1825c85f0a

SHA512
674500c613f7b76a097105aacd861fc565dc94bf2e613bf40d2cf4cc5342a5603da173b0a9ea19dd54cc9704c9beb109f5c0cd451f8a36d43fd932fc00650c8c

Download Submit
C:\Users\Admin\Downloads\PASS-1234.zip

Filesize
12.6MB

MD5
d8e59d0543e2905a2d1709e84fd659e5

SHA1
ba4b0cb38866d9882b10c2a0749193abcb1859b2

SHA256
fbbcad1563503231947a5d12fbd2f2fa947989ff77a8fd96fdc20ebeb0d312e5

SHA512
6d3315f6ab923180c867e277fa83e372a511e8f10e2d7df7666c3fec85bf79bc044e99819bbe924550a6a7cbc1124532a4d5091c3628036148a9686c37e5cabb

Download Submit
\??\pipe\LOCAL\crashpad_2308_WJGBWRWDCBTLHCEZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2192-376-0x0000024F43B40000-0x0000024F43B41000-memory.dmp

Filesize
4KB

Download
memory/2192-378-0x0000024F43B40000-0x0000024F43B41000-memory.dmp

Filesize
4KB

Download
memory/2192-373-0x0000024F43B40000-0x0000024F43B41000-memory.dmp

Filesize
4KB

Download
memory/2192-367-0x0000024F43B40000-0x0000024F43B41000-memory.dmp

Filesize
4KB

Download
memory/2192-369-0x0000024F43B40000-0x0000024F43B41000-memory.dmp

Filesize
4KB

Download
memory/2192-368-0x0000024F43B40000-0x0000024F43B41000-memory.dmp

Filesize
4KB

Download
memory/2192-379-0x0000024F43B40000-0x0000024F43B41000-memory.dmp

Filesize
4KB

Download
memory/2192-374-0x0000024F43B40000-0x0000024F43B41000-memory.dmp

Filesize
4KB

Download
memory/2192-377-0x0000024F43B40000-0x0000024F43B41000-memory.dmp

Filesize
4KB

Download
memory/2192-375-0x0000024F43B40000-0x0000024F43B41000-memory.dmp

Filesize
4KB

Download
memory/3488-365-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/3488-363-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/5280-364-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5280-366-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download