lumma | 92908a08f2369d7db2e8d8851c819d9e3a2e4cd4d8acc85fa18c138b576979e6

Resubmissions

07-07-2024 13:39

240707-qx8pcswbjh 10

Analysis

max time kernel
300s
max time network
311s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07-07-2024 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

312KB
MD5

adcbbc67a38a4509c52879971f065b9b
SHA1

f690effb017d85d0e30844c8b0480a6456280b10
SHA256

92908a08f2369d7db2e8d8851c819d9e3a2e4cd4d8acc85fa18c138b576979e6
SHA512

0e923ddc3047140b1a9fff185c3d4ddb3846c63ec559c931ed362eb78ece02aa5eea7f1ddd59a726f88383fc0935d5a3e0e1ea02bc3c44baa66f9ddb09b61bdf
SSDEEP

3072:3iegAkHnjPIQ6KSEc/FHjPaW+LN7DxRLlzglKMVMGk:rgAkHnjPIQBSEmDPCN7jBMVMGk

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

https://piedsiggnycliquieaw.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Executes dropped EXE 2 IoCs

pid	Process
4732	setup.exe
3560	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4732 set thread context of 692	4732	setup.exe	105

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1064	4732	WerFault.exe	104

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648332372465198"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9a49ce3b73d0da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{280B4399-0136-415B-B1AD-9745CF9BCA41} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b34eb43e73d0da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
1292	chrome.exe
1292	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
1508	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1980	MicrosoftEdge.exe
4380	MicrosoftEdgeCP.exe
208	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 2964	3536	chrome.exe	74
PID 3536 wrote to memory of 2964	3536	chrome.exe	74
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 4640	3536	chrome.exe	78
PID 3536 wrote to memory of 952	3536	chrome.exe	79
PID 3536 wrote to memory of 952	3536	chrome.exe	79
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80
PID 3536 wrote to memory of 1272	3536	chrome.exe	80

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\file.html"
1⤵
PID:3208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7fff90d09758,0x7fff90d09768,0x7fff90d09778
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:2
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4640 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5124 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5552 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5532 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5508 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5956 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 --field-trial-handle=1836,i,9656140051773338741,8796242285614650004,131072 /prefetch:8
  2⤵
  PID:1404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4276

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4380

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:208

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1556

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NLoader\" -spe -an -ai#7zMap2571:76:7zEvent10767
1⤵
- Suspicious use of FindShellTrayWindow
PID:1508

C:\Users\Admin\Downloads\NLoader\setup.exe
"C:\Users\Admin\Downloads\NLoader\setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4732
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 184
  2⤵
  - Program crash
  PID:1064

C:\Users\Admin\Downloads\NLoader\setup.exe
"C:\Users\Admin\Downloads\NLoader\setup.exe"
1⤵
- Executes dropped EXE
PID:3560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
675cb66bf44402292c9f513e881cfb31

SHA1
d386b8b985974dbcc333a5b4c4d6b249a7ba649a

SHA256
d34eda46ca4c4455ea9ab8434b3306eabebe0fe1eb4742d10d0d7e3294e31025

SHA512
9891cdfc97ffdb629392f22423daa9026265bf38db0728263a3ce41e2357a25e50577cf81ca79570915dd0fe4e43facdfd97b3165e3fdd80b4d6d3c910aa4c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2b5df01b26477ff9_0

Filesize
280B

MD5
7743af603eefc76fe3a1c78516d890e5

SHA1
612608d52d2fea8962734ae67fccfa5a7b172f55

SHA256
ae121306e76a3407fee8fe8fc7267ffbb2fcb6efe608f49925e4cd7b86825c76

SHA512
4026ad87013fcbcd3da17ff48df68cf9f7e3cb4b2312f7be80a6fab7a580f9f0d4c769ac5e4bdc6c0eadadab856f8c8e8fc76f60d9a339606af814607089e275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e7470fdcd62e9df9_0

Filesize
19KB

MD5
97a55b5466ff967813d27a78cd183147

SHA1
ef284270e7cea56465924f896790050f7c05860b

SHA256
fe0d1d937733243581a9681bec824ef2bae0992830d350a1624d84c84a40f8b4

SHA512
fd2c04d3ce732731b889af593da97e216306cd206b787a6b6779812913601e10ef5f6cd94764538e35912bea722d94b19b4fcbfb427f1e0b30b616d770c6e5f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
cf2f40d54dd96ef75c50e29f5bc18387

SHA1
d5ce06d838926a4d30ad17d44a51f6d28bd52f19

SHA256
7c1be8246cc7b6f23dd89d803647eab423ce20941d4e0767129dd17e537ae6d4

SHA512
562d4d119add30414f4007e0c2472343e2a9f573ef4b39110a7bc38baa8e147851143f195def919df3906372c8461795a34d58cc10fb44cc44476169af808792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6adec274758399b42220245fad9d8388

SHA1
775bd1188bf01723de55b36619061450d049512b

SHA256
faaafbd4cbc51c031a36fd2eff2fd8e982ae00f7a65ff6f42f88b6fe68fdbd57

SHA512
db5fc9928437992129a2fe2f932898663b401596efaab5a7e15eab171f7d64fb968526283db8869b563d9f8011ac473010b7c9e8bb6a998cec9e5e511dc5b2db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
50346fd0e571f76c984b0ff610f7f78d

SHA1
af819e20cb15b7bf050d0b905f336bdfffa136e1

SHA256
cba1f98c763ac6eab4e21136c0593e227d4e5cab858a0fd9644331e6022ef761

SHA512
ea8cb1b37ce45f9f3120b169efe6d81404ef68b2055eff38931b127838afdde499b36e05601592a9d7f3cd29b8523268e0f3d34df5de1a919c36533931c05809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a713b34723862e156077c2845edc54aa

SHA1
ef2b81250553f9aae69832b3bd03bcef19923e02

SHA256
d3f815213bde46711976065c3371f393352d6c7f916c0ba359bee93fbaecf9c0

SHA512
6a24b22fac2785ebaee44fa26b52a2c20459bcd22e516a96573e65098d0764f40bbde880f30fb288bf2e8cb94e607a494893f24028d3ec5420b1abc7e9d1114e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f1a18133b570bfa6789ca2a746d595be

SHA1
e4725074eed684b7a269c388eb6b714ef6ddd7a9

SHA256
ec19c0b9f01e2952170519d62f2612ac9a60cd71b549275bea569e460edee48e

SHA512
bdcd8fa71a7277e70e3b967a12013405387140f9b4a7585001e93d9b7c6625e1e3f522a9574c47fbe0258ba27ec91cba1511249d77d3bcc17093305ec9f51ccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cd93709168952ecc27121f96ff9ba3cf

SHA1
2df8551761b8e9dac83b94955b8ace5f2e089af1

SHA256
adf3a8018904ebe1523639b47a2f7fbd0219be3b2cb45afb14c4594c303ce7ef

SHA512
bbf2ab74664d330c98192a982a2e06c061c8a1ffa272052305be2df248ed2b60d40db1102ea7f79cf72fc96713da68e83170f2202576a875c22c197397865cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
192KB

MD5
3b5b5d55d0f1101d56e5230b265597b5

SHA1
c05afdc2ee000f41c76060f996bb7218db74f360

SHA256
3c8879a5cb64f883ec6fcd07b872bae00eb731a8be87ff17fd26babf6697ad7e

SHA512
e17662ec0c3a99eb64ad62cd4a4281d247bf242414ee0fa6f0ff894bcc6532a810d42e227e1fd3d0eeff516e01dde76822fd5947bf7519fd7a6dfdc542cb2acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
32KB

MD5
88d841382140cf696ee89912c6f91bfb

SHA1
b476940aa6b66568ec63f0ecf3a3e5a627602c62

SHA256
d11879ef61b9df5b352e6887e54c91266263a4dfcd84925a57075735c9f848e9

SHA512
f5de494eb1301915569acd8bbb087e5ab58ee20586ee4ec90c22e8fe14709316f11cc2c9d3709d10c4ea14235c6099f7f90f548bf622ff606d719a9b7a3781a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal

Filesize
20KB

MD5
247edd001688a700242ac9182b6ae79f

SHA1
28a538379bae4d4635eca6254d5943b798c0c2ab

SHA256
332e65be9cca625d9dcbce37421733fb7320184039acd2ce2a4022908de5ada6

SHA512
cae40e132ff6a20affeb022149950101b77822dc917195fa00cf08a8e95f596078ce37655bc8f14388c9efe2748950be54337dc0b241e296dd8596cdf6520db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
e8e1be621335911a2d7c376df3cb752a

SHA1
a8e838d86ab8e5c6089fc8f0b675d05ded1669a7

SHA256
43f167b881aebe165f34d7eeec07996d9f883d31d2b21344259c00be504fed57

SHA512
a4729f6d79b0b92743ffde1a7bdd3fd3268c25184c4c99172986c96273a1b91f58b1258efa6f4c64bffab11860e5cc8d76baf66afce18e85b949198e0e0cfd9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
16439b31bc94abe0d791a84dd275c935

SHA1
25ace754c4400654beac07194fa769604343ca99

SHA256
b38f34c447091c2c5aa818909c24a2754004adf1ac4b7f647cecadb6523f9e16

SHA512
28ab748965d4815c1bc918abcffdbbd78e4b92a36b960e1ada4f99a0856a6b6ee137a4091b195b8000a7181669af278d7626bff7b70185573d5a2df0a54f21f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a3ad0497990cfe25a8e2202d5ba92a1e

SHA1
f41f28bfb6561d25b275fd48e9c14f9eaf849596

SHA256
c0085f95dcbc9e35cbc8cb6377ac5f815c4ccfdf80a725d3b87082024969e016

SHA512
2b3cdf9d1b380a384cf4cdf3440fc823f9080af78f4c41e62d244b036659b03b4183fe8949b1970d235fde4d13240bc3bc8da52e345234ae5d7d25639fc1fc7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
a231585e2952cebe674d10db2236beca

SHA1
2aa5e55687134bf0f0d3025ab54c1a3c56ea2e4c

SHA256
3085f08cdbe0555054ec15494b70e4a63094cf03799633a9253b41bd99a89942

SHA512
2b1431ec9d21d76fb2b1a334023863c39187b45f95b92afde9b2cd09348310a25edfd0623f11dca63e5bbdae2005bb74fb119e42d40ccc40fea259683630fa07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aef34d1e6ad3dd27e6507d3390cca65f

SHA1
7cd672611053dc3f1075bb6062eb7190627813f1

SHA256
760654662cc72d5dde4b68ae736b091e09d3885095291eec55e27ae4f5dc7068

SHA512
c3c680661e360f18e53f105f00f20af64f5ac3875edb2ff6314e3d5add7bb3358bb286e10c2d79c02942bfee209cf8a15d3c69a0ea80cdc27867aac45e589caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4c2b558bb8059b62c3fe10f24bfc28ff

SHA1
1c330c79920c21dc9dce90bed2143cb1c4962168

SHA256
f63ba8561d49ed4e65003523b3eb8d3664c45d1e6ea652364d559101da487542

SHA512
811afa3a93f4c2d76de674133fb331f23dcf87ce014c4d7eebb360f0c36f0884bf9003cdcfc5ba7480c152352d136436ed5941b5d732ae3a144af625b86c03e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6c7e0d45727c0c6622dbb58570f5f8c8

SHA1
c507e2862436bf368c63cb58e9b7af2734a41d35

SHA256
893c1d0695253828b32bca00dedaf039e0737323f600860bbc23346d6246dca3

SHA512
9ac86af7a22112efde0b0781199fe3831b955d9e1c21b4e47b3503d20ab6d1117d54b6bfd584d176f1e0dc88419dc3361aff95d2b4682947d96ca6ea6800da39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7da666cbbfde537f93e51ca77701b276

SHA1
52e8fc313ee66e7c97d0449401914db65a41332c

SHA256
f79c48d868001ae9a3035fa3e5482aa50d50cac1d3245a700f7aea5db55ddeb9

SHA512
bffda8099ec78002885e8b0d7ce0fbf88d6a5c29c75d261f40b33edee7da7f4f83262ddbbfc12ab47c8b54a086fa1582ec41e4768c5f5043f6139bc36340a2ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0e13f3d87a92b7a1d12f3302452285f7

SHA1
ed22768572df62ce5591ca6d464683c851fc3c0f

SHA256
1eddd096af3144dcc7e7bcc09257b527a43f706ae879640675f1b4704080ba85

SHA512
01dea71b36c8582defb580bfb78fd0fbf29eb3388e0f01e6fe0909f6a32d71ca2d53fca1e17ddda71a2d58a3a87ddcc0e962918d35ea078da64b33e1a6cc7395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
22e3f811a189c40d55ba04d9e07e5230

SHA1
6a4102c51991a596103ace0855cab85942a7a7c9

SHA256
65c1b60b44ca0777aee546cc3d12f0a32cb7145715a8d49e20c6644845726a2c

SHA512
e883d6db57a0194bdee2e8826d85141e72227a141e707ab0647b58d3c6bad193b1a58c32f3697a7c6226f0ef80847d0a27bfe4b0a3ddcb1f47d09b6b0f4f8585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0faf1fb0671a38d53c01447c62af577c

SHA1
98f37510dd3b0f1801690f4106779be807f03c4e

SHA256
6ab0972fa1169de25261bfd8c35331d7503a6648b5313970e80d5c8986629766

SHA512
6d2baf9a47b2e602be25553eca49861ec06c2fa3a8928d16f959b41f11c98ba9f1eabafa78ca7aec781899ecea44f6948196f04d975fdc320d47f626a5e708af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ffe0f7783a78079241d2fdf04a1b117

SHA1
a94d2c775b1eee4e05d6b8477f9308b8b0111c78

SHA256
4b17c1066c26fbcbb970c705a03895c27f617d898e6ae54d11e5046a2a768788

SHA512
2731c5e5cba6a8573da12869f0b0342b8d4c4b7851140b9f3b0e17c69e2a19a38cc3293d8856a0f24362bb1d7dc74e6e86a96548a0c273ccc45dfe5422b1d139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4d96ce123cb9ea3b1cec73e8b565db4e

SHA1
68999833e5d07ee8b0c16ce6527c0437e4cc4d30

SHA256
6333bd1610acf314f48b7964ca77cfcbe792552f783e6d18d0ddc14da2928cdc

SHA512
5e810ee54b4a4381ec82e452ffe1fc3de7944ab4efc4ada3b2663b09f3a326399a16cc9d725cfa5a666fb9614f67d5ee14613180546b6e1da993e346dc1001d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dd403428b6bb6890844bd023cca76af8

SHA1
67ff41cefd95d2a1788d4c0b3ff65705c1d81637

SHA256
d3982921e12e06db0749580a9fcc0b6ae4dcfbd39025cf86bce690fe0f6237c6

SHA512
2be109ab600f096917b9aa3deda2071ab0dc23427eec1d299b9e7f08b9786c5b9298509310560e17a4d730509916d293932e5856a9b4976fb52f6453923feeea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
1b5ea04e7b9cf25d8351dc6834c1e99c

SHA1
7e3c301b48618dc98395dd499bd8d7d3b842a7c2

SHA256
de1b6b34c8aa69cdd6ccac899e9accbea404b0f799dcf5b58f7ee212d0957e65

SHA512
20d2c3ca311df859d0295516855a64b0c47b6b95e1d0eaac745397983f49271823ce9480804f2b34b68b3e8170ae85c3b4769e0b5d4fa9fffbae2fed5cb28541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
488df1305b0288e8a77ace88b3811621

SHA1
c04a8c69d1ced87d2f78ba5bec8d767dde0acddb

SHA256
a05fb787371695525fedc19489f5c0a12676b1574fdf32f74d8b5e241736ed93

SHA512
aff771bb86362f4d756956d2e4869bf0322d9ca2a5ff2de3939e307030c9bba792c2d063b7e307f93ced303cb56ac05709492577372710ea20403601702d3d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
287KB

MD5
1021eaefdba66a3d22c2cd2cecdb1766

SHA1
cf05de521b3b9568996e6dc08893a19945f0f448

SHA256
66eb983bb26621463812293434cf6be3de340557de7820501684d297fd40dbce

SHA512
e3c4c289628378e84265ce8f673c7824fdeb61e50366879af2fb5fcebf72dfa11be55e3f9ba671ff396658e6dd806883c4a24fe83d04005ca2a962ed9e8beab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
287KB

MD5
4bc57e5a1f0841c83c04b46b0a2844a9

SHA1
6c56688371130e76134de2727e893aaa1b87edb1

SHA256
2c645d1cb993df563ae07c968b3119a35247750d9fbffb16533048e5f99243af

SHA512
6a5c0882131c55f5b34121424f23cd0928643e710e20181066e36d6a33b191ef0b65e3e8cc180c9a1cfd6187df0ce227c8603ff2ec71cb7c77ed36c82de8ace1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
22d9047edc7b70912c3114045bb77b09

SHA1
2c2ce2cc8ff4d69aaded2697f1e5aaf69a63aed2

SHA256
aa14c05d82b27627eb276f63881963d3ee8f981854662573f67a196959eb3ded

SHA512
6f070558f5bda2fcfd9f66b08cfa70777294419cc2c24692cdc983adf03b3403f7ac72a9d497dba3ec6d6a74b32472ce297e57989f5c5902bbef24abc607094d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5889dc.TMP

Filesize
93KB

MD5
5f8e0044d58f974e2dd2630003d3d79a

SHA1
64655a604e79504bf59103dea418f51adfdc6fcf

SHA256
28414e2ddf6001e8bc490027edbb5ae7f5f665ce187f03106d0ddddf5f276855

SHA512
fe2481fbca92efcfa95981002e5fdb58d6cf5565ff19846c3df9f7e0afa8a928c9b6dace67b4c0022aa61e1eb3f3b780e71f498468dc96ac0db444ddaf1b6169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\NLoader.rar

Filesize
1.7MB

MD5
873310a52766885bda399bbc52b96fa9

SHA1
04a50696fb3a5168290f9325d1aaac85ffb242e7

SHA256
b2cfd8889c30a80dceb83db4f93ff75b0b0e29df80c9275fcf83ff8ac4ec8936

SHA512
65e5b0e23217f9e1a3edae87e4ae61c76248661c01690c02bf881d39da21057ac146d6e84955505bc02f1ed461e396b43889f0d8fe65ed658b3f3ae4db48a318

Download Submit
C:\Users\Admin\Downloads\NLoader\setup.exe

Filesize
523KB

MD5
38dc1170a3fa3c61f389bda8badbb85a

SHA1
dde58d36d08465e3b68d00a9d003fefb5e86768a

SHA256
9838fbdbe7f5aa5cf504466689f78749b4bf3facf4418d9610fef591a54cc116

SHA512
201f185b40bdbdd92e0ffe6e5d1609a7cf549494efd47a6ce71d0acc1f4bb59d26db43fe2160a6e19a8ed8f0624e9c847f7cc168712379bbf2fa05ba3e722f34

Download Submit
C:\Users\Admin\Downloads\NLoader\setup.exe

Filesize
324KB

MD5
353f31e53dd4e8556f34cdf8b290509b

SHA1
c179a666859524023fe9804ae46f64d04bc84a9a

SHA256
492b4737423aca0c0923beb13edd064252dce70b31d07e813a7c64cf834139e1

SHA512
5dc1bece78c83b75ebeb83292e63c9373815d303d2e01eaffbdae4519863925b6dbc16c4d8df4d7f9cebfa977ff3f9806864f3fccae96dad624272298908725b

Download Submit
memory/692-522-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/692-523-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1980-73-0x000001D7C7DE0000-0x000001D7C7DE1000-memory.dmp

Filesize
4KB

Download
memory/1980-2-0x000001D7C8C20000-0x000001D7C8C30000-memory.dmp

Filesize
64KB

Download
memory/1980-77-0x000001D7C7DA0000-0x000001D7C7DA1000-memory.dmp

Filesize
4KB

Download
memory/1980-37-0x000001D7C7DB0000-0x000001D7C7DB2000-memory.dmp

Filesize
8KB

Download
memory/1980-18-0x000001D7C8D20000-0x000001D7C8D30000-memory.dmp

Filesize
64KB

Download
memory/1980-70-0x000001D7CCFD0000-0x000001D7CCFD2000-memory.dmp

Filesize
8KB

Download