Malware Analysis Report

2024-11-30 05:27

Sample ID 240711-fq3vessgle
Target https://ibf.tw/3Lbmp
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://ibf.tw/3Lbmp was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Delays execution with timeout.exe

Enumerates processes with tasklist

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-11 05:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-11 05:05

Reported

2024-07-11 05:07

Platform

win10v2004-20240709-en

Max time kernel

132s

Max time network

129s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ibf.tw/3Lbmp

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Trust Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\5a1sgpgc.2vo.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 245366.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Trust Launcher.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Trust Launcher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Trust Launcher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4744 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 2160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 2160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ibf.tw/3Lbmp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab1f046f8,0x7ffab1f04708,0x7ffab1f04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8

C:\Users\Admin\Downloads\Trust Launcher.exe

"C:\Users\Admin\Downloads\Trust Launcher.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Roaming\5a1sgpgc.2vo.exe

"C:\Users\Admin\AppData\Roaming\5a1sgpgc.2vo.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Invision Invision.cmd & Invision.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 622814

C:\Windows\SysWOW64\findstr.exe

findstr /V "hophierarchychildrensfour" Close

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Figure + Giant + Realm + Weapon 622814\e

C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif

622814\Stockholm.pif 622814\e

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13643065175078630790,1639979872713820373,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ibf.tw udp
US 104.21.16.87:443 ibf.tw tcp
US 8.8.8.8:53 www.dropbox.com udp
GB 162.125.64.18:443 www.dropbox.com tcp
US 8.8.8.8:53 87.16.21.104.in-addr.arpa udp
US 8.8.8.8:53 ucdf4bb0a06eea298360c502a794.dl.dropboxusercontent.com udp
GB 162.125.64.15:443 ucdf4bb0a06eea298360c502a794.dl.dropboxusercontent.com tcp
US 8.8.8.8:53 18.64.125.162.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 blastpremierhub.com udp
FR 154.56.33.86:443 blastpremierhub.com tcp
US 8.8.8.8:53 86.33.56.154.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 40.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 bgRrCYIpXQsqtNfiG.bgRrCYIpXQsqtNfiG udp
US 8.8.8.8:53 welfaredcattewd.xyz udp
US 8.8.8.8:53 bouncedgowp.shop udp
US 172.67.214.52:443 bouncedgowp.shop tcp
US 8.8.8.8:53 bannngwko.shop udp
US 172.67.146.61:443 bannngwko.shop tcp
US 8.8.8.8:53 bargainnykwo.shop udp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 8.8.8.8:53 affecthorsedpo.shop udp
US 104.21.6.254:443 affecthorsedpo.shop tcp
US 8.8.8.8:53 61.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 52.214.67.172.in-addr.arpa udp
US 8.8.8.8:53 93.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 radiationnopp.shop udp
US 172.67.196.169:443 radiationnopp.shop tcp
US 8.8.8.8:53 answerrsdo.shop udp
US 104.21.44.192:443 answerrsdo.shop tcp
US 8.8.8.8:53 publicitttyps.shop udp
US 104.21.25.154:443 publicitttyps.shop tcp
US 8.8.8.8:53 254.6.21.104.in-addr.arpa udp
US 8.8.8.8:53 169.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 benchillppwo.shop udp
US 172.67.160.230:443 benchillppwo.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 154.25.21.104.in-addr.arpa udp
US 8.8.8.8:53 192.44.21.104.in-addr.arpa udp
US 8.8.8.8:53 230.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 reinforcedirectorywd.shop udp
US 172.67.214.98:443 reinforcedirectorywd.shop tcp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
US 8.8.8.8:53 98.214.67.172.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 27f3335bf37563e4537db3624ee378da
SHA1 57543abc3d97c2a2b251b446820894f4b0111aeb
SHA256 494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a
SHA512 2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

\??\pipe\LOCAL\crashpad_4744_BGKANFMONXUVVFEW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6c86c838cf1dc704d2be375f04e1e6c6
SHA1 ad2911a13a3addc86cc46d4329b2b1621cbe7e35
SHA256 dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb
SHA512 a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7702a6d8a83d7c8e97af977dd5ce72f0
SHA1 b83dee08857ccd460bcf06624843f549a25dd80f
SHA256 0c4985625ef9ae3fac4832ca767a6f72ddf94a8f3b80fc474ebf47a7a45b2bfe
SHA512 a622653973501e0c969890968442d56fddc9cc533785bc2c37fc31fe958cc5eb1bf938e5a454b65d982b975540e53d46c3e12afd59a95055e276c83a38764dcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\Unconfirmed 245366.crdownload

MD5 6ee4d16a922c7c410c48a2d7dc55ece5
SHA1 4281072875fc6b223fe3be38f2164e873a68f031
SHA256 e12353f4d5f68aea92424cf34972738128fc010fe4fe3072d7098f9a299ed559
SHA512 bcc1e2bd218cb745751d28472cdf87b60f8341579552fd973feff7e6dac62a69b2504dfa5e98bdef13f1cf9966b823c179e3ac456104d41ed1d937c44e714a9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 455f867b8a9d6c68499340960065a079
SHA1 2f9c2e9c416345a494849d21a15e466b5c402a33
SHA256 237113ab4712bb7f3c7c2b1837a6c3043c5e7dade77e1a849f99f696b1f1908b
SHA512 1f590858dccb620bdc9475a337677010828e57d9bc0fdd7c2ea2856764f28337e549375121ddb864fb5122be9991e0cb4992ce723569ca13b43a6a206fb249ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e84260d473ea82cc2e534480c1e6060
SHA1 99e5a081d90be9fcb79fd98fced4114e980fbba2
SHA256 b351df20fcf5f68f26c1d7130793bf31c7d90bc48258f68e3212be16b1fbe811
SHA512 f3e8e6e914ba31472936bef018581b9648b1fe808bbeb1e9cac317adea4d7b4839973fa865c83e269cefe0a5e67f50a67bd7e390608450bf75b23556cf178378

memory/3224-76-0x0000000000C70000-0x00000000010EA000-memory.dmp

memory/3224-77-0x00000000060B0000-0x0000000006654000-memory.dmp

memory/3224-80-0x0000000005B00000-0x0000000005B92000-memory.dmp

memory/3224-81-0x0000000005CC0000-0x0000000005CCA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74acf0c5591546b844ac2ece9d406f70
SHA1 97f3365d9775ad436102ce2b9f4f82738e4ac494
SHA256 0028c1e232dd14c83a2435c55b13db13f841a8a670c4faa342e840571ade8700
SHA512 103186adf0773a724e3f94ff4d5ccf44535fbe020ab0a2781f483b1594582bb7800c2a6245966957a4590eadfd05e4bb7df6bc44f6d2a5f9c1ec90492764ea5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c32f478428f43b6a224ec916657d9a2f
SHA1 39642127d13df207a65fe56a33afa57a7f4d0c79
SHA256 e57738871f0f49b81a8d4b55f10a98981f0af63f1c0de97eb2e31f5a420f1195
SHA512 68c8f14fd7aa48186f3d98e2ea96dd6c08ecb43e01d1e30d2ef766e482e5c4606abc48093249b076789211da86b70cb701b62acd5d5814ea0aeebefa885f6e92

C:\Users\Admin\AppData\Local\Temp\Invision

MD5 dcd6244f36dbb6cb09977c90c3f08e20
SHA1 5989ff1e3ab91157e3cd8b9baa8256bae1255c42
SHA256 413373ebd5dc4adb95caa56c4f923f9b213357038a23fce617894cbbc7d4bb37
SHA512 9bebba4f6d47956643f335fd4ba308089af5219bf20ddbd8b53ab5bd4050cf81b3054ff53c93d4490c7fbbd1b42abceba2388f019376c46a8add5773c5315b41

C:\Users\Admin\AppData\Local\Temp\Close

MD5 fddd5bae9019ac4a197c26d8944bb5d1
SHA1 5460f00dcc6933fdc62553ab956e82b338972c8e
SHA256 6860467d64e2a7362de6e1c55e85598a86f9fe15e6c54f5ceaeefd5dc4fba563
SHA512 55abe3af6cfca3402982d3cbf4ff2172b6a552f626f980b5529c9f717aaae4df783afa820441a4a524cd4fee85af7a257b7ceeb415821445f17f52e1b17f2322

C:\Users\Admin\AppData\Local\Temp\Amendment

MD5 453f0ddf29f36cb5fcec3f426b7a7ddc
SHA1 bc81c8f56b09930b40e25a03bd4941f1143d0b6c
SHA256 dafb6fc32ceb25827d274e2ae8f55ab9ad725aabda56570a61b56ab2ead85296
SHA512 3756ba383998df8838e98931ce85e678edd56e002e5a35f66f6def30051564f7ecf0eb9a6e9442ff350dd056a7eae038abd8a411a7ccadfafc5aad3d893328de

C:\Users\Admin\AppData\Local\Temp\Aurora

MD5 a25452465661fb6f3a9027001a7c14d3
SHA1 f1d68c34717fcabd4d1666c114ce237b4250358b
SHA256 66d354ce428008d553566746da683ccf7b1879319b4e6029c1b3ac2b15c66aae
SHA512 0eb25915b1c55fd78a5260f70c3394d73756dcffe6eee86539828d05752f8f23467daf9a5cf651570494bd102e0c4c265fa358ef5b419451f78556ee6b9f7d6d

C:\Users\Admin\AppData\Local\Temp\Burns

MD5 3e3070d01e9a68967db526012a723e9c
SHA1 abcd6b9569d50cac6931e1463a0826d96bf963eb
SHA256 fbf73914ec14497be89e9e4ade9e295cc7aa6a5a0910a0943fc21c712be159fe
SHA512 ecc66b2f5cffa44cc52eda1dd9e1bbcb9cc5d26091d2a60e23966fe5e198317d24260aea666a68404618e0cf3c58c1325e2bbeaba0007b25f1dc2971d8714920

C:\Users\Admin\AppData\Local\Temp\Talking

MD5 413cf0d0ca1fdf9f2fbb5ba37568f37a
SHA1 48fcdc4aa18001251f18e86fbc24fcbfee6d575f
SHA256 c9a27bf0a0c40a5f205453a870eb48db476b2f737b9a96114f00ff3ceebc3f72
SHA512 085f63dc907f610a062adbe43cf09b9fcec17c52e3cae78e1e1675ede831e480eeb7bd725e8802d9258672b16cea9fd16acfb2a1e8becbbe13de991a8f95b878

C:\Users\Admin\AppData\Local\Temp\Frank

MD5 1c1561abe23a61fc6971de6bff07020d
SHA1 e9ca9aba0fb64ac201b12ac13addb6d0fd1397f1
SHA256 501e0d995c4e628c03f9fb7ec72dd8c654b6d13618e72c790e3a163dcc0a0c6b
SHA512 3e4a1aaad536d1828caaeba0f7f774cca44dfb24b6657c03e2e4e88b3fc904074a5a8c0c3cce22c9b8d1e055ba8b47d0cb24b2c481a7781516677e8bd587a42d

C:\Users\Admin\AppData\Local\Temp\Bronze

MD5 e63819404f9b7d6dab058ffdc4895e99
SHA1 77353c249c437550146c655b8566bd788f35cc56
SHA256 a007ae12a8f23611f64e253b23a09e664368b6e2cfb1160aafe38d26145532eb
SHA512 a7379b6a763d637be374c954a7ecc7f38c1b9802564a0f095384ac63d1a9287ead24d9b475d49506ce90a0ec4fe4a01e20a8f4921cdbcb89a0acbbe8dc21ced8

C:\Users\Admin\AppData\Local\Temp\Insider

MD5 d43818576168fbadaa89df997710407e
SHA1 b9018909cf7a8c3208b0819ac2575b20fcf13f7d
SHA256 5255752930a5b78a905850f08f2c0876932e7ebd38f7939c4d503566cc51ebe4
SHA512 adf0cb98cd49579f9ee6c6cab8ce0f13a012096289adaea9fcff95a24c59f9a9d6d9847a24603a48be727269982519ca78f89eca82ba00beab0e01f40097d1ab

C:\Users\Admin\AppData\Local\Temp\Aside

MD5 61c5ff2c456d6723243b5a92e5ac313f
SHA1 734c2eccde8c43fbfea9397f95d116aad5215ceb
SHA256 f835f0e90904f9753cf9082a6fa99fe4a91f06046bfd24dc7d26004248a43cd6
SHA512 6f732bc206b9a8ba2f57fd562f29481ac57966a1fc5df4ae6081da85db305de9b08f05aacff10145c4fb55513963035a3ac95ae57fee83e15a896ac43ff90b43

C:\Users\Admin\AppData\Local\Temp\Pins

MD5 739f8cde6bc9fd4301625c8617abecfe
SHA1 03bbf91e7a80355ed2a50e2dec6f222f83e822ff
SHA256 7ef482eea81ba12c367cd2ee1879fba072dc17a1b05be7b5533b886f23b8e7bb
SHA512 d303155dc840fa7f81a2555819e5a94ed2b911ad85a0732564fe060a83252f1eda50049c5bcfb85c4040aad2339e2a1622b1629f09ab4ae0e958c1c34d83ecd0

C:\Users\Admin\AppData\Local\Temp\Gay

MD5 e473cb4d32454de289570e72449b46cd
SHA1 b887710f9baebf5ba07a9bfcd620a7f2f12bbb34
SHA256 29ad8606520a87efbf25527cd0d22b92963d65fef45dace7c78fa09714ac0195
SHA512 e45125ea88cdb30af17761688fbc986f6d78441b27e80d184fd946e8c5dae87203d943977bfc077a974cae026f121c881efade3863c2e018b14b908df8b3fbfe

C:\Users\Admin\AppData\Local\Temp\Functioning

MD5 8e9f571afaaaa2312f5e902a8194a335
SHA1 0e514ab6750b6f4c00e5b828f57b68e4eb41e4f6
SHA256 d7d36c1fd43de3c93869f2015e29386a234faea9f9c3e2aa18d240834e36a723
SHA512 bf3be6b891b4b5039439ef6db81dd80f675dc834d05d45cd8f7bee3d2818baa59639289350abbd519451789b8864e5790b99cdd8602240a46098a9409bf2250f

C:\Users\Admin\AppData\Local\Temp\Hair

MD5 4c20543e6137dd6bb2189482b02ca073
SHA1 4fbe6d8305c4b28e44330d5ad3b15f94d487d79f
SHA256 217ada2347aab3bc1cab4efb945371e8102ea11be07248ec34c9d709e971d535
SHA512 3850126336deb39a22bc05d970b9129f0a485f06fb0a6db29617d9dfc497a9d2cd06f1509be30e532c4fa1e3bb0ae7230a03353ede2b059dd71ab40674085cdd

C:\Users\Admin\AppData\Local\Temp\Four

MD5 14cbdbd43de0b6d63c087119f4fdd80d
SHA1 e1ed33a79e9be261d5c68812d36e7c3860508403
SHA256 7102938b273ea82d8db39b5ff476c56793677ce175cffe72ab250bab3db97804
SHA512 05c5da429afa87bec26817e011391a54ff133aca29d0506af14c97a22861595c6af2e3d5f607124f2392b78af812a5cef92e7ed9f438aaf9215d264dcb5542c4

C:\Users\Admin\AppData\Local\Temp\Linear

MD5 347ea445947fce26069d1416df1231d9
SHA1 75bf8c7828a35b894519eb64593b9af4d05a7f24
SHA256 0ff46454fcd0acb98a0a65f44a7b9104d3f4f9bcf813dd669e0f4e95dd5a5de4
SHA512 3df4dc4d5bbe1fff0527443502458f1dccbee250a9a4e48df7b81d34b94da5f4f9436420bdb88bad8321d131aec759e8f92fc6af436659275aa6567d8ccd30da

C:\Users\Admin\AppData\Local\Temp\Hydrogen

MD5 25555d9adbfe77a93e02ed0aea4b70ac
SHA1 b6136ab724b57bb0ce3aefa49cc742ae34d694f5
SHA256 cbd0eabd3f26ca1ce25a3385a6b75b3fb49ed04ce6bbf63749e3229ddb527c2e
SHA512 685f62f68462f1225bc6b6cc434ac8ab85ce3e3a47eea24415b1f505098394381eca6b8a3f19138e27364bc693bdcb2f9c53090aa8bf4acea7be4539dfcb7903

C:\Users\Admin\AppData\Local\Temp\Chrome

MD5 0cd67281cc0f3992643872064ae936a9
SHA1 440d9eb5accd108e6972c7ba08071a4a75da17f7
SHA256 2bf63cdffa011a72134b8a0e7e0e152f53d8546bd768c96f422a525cd83ecf22
SHA512 98a5f9834245d89f05aef2077a5306bfda4c44aed16b8a116b1295bbfc248d1a9d9e06bd0db7e0fcab81dac9b4483c5728f7adc9bf608850b74b89a06c2dea92

C:\Users\Admin\AppData\Local\Temp\Completed

MD5 2974a3776121de0ff4af26b3a61f2404
SHA1 dcb283d4818bb93817f46073ad1134859aaf675e
SHA256 9f50b41bb9e5ba70cc52504397108fd09ea615f81648c53f5b639ee65b3aeaa7
SHA512 cfe74b89ea5e77aa4d1cd12420490e656e9790d6a741b479605e1d66ea0a82a8b9203277b9c71bfbe1599d7a33390084bb6e0fc59f5ce390bd32d1ad46b949da

C:\Users\Admin\AppData\Local\Temp\Builds

MD5 4dde4b052ded57bb35720230c2a1bfd3
SHA1 b963d77130b85c8a822a3760fc91ff826927691f
SHA256 30f1a95b9680f38d85b62710d4c7a5bdf9fb440bd82574ede85b93cc54f8e8af
SHA512 2350d5774297da327ae290b041a44d91cfdd79626a51ee4d461b85cf1046b9e348eb05e38930ac37818039570b7cfa88e0ac971be009c0e0116d66825bc14a12

C:\Users\Admin\AppData\Local\Temp\Ga

MD5 fc5b5c4895f21b3f1d53ab1ceb41b053
SHA1 927c30832191ff5b2ab98521f8ec42bcec2a5ad1
SHA256 7f37cc5de00dd606cd81cb98bc57ff42df2428cdcefcb6ff8f02cb6791a4b604
SHA512 786656a7e582395d649b58ad4b48a4782d378f279493a017b1161638f892c9abef8d6812af82a630e60d396a116fd061ac80e860e34d63f669d7da4725d7fcb1

C:\Users\Admin\AppData\Local\Temp\Issue

MD5 1e7217ae13ed72520376be8165ded9f2
SHA1 36bfef64fb0210ddac354fd6f9f46e9fd8aa73cd
SHA256 2aaf0e8af02c0bfe0c667cedcd37ca01adc56cd7591f3a8f0d4ffb79a35033ba
SHA512 e2d10df193367f9c088808a345b845cb92edd18fe276ae45955aaed6e3fbc2982f129d340f9e5f05f3823f400bd036f0aa7353d3349ade1a1bb09d8a96ebde7e

C:\Users\Admin\AppData\Local\Temp\Please

MD5 6b528946c33427972a15d8eabfab0686
SHA1 c1c877784d64b434de8fed5bc948536bd6311f19
SHA256 1256b7d69423a99ba7abbf92402ba1fd8ad4e58cb80bbc299bc48286d032cfd1
SHA512 2f1c2c5e8f8a94c023904e5f51d8c10111cec3c59fcf5dfd496e7cb8610eb412516d71405f0745961c8c101bf791ed980cdf1d5215a710b1ab738e436f6fe164

C:\Users\Admin\AppData\Local\Temp\Showers

MD5 962acba697097e36e2c65cd88226b703
SHA1 f5a1e30490704344d85c3e90c5ee612595874be5
SHA256 b5888f7da8149b258908a7b48d04f5f020a57622387fc4dfefc845e3ecf59e5a
SHA512 be764a1a73da6df738dc7b00fbfe86ad4ad0a8ec77f5582e0e81f203dc8b5e01b73cda7834d0c23f1d722ba256f2857ecb4e263fb8262ccdf8a00080f8dcbe1d

C:\Users\Admin\AppData\Local\Temp\Crack

MD5 ec57171d25cb585020d8cacddec8d0e7
SHA1 c4c31f8737cf02466e4c8ab36bf112f5ffc501f0
SHA256 f01c60c8a2e6ed32e58f5ccc2af697a9f7474074529adcd0f2ce2620db9c08f4
SHA512 b20c7f6edc5980c06534a8ea08a0077ab41ce07f91e8b4cb9858f8b032809a867bcf402ed77e917b54665c2712334be6af33fc1467fbe097bbfcf4b406120fbc

C:\Users\Admin\AppData\Local\Temp\Academy

MD5 616f8d3eb30081aa0206a7a65fff97cf
SHA1 c25f90bb63dc1f2078a953cf35dd46e0ceff68da
SHA256 11b40328101cf6cac85f825d8800e98a7c472f0dad428fb584c7379d663da9a1
SHA512 734ac4907825a83cc51c1501b5d024d5c2e41a4c0f9feda23732a0d38f5fd12e8e266d8e83462425f06e54bab359b1175f67987286b8dec41bc76176042cba52

C:\Users\Admin\AppData\Local\Temp\Doe

MD5 95eda64bc162b005b8868c77107b844c
SHA1 1dde05abd0e55bfabd55d2ad5720dba15003dcea
SHA256 0d1dda9cc11bcfad0877b168726e95c69aee15ecf32029bd32bf37df19b29666
SHA512 2e18168865520ed59fc8467b7099cb24f5b41b7a557f4e938f02018bba12095e5048bc36e07738d723c58091fe4ae6aa3121bb0409831bb78639f41f186c7e1d

C:\Users\Admin\AppData\Local\Temp\Extras

MD5 ca4270d699eb0ddaf60f97c8931bfc37
SHA1 5052bb712499b3f93ebb88b36ae07071489117c2
SHA256 2586c6793bf69b70fb7dc6e3c1c3dcb1392d18dd27fc757c52459de6d2b2ec25
SHA512 b7ccdd38b9a4e85d420d114ef0d0c588da1cd9988ac0f6645cbca9e7ffeef80b63f0d9eaba5f77f2a2113f2c1dac7b2ed00bb3dfc3b7ddfe14fe4d6ab5a8678e

C:\Users\Admin\AppData\Local\Temp\Figure

MD5 e4fee1c5de030b78acbfcf715ae5ad55
SHA1 217654be1469e0a54a663742115f0ecf8d31053d
SHA256 4bf3c79babba096fb1f6190857da49310f51a3b743aac3e64c14c995e90b3807
SHA512 e97e48f4f01f44ecfbe23150d72583850fb675bb2a936022c7efc69c88451cc4d42742a59c074f97f999c942d90557fdebde0e82625b34e9fbd81da8a332b36d

C:\Users\Admin\AppData\Local\Temp\Giant

MD5 5a95cd6ebb447b6d1458e19d54a1bea9
SHA1 0c6b6436d1033e97fb469279f39b877a47f3e74b
SHA256 b94db5888d3655d56369ec0fad7f767d3e35ecd7d115544dd520786403cf8cc5
SHA512 040832ac89d1f540ab50c7042d3df3a20ac4d95f8db770b4de3c156d19ff42736687160d4d7ffca9df5cd31a5fec442b4a92f1fffd36d7ca8ac691581a2bff51

C:\Users\Admin\AppData\Local\Temp\Realm

MD5 3c410e0b87de4c6d20454567bdf3188c
SHA1 d18d0cce032454672c7e241648b981764c9689c3
SHA256 b9a2616461913d1198b81bdf59bc032fb8a0dc64cd1065a3f923dfeb51fef6d8
SHA512 a1c4d2a9c9062f83c4f02aebb88a89685ad06de099a4636d7a244f289e397da9604ebd8c4c0e1eee86138d88d188168c3dd4174e94259c58bd524999527c9879

C:\Users\Admin\AppData\Local\Temp\Weapon

MD5 a016f2931a9c72aef52e32f77ea02c5d
SHA1 f2ab1dc6f41f655f191a6893913970f0a2e153fa
SHA256 d2bb028bd1d52358dcacea6d6ce33d8c9361342b64167fc1d89676471520bf29
SHA512 1985772d2cff33887ec89852de4bca48a38ccb9a3aada653ffb4edc4c9b90fe7d0963b606806759e200424b4b642bb4982c6e007d6bd4dcb40b973ee5abf86fe

C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif

MD5 b06e67f9767e5023892d9698703ad098
SHA1 acc07666f4c1d4461d3e1c263cf6a194a8dd1544
SHA256 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb
SHA512 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

C:\Users\Admin\AppData\Local\Temp\622814\e

MD5 65ac9eade3494b6424b2d31ba75be325
SHA1 767e2fd28c8363fc4775aa1dea99200f390adf13
SHA256 3104004ba01526e82382f0fbbb4eb659e36d074a8caab787b84bc1f92a0316a2
SHA512 76273e30f2da05791506c7758c4b4a29f5a4410428ec4ad0c3d7fd888bbcc106a73c40945fc16e814a2114ae56baff1e39c0d01102cca97b33ab05d46626f5c9

memory/3872-563-0x000001EC9B140000-0x000001EC9B141000-memory.dmp

memory/3872-565-0x000001EC9B140000-0x000001EC9B141000-memory.dmp

memory/3872-564-0x000001EC9B140000-0x000001EC9B141000-memory.dmp

memory/3872-575-0x000001EC9B140000-0x000001EC9B141000-memory.dmp

memory/3872-574-0x000001EC9B140000-0x000001EC9B141000-memory.dmp

memory/3872-573-0x000001EC9B140000-0x000001EC9B141000-memory.dmp

memory/3872-572-0x000001EC9B140000-0x000001EC9B141000-memory.dmp

memory/3872-571-0x000001EC9B140000-0x000001EC9B141000-memory.dmp

memory/3872-570-0x000001EC9B140000-0x000001EC9B141000-memory.dmp

memory/3872-569-0x000001EC9B140000-0x000001EC9B141000-memory.dmp

memory/2700-576-0x0000000000230000-0x000000000027F000-memory.dmp

memory/2700-577-0x0000000000230000-0x000000000027F000-memory.dmp

memory/2700-578-0x0000000000230000-0x000000000027F000-memory.dmp

memory/2700-580-0x0000000000230000-0x000000000027F000-memory.dmp

memory/2700-579-0x0000000000230000-0x000000000027F000-memory.dmp