lumma | hxxps://sourceforge[.]net/projects/black-myth/

Analysis

max time kernel
125s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27-08-2024 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sourceforge.net/projects/black-myth/

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://reagoofydwqioo.shop/api

https://interactiedovspm.shop/api

https://charecteristicdxp.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma

Executes dropped EXE 1 IoCs

Processes:

Installer-master-BlackMythWukong.exe

pid	Process
448	Installer-master-BlackMythWukong.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	Process	procid_target
5584	448	WerFault.exe	141
5620	448	WerFault.exe	141

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Installer-master-BlackMythWukong.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installer-master-BlackMythWukong.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exeOpenWith.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 54 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exetaskmgr.exemsedge.exe

pid	Process
3676	msedge.exe
3676	msedge.exe
1848	msedge.exe
1848	msedge.exe
452	identity_helper.exe
452	identity_helper.exe
3360	msedge.exe
3360	msedge.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

OpenWith.exe7zFM.exetaskmgr.exe

pid	Process
5744	OpenWith.exe
1376	7zFM.exe
6040	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

Processes:

msedge.exe

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

7zFM.exetaskmgr.exe

description	pid	Process
Token: SeRestorePrivilege	1376	7zFM.exe
Token: 35	1376	7zFM.exe
Token: SeSecurityPrivilege	1376	7zFM.exe
Token: SeDebugPrivilege	6040	taskmgr.exe
Token: SeSystemProfilePrivilege	6040	taskmgr.exe
Token: SeCreateGlobalPrivilege	6040	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious use of SendNotifyMessage 59 IoCs

Processes:

msedge.exetaskmgr.exe

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe
6040	taskmgr.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

OpenWith.exe

pid	Process
5744	OpenWith.exe
5744	OpenWith.exe
5744	OpenWith.exe
5744	OpenWith.exe
5744	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 1848 wrote to memory of 4508	1848	msedge.exe	84
PID 1848 wrote to memory of 4508	1848	msedge.exe	84
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 2460	1848	msedge.exe	85
PID 1848 wrote to memory of 3676	1848	msedge.exe	86
PID 1848 wrote to memory of 3676	1848	msedge.exe	86
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87
PID 1848 wrote to memory of 3784	1848	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sourceforge.net/projects/black-myth/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc49f046f8,0x7ffc49f04708,0x7ffc49f04718
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7470782385921432241,4330115026165545422,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4176

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5744

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Installer-master-BlackMythWukong.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1376

C:\Users\Admin\Desktop\Installer-master-BlackMythWukong.exe
"C:\Users\Admin\Desktop\Installer-master-BlackMythWukong.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 1148
  2⤵
  - Program crash
  PID:5584
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 1148
  2⤵
  - Program crash
  PID:5620

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 448 -ip 448
1⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 448 -ip 448
1⤵
PID:5604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
93KB

MD5
de68d3b9210b4e656b232ab278c9ea6c

SHA1
1f3f003ff606328fd4e8af92bce2e91fa5cbf2c5

SHA256
5fc71f5eebca4c5a7770c3c6839fad5f4646720a238d69def5f63d1a5b5e707a

SHA512
f37071ba97c479e9655d12a9fd363cf8a7d3d32b8fcac6498fcac257fb980c36cc37f71118bb40b21e45233806c705d395d711fc23c9cd5a6c93616994f73692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
17KB

MD5
0c6e9210620b1aad072cda6a4abbc2c1

SHA1
c1c94e6d221380ed6d4653a868dcaec2c71264e5

SHA256
2abbf4a08b670f399db91512e99d8510f63f1bbc03357ab409a4d8fe32085e22

SHA512
16c486052e59d875cea394ce1b8fab78eeb0da136fab992164d0ab874b65f88f9c208d3c02aa35a83fa0fe1bbd93581c7551d37772e2acf4de0d4783402df81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
18KB

MD5
8f836ccb46c27b76dce2e37ed28a7745

SHA1
a7958e27914fff29dd80c300d158752e1900e4d4

SHA256
79d0ea2c357ca32b3e51f5bb20629033efd31778e2f70a2f50dab7f20f921590

SHA512
21a4080e3ad74ae1b494630f0b0dab4bfdc4efc0a4d2df4bf2ec6e0f4a15680da09d02c6e003deb4e88692205297006b0b946c544a11a786e61230a214e6530b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
18KB

MD5
4e33bbf96eb422644eaee9c5ef68ce89

SHA1
e1f0c0ac49eb6508eca9fd132ad20f12990c6c2f

SHA256
dc41935a92d73a94855b7d975069cf6ba6880aedc4dd1098034ba51199c652cc

SHA512
9ba0d659c5945899417bc097fb53d39be5a1c90708db4a03134364c31d325635c91bf6ceea86d77b2514c27086573db5c4ff2a0c061f1acb9661b86942c3cc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
31KB

MD5
7e84326b569ca7a6bb3f265c34888d6c

SHA1
48e75a44df4786f6c33ee2c596271aeb5226f62d

SHA256
f9250c40691d6b185f91506c2c77198e8ace32a6a95f8ba0a97e8e0d369a8ddf

SHA512
9c27bf9db64de27f3ff1301fd01ce6df000ae482e8c4c448f6e577b85dbd449222cd47bc39bfa4eabfa808af267f309f5ed9edf4ea742ab3860b5bcdf561c005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
148KB

MD5
a85641dbbc2e737f08a83875d8e7706e

SHA1
6e4acbef413babea2733c3c689ccfd7788e2091e

SHA256
c274acf372114f67c76a61b7df530b657e371997ba617b000363342c0abaf3db

SHA512
9b967a390c47d29be598ea89691f9944927ce2335bd4f296402055b9432941707e2a22672e55d5d6684adf0f2e46506749585b51c53b05631e316065af3916c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
63KB

MD5
34d5015941e4901485c7974667b85162

SHA1
cf032e42cf197dcc3022001a0bde9d74eb11ac15

SHA256
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632

SHA512
42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
20KB

MD5
98f7ded41df9df121c853574b3e7f15e

SHA1
c33dc8e6b84300e1dd99600e453b1c1103719410

SHA256
52dad93b12d78578fb838e07303cb9f137cc1f46a9fbdc8bf4bbf1ace762555d

SHA512
de43441f031169efa3dd8ba99d9735d72f07272c159a505634a53a5cc34cedf7530cbea6aeb720e69c91c903baca27c271fa8288c97c9c4541aac74821118d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9ace0e65274b404e8fbd87950b9ff129

SHA1
0d501c993f009fa2c0e421ed4ea7fb2e3798ce1b

SHA256
2a96b7f5f81f705d4a866ea2810aad028e89d7ca66d1c6e9bf877f50e0edbb26

SHA512
028044b52b2968cd412a20b4f5cc94039667896ab044e53153e21fa83593dcece884a04524a1dadeef1c1818eab71c8c33dd28fa3fb062ef519a4049b6a6a36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fd63bb650cbd41290d1893bb37555e07

SHA1
99f4b6f53acd7999db5f317c55e418af03d6ecbc

SHA256
e5dbf64848f245aca4b0f2497625c234c9c97e35cb664a03955df781797839fa

SHA512
1192b9f1824095542e765b324f9f5d9182d229a01cb2227f8ea0bd8fc7ccc346dceeb735aa571b318f64150560c01b2809c9346b22076cae3394f48d3b76cea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
70a3494cafce9820d22dd457c1824572

SHA1
062098189e1ae029dc9bbec2199ccc6f6945e4b0

SHA256
8d8a26accd71618d2bf7e83b3afd62ebfad5795a616c3f976a628c783e11f8bb

SHA512
82364d307da7a000de2ea598615e7e79be09c54608d3981ea47391df5adcb1d40a67eafac9e3da352f5ad10894e84508af73254512593d28fb3a4583031b3a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
527148fb4c2bdc3adbc8aba2ecee7608

SHA1
fa153261845c62371955870f6eafdeb3aec95145

SHA256
3317b248179ff92c74d388af063c4281be2d0641abfd4643fd20f322037840af

SHA512
d32cba5dedfd758100432337514941288135dec32a3f83d84d47eaa00a197652e3bca6a99ff80ca56d5af1b1816b1ec780dccc53f06ec79ef91d50ffa507b788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0eba3f99fdcceea7768c6cfd16abbc9a

SHA1
06cfa18e3aa8ec091ea73c58360c2a1145bb2fdd

SHA256
e5e9b8231632ba48395bd4365bfa99f2ea024003b9276adb0df501aad993c6f3

SHA512
e8c9971d15fc61199f2b737a4a495f0f24da5d6659dcfff6125e3f67fff71435cc04bc424e2e31f464a3760c60b5e8c5ec7290e6d2606e811c5876073ccbd2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
256e8fd9e04bf223e0b80725fdfcc76e

SHA1
53f5550878c2db717912ff8eaca79909601121fa

SHA256
e0cd7eb45461c42ef33954cd9297d299cca34cb86df8fabf7ce092db0a95d401

SHA512
d746b0dfeca29cd3c4d0cddb1a07ba43466a1d0d081a3fd10b966b91e52f962c333070c387ae3293c4fe091eb92a8296c211bb503a3610f8f2696ab5e9b91661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
da8de23787da06a960346f9778dcbf02

SHA1
35904ba2d7b0b76f43b89a8e331bdb2104cb33da

SHA256
cb619a1916c2584eb362c39e6722a3731863742d55e4cbb44c8e442839a8ef87

SHA512
82d2b7f5fa395d37365d67dbce9d72f03a311ab4352280a06193b813cde0dfc9887022a40823a67a4e4a7c5197b646d99ecce3f07922c55483b9b471738cc1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1d03d95cfdaf64adc77c52102823d690

SHA1
6c51fca9cebf6a9cf60f535d9f45febb6a6686c9

SHA256
db15aec33bc43ca6308007a94d4dc4d741f36acff2514432bfd08afd7bab339f

SHA512
4a1b1ba52214eadc85b6d77edc844f79cc5d5611b60cd028e0468ed0ffcfa0e3cf5110011d19379fb81e74e81d33d5ac55e881094050712b5b70627cdd0c64cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c40a93ffb52f953cd52577205ba66c73

SHA1
ff873f5acfc4497eb1a68cdcf7c1a55a132c63ca

SHA256
dd65b42e4831c9c08346f61e70e40c2700aa9a668efe725d1b4ba8b64390c086

SHA512
bcbd01d8ab59873de5e8f2655ac20deefdc129e29d73543e5dc1643406581d516fd5bb22aa17e4f2a25f5a0524344629d952e70aa99d3c192bd571f68e31aa16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
c06a2149de5c2ba6e2ac14431ecdd444

SHA1
e8a8a3d35c0d286f1d56c1a6d8596e1045347165

SHA256
49c97050e3042a7b0fcb91f9d15571661cfa02ad0483a7c11bb0e3f54dfa6d99

SHA512
c1b11d5b9206d2aeda85ea682bcfc443519dcb040e8dd9e4a09b2b2e472c5d3e4af4760111acaa049fb31c66ea6adfb181f0ac1ce1791bfe4b69c5d9a95d5f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583822.TMP

Filesize
872B

MD5
a801d350cb07d76c69bc6b325277c903

SHA1
10f2d5c52f5dfc23e64a20020d8fd9e7a1d07182

SHA256
e7e76e2b5805f33447655d86b48203b156f45d5813dca75ebbd9407fbb77804f

SHA512
1645fe7b8668513924587340332e9486448e090bd2722ae9c186c4fc996f80b8b36bd29b9dd66b0a62cec96d9d85d03fea1366a650a8b4edc068ada6a79e5995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ed56bea8-ce0c-4850-9e01-f8c6d203f329.tmp

Filesize
872B

MD5
ca6738d1e8040c2f7e6abd9f52debf33

SHA1
ac842c88c651ea812f977861bea6bde213ca32db

SHA256
36ae1148fc153658106d01c71339bfd3f4f76d70ab37494d2a92d3dec840d775

SHA512
b60901d0f3c528d94f2b70b8cbb6522243af9b11b21962d7e3362d09a4b52080f66562678967176558b5dd8797061637cb08e2585270f90704f0b3dd75d2d2e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed1e1728b187c94ce63429202370ebaa

SHA1
bd096c5b5507af041c88b70851dc0277933f194b

SHA256
c04de040d08786b2b28f131524e6ba0eb83d0fdc06e4e7514c46a534518c4382

SHA512
bc3f1bf2b56ae480d33a8da002e168b78eab92ae152216ba4558924fa8aa289cd3991a866b6056ca6a2174cd95dd1d5e7efa875dee41b57249a48196ce234e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f6fb0104367b26b2aacf90ff6062d1f7

SHA1
9feb995df9fee8886bf360bb8e43e79f88c2cbc3

SHA256
e640c5884a001b37c38c7d65154c5ace4c34a5d02206a1487722806f9fec6e9f

SHA512
eeff7d85318a49d1349aab5464b27ef58bde8943491762877b0107ceaadd83667dbd928ad8625d489a2103078f39eda2effcd82ebc9116f640d183d87f411b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5c00bf5c5d0a5f69c48a272f69d72c3d

SHA1
bf24a652f93cc4c3c1edea556833a48e8af29488

SHA256
6eaf2ffe2dde1ec1e4d7705e7686b4fa425d01d0713181caf25d66c05a41a49b

SHA512
2e79e2a9271db1796680292b567763e7125b2d8bf87f12a709ed92191fe45a5071c3fb61cd3682f63c941ef7b96ab240d23efaa362428f7016017a9cb252cbb8

Download Submit
C:\Users\Admin\Desktop\Installer-master-BlackMythWukong.exe

Filesize
27.3MB

MD5
89bb07ba8cb10736717b02985c2f75be

SHA1
13b0b624efcc3f88b05a247670525511e7214f71

SHA256
d0d4a4b50f19ba8f85cc4726261baedfe3dfd613781f8deff3010e2dbdda0321

SHA512
62b84b044b26b9cad46fbbe502b1f3885cfbed2eb407c2864046b57eb13a6a5356194ea31ef6cf43e85291f0365d19a47377eee98602fb54a2be8bc5311d937f

Download Submit
C:\Users\Admin\Downloads\BlackMythWukong_MultiSetup_HPSupportSolutionsFramework_13_0_1.zip

Filesize
35.3MB

MD5
4678b82e0a09feb93ddf7cc1c0ecc68e

SHA1
bcd7fbf741d58eee6a402c0ab03ce64f79e2f580

SHA256
408ff3f7b91b2054736ffe22cdf815028d6699719792b6a66ded0fcb043c5d7f

SHA512
8f8fdc868ebb5c5ec3de362609ee5f6f20027361800b91d6806a2b2b2ac3037c0dac47bf5eae84751cf0f4bd745ac3a39a36ed9626da79871a961f0ce5b0816d

Download Submit
\??\pipe\LOCAL\crashpad_1848_UTMLOUWBZRKPPZLL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/448-527-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/448-542-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/6040-529-0x000002CEDE820000-0x000002CEDE821000-memory.dmp

Filesize
4KB

Download
memory/6040-530-0x000002CEDE820000-0x000002CEDE821000-memory.dmp

Filesize
4KB

Download
memory/6040-541-0x000002CEDE820000-0x000002CEDE821000-memory.dmp

Filesize
4KB

Download
memory/6040-540-0x000002CEDE820000-0x000002CEDE821000-memory.dmp

Filesize
4KB

Download
memory/6040-539-0x000002CEDE820000-0x000002CEDE821000-memory.dmp

Filesize
4KB

Download
memory/6040-538-0x000002CEDE820000-0x000002CEDE821000-memory.dmp

Filesize
4KB

Download
memory/6040-537-0x000002CEDE820000-0x000002CEDE821000-memory.dmp

Filesize
4KB

Download
memory/6040-536-0x000002CEDE820000-0x000002CEDE821000-memory.dmp

Filesize
4KB

Download
memory/6040-535-0x000002CEDE820000-0x000002CEDE821000-memory.dmp

Filesize
4KB

Download
memory/6040-531-0x000002CEDE820000-0x000002CEDE821000-memory.dmp

Filesize
4KB

Download