lumma | hxxps://veruscheats[.]site/

Resubmissions

20-10-2024 16:40

241020-t6n8vszhmr 3

20-10-2024 16:40

241020-t6jndazhmk 3

20-10-2024 16:35

241020-t3l94azgjq 10

19-10-2024 23:15

241019-28pamsxapp 10

Analysis

max time kernel
271s
max time network
280s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-10-2024 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://veruscheats.site/

Score

10^/10

lumma discovery spyware stealer

Malware Config

Extracted

Family

lumma

https://conceptionnyi.sbs

https://platformcati.sbs

https://nervepianoyo.sbs

https://qualifielgalt.sbs

https://smashygally.sbs

https://fightyglobo.sbs

https://modellydivi.sbs

https://pioneeruyj.sbs

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Verus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Verus.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Verusloader.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Verusloader (1).zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
2000	msedge.exe
2000	msedge.exe
3916	msedge.exe
3916	msedge.exe
1288	identity_helper.exe
1288	identity_helper.exe
3400	msedge.exe
3400	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
2972	msedge.exe
2972	msedge.exe
5064	Verus.exe
5064	Verus.exe
5064	Verus.exe
5064	Verus.exe
5064	Verus.exe
5064	Verus.exe
1340	Verus.exe
1340	Verus.exe
1340	Verus.exe
1340	Verus.exe
1340	Verus.exe
1340	Verus.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3892	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3892	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 4076	2000	msedge.exe	79
PID 2000 wrote to memory of 4076	2000	msedge.exe	79
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4652	2000	msedge.exe	80
PID 2000 wrote to memory of 4712	2000	msedge.exe	81
PID 2000 wrote to memory of 4712	2000	msedge.exe	81
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82
PID 2000 wrote to memory of 3936	2000	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veruscheats.site/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa6d23cb8,0x7ffaa6d23cc8,0x7ffaa6d23cd8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7496 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1102243630827383573,2042295670052460190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:2560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader (1).zip\Vеrus\Verus.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader (1).zip\Vеrus\Verus.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5064

C:\Users\Admin\Downloads\Verusloader (1)\Vеrus\Verus.exe
"C:\Users\Admin\Downloads\Verusloader (1)\Vеrus\Verus.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
31KB

MD5
91c1abde26995ed2f211f73c11f96047

SHA1
0b10cff8bdbcba61d5b6797214627912bca4ae45

SHA256
45447a2b45991ea4e67ff0866444ca07fcf62c28dbfd5fa072ab76d3d0c46390

SHA512
29508e0995faf428b7fdbf6a867e898279910a647f8a5d0ea46dbc0998a9d679ab4bafcbfb26688281993bf5d417d639f65600099bb6e655350f9f819c4837e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
20KB

MD5
cc55ce09781590f7a37f3f5790fb9a76

SHA1
4e632888a0e033e86e22c57c5210a453725d3e20

SHA256
e215047db6d871bf543cc102feaf3002318b4cf2e1d63b4c586ba1260d1dd843

SHA512
a4baacd3b1b5ee50859a2049afa74bad49c425ea435621e38567cb21203f2b64d2a3920844f5d5856e59d107bf3bca30ba25e4020b1db59ce6f7bedbc6a48261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
48KB

MD5
070a4ed814a1eb3ce6f40d5c5f095096

SHA1
6037b9e6e679b31ee5f2b28b5cd5cb8982bc7048

SHA256
8fb466b37ad64bebfcff27fd80f4b50818ad5fe6a12b0a326c91e450a21ccfdd

SHA512
44772a053c1009990c24b654e6da16a99f740c3c57407f54efd3b570d0932565b6faa5af19b094ac58b27a5def4f41c2d191f6dad1e185e168f4a0acdcef1686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
610KB

MD5
6c2375c37c399ecc1e5bbab801e83b91

SHA1
3df6993c14c21e6a3d1892e2d23f9e66f0c4159b

SHA256
79a3c738c95d960e36ea62ef426f10605a7139ffb9332b9a30101d6e200d791e

SHA512
4934be4e5b5e046a89e86dc349b1ea1bcb76a48444afb0a31c3fecea9beb40c2f74b1a81cdde76204e9dea24a916f4e05d9298dac52b4acbe66b368d9c941b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
32KB

MD5
199f79a72fa4db905e34d8fd2acd8b26

SHA1
207fa36cec7bbde8518de3e4df4237236b863b36

SHA256
d199ba0ba3dd14a6fc68c19ba649dd1edc37d6e3fc3ede0eee6d767c712890ad

SHA512
58ba0dd1b6955c1808ae3c5b0803a5cbd4535881946ad15a479ff37ae194e30e72b675d049ec07b25ca370d6902357b9b4d203ef5a541745d425e4ef8d11b708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
0f7b88aaaffb929116280537addbcae5

SHA1
b86eaf941cafb06234d7149a5cd5c6c32218239d

SHA256
1facb24933eb0333e4c94931a58c5dc5f82753f993b678212821d4e7aaa5135b

SHA512
eb242c0b14b71acba79307257e64cbb2664596b19021f77e460f554bd5c13cebe9f2c8e05059e7f8b8dae00e19eb17d4fa8ab5d15d0e12202b9d33f5a7a3ef31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
8235d29f3870aee7f193a60baec35af5

SHA1
db7627d6979e4ec3d46020463609408b47b7670e

SHA256
1614e403529a3c961aef6fd3558269a5779a54668a25f98f7f8061b40c5c55e8

SHA512
11b00c08a20a50fd4bcd89258434cf07a8a9f1d5fb4086d24e591f1bc74f1bb478227cc20be86c791fe11cfcec101446b1d3d82d0ef1fa3d6e44a6e6fc457d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
27c8ee8791661ce632f6e142202fa30c

SHA1
86c91a1e0602dfb30f6e501909857bdf937919ac

SHA256
7305df20df6c68d6af3493ed0d6a7e8f8b9d2027b0d9924b591806062af81c15

SHA512
16bf9d8c273393b89dd9c27a0beb39ad886111494d0e6ea9070584f8a133b7dbf06b4d9bdf1855921f00ac5d8ed178b53de619c843e4fa2b073c43175d3be68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
7e8dae5bfbf6f4cba4ed22f47261f772

SHA1
25ada467fd323b4635cdb00555ae403d2e7292ed

SHA256
9e9197d3bfb1016dfda4c67c08c1f041d8454fa9f3819040e6eee65de0c71b47

SHA512
b6e057c4c95c02378d9b2d919d2470fa210311dda9a9954841741bec8976df95932d70c018f7be63ef8f9209fee0d91ef2f2ed563cf19b38dc7e79a3413cb322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
58e0db21f1eed1e4dcbe2c61665a39ae

SHA1
f0aa0ff244c85817179ceb3ed5f449e7d45303b2

SHA256
5a7d043c8eedcf73ac8bb6768b70c0994ffdf5e9d0ade6f2341895b607298ab1

SHA512
5ab49f49fa00840611c7acbf7fde3b81227b89daa90effe34b5458fa7be1454184d5b9ef18099de5ad5af08fe2900c1affb63ba49af84d0938cf9dac0fe1dd86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
995c4d980c9450ee77280870a764748f

SHA1
c4bab1e9062698d5983e2122f4c3755c4a2a86c8

SHA256
f6fc998e67bbc6400f46e75f6fb4b83959c51b9367db28503a8a5f27e1eecdd7

SHA512
9b7f0b9834373a26a99c986058123c745fe75a0f3a944d740c12576ff5f2f8a2727d5fe8918e07c1b51fd6b3cb060eee408cb33a1dde02145aed1f8570d88ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fe15cfcce8f124facb200adf97761217

SHA1
1d1a679961f2dec480cb3d96360d80201fcd16d5

SHA256
bf834de79effee57384d884de7f965ccd0c4141a80758dfead000db43c790d50

SHA512
783379dc29d603f99daad4c0fbbd58513be6d8912ddf3992bbb358f110e1cc483f5741256b543ee49576a3c2b16a8d109a65352023ee393ec1e82c8bdd12df26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d279db62adde6b388a730582c582358b

SHA1
ea63e6a96360eb22445fa7466cd32403152a6d23

SHA256
86273697613c331baebefc6e5f26f0c353842ce0fd2ed20ea7ea724f3c9d8ca1

SHA512
c82121a357576bf519e30b4cedda26a3cf85ebffdcd6a30fc9573dd38368266704a521c9fbaf3cbd9d1b3a3baa715072ff28ab91922ab8ff16a7bbe0dbc7f3bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4314078f6ac1b7b6b9a86ad2bb3385f2

SHA1
60d542eb5ba6795539df7b3725d28a38d06a5c5a

SHA256
e60448c81d3f82e50bcbb48a7c611a2112df85564575292c1655f63ca7e4f94e

SHA512
3828d3c36ca72596fdfe5ac5bb0ef805de363463d9f5a7678512c1a74c36352782f8465fb53dcd5f237497b9f8ac58841c0b4724899a4dcef44dbcd6ff33f5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7fe0d94ef9cda6977fec122cbfc284cf

SHA1
669b6c3aaf743ae65e60928eeef41609cbc8c91e

SHA256
3f84936ec55b11a3a89e36e33a6a2604638308a8cf805cd18b678df5690dd87e

SHA512
4addb3a8f51657d5e56c458ca30d5ae432a04ff6a7a671b3ee432f506430b6b6cfa11439b0225df3419ac4c99232f574298acf7e2ac927ace5e3916407723090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4ee34befb61c8864fc85fc93644ad63a

SHA1
6b56fc37a8efcc4ba7a73ce35f2194b4b7841dc0

SHA256
5ac7c136d348bb845b636d352861ee058bbf81a66901fce85279f4425696adc5

SHA512
8146c31754e2834dbcf3074e4ed267ddc28739a40c71ea95ff4b3c633bb4a7b5a065473a10a9810c2efd747c86f78eed0686f40e23d7d4bc273103a9542e6df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5d5debe6a705c6b6d293d66180d07ad

SHA1
cf960ffe9e09dc1c8b19cb89b4e889ddd9defe79

SHA256
de54f3a949328ba1de7e7065bc013a243b0293494e24800cdae161168a43270e

SHA512
60845c46ab91a312ff921a035862bf3a7905b9d7ed78dcf21281032dbc96a87b61a0082da5bb68d59460dd9c2decf21e43a17ac51ef07a4d96fb55f28db547a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3db70917ba2d687483e08673567a8914

SHA1
62b8657d6994af16fd0eba14971de54dc0550589

SHA256
1d374a151777f6ea909982786a014bf01a8c1cf4825306ba724c63392a2671e4

SHA512
f7fbe1f184ed1bde42a69aa5366535d16d8bd7862c302cf589ec9218fe3a2c7bebfbcefc4e854b385b265bc6fb2b265f4a9fa8b70fb35845e701f5e6b855bfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9670351f4ebdb4127dd7216dd1ea25c8

SHA1
a6ef951b11c251272797f0e57a7101024509232a

SHA256
ce3b451662112e4a64b06dbec38c1ccd4bc42515862a716df93566e57f08e989

SHA512
4291af65bc9fbc2b1787416cae58d8a894e99592791d9499a66e559b9489ac14de9d259261c8c8c57d53a19708e6fbf9254487cab9ecc47043f4081b844f1b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ea9c54dc-2ce6-47f1-8a0b-2aaedd5eeb8a\index-dir\the-real-index

Filesize
624B

MD5
d7b0577388e005a672a2e1aa59af3467

SHA1
d6f1657787996ea6a22a24df36de53e69e3f660f

SHA256
0aa27a12f0d0408cfb7638564cf1d7c9ed5c829158509ba96f67c6ccd7ba085c

SHA512
3533d70abd23805369e3d9b31b2c82a49c3f0fcc8a1563cad3ccd4bbce255f01d8a8989c8dfa06957edad6d5e555dbe6cc57b1a853b93bba06a40af6a0f49053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ea9c54dc-2ce6-47f1-8a0b-2aaedd5eeb8a\index-dir\the-real-index~RFe5ab567.TMP

Filesize
48B

MD5
6cb500d586ef3a007425798f53a39915

SHA1
d3e1581fef4c4a9ced38deb5b22486523fe263ba

SHA256
042e3b2e340c594a7ad1aa66659ec6150666b41559a699c6135b95f8e538597b

SHA512
2675f8b70ec30fa2d993b1c5e7b7ec505d2a79c3d4e5745c6479b874d9c96974e7db1d0fb6bd9cb78385da8873e9bc733d0fef4c5e8a415ee22fadc55d49598b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ecc32277-7353-478d-83f5-5783eea142fc\index-dir\the-real-index

Filesize
2KB

MD5
7cf0180a5862007557103b8953a821a9

SHA1
c9a0ae3b00b7b359f90a83a1fc6b34f14ffec8d5

SHA256
484be0d100d0eba7b104a9a6cde358256a650ccee1ba114af066cc790b276d15

SHA512
94486bacb03b094088f5e44ff653d124471d8dfa4e5349708aeaa5be5dda50a41e61c53dd7536cd16fc63ef6167f49363fa5a1a44cb46e0ff689d32db38497f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ecc32277-7353-478d-83f5-5783eea142fc\index-dir\the-real-index~RFe5ab279.TMP

Filesize
48B

MD5
ffc0b998413eec6e2376484d25763b56

SHA1
4fa6d6522067b63bcc8a4f1fe2fd33f10fb3a149

SHA256
8de3469b5d0c9e6186425dec9b3f3050b8d8c8bd2f246ef48d90aef2684c60d0

SHA512
c9c607baeece518da34bf5ec7574b2fd08746e73abf27317799ee4cc5121b87f8550cf98b610709ab4c7a4b7f05b2f9721bed8bdd7ce76c910e3b6cc133111e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
027ec05c2fc6cf591c8c52c472d781c7

SHA1
cd525509d3cff1558e62d42b936464a9671366d0

SHA256
02ada22adf3fd58252a282e0b38531ffccf9f62aae2c0b1f9ae8cedb7047f40e

SHA512
0b9bec285f3b9e7b74ec032d8df957ef90b0556b590419c1959257ef084cf97bff1274e92bbe6812eaf412abce01c3c8a9221f6add1ba425ff1761b1a5b958e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
9ba9de477c71777e45771d9c970c7f3f

SHA1
1836a22752fe04ac57de16d3e431824e71fb69e7

SHA256
166e7550f1bc43d8bcd84d22a15fd3514075e2bf077ec88a714077e092702a52

SHA512
034f1661814b3bc51d03ae4dcac177a3ec4d30d3ab8499716ee2b1ae3df4fb14c40702f88d16395eee22bfde99eadafc9c44363c5fdf5b516455b9e586990fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
fcf2ce50f067b5030272592e0f7dbf73

SHA1
b8f4fab75e0d974a7d23fb6a57d78189bd0b5247

SHA256
2dd3db3d7f02dec307d4d1dbe740174d9901b972776308ae6cae5bd1260dba1f

SHA512
05b9933ac82162b614f62f60df99995aa87584775fb063f5001e932f3f833405ec4798b00ef7c0d62b32deccb3bdc310e42988988854a215859a79b891979157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
8e91dd6588d2c6c51877f500b16b986c

SHA1
2dcc694bc9cf655a87f17df70eebc9400d53a558

SHA256
47ea637bf90b9a2d4ef6eb8095a78baf5d063cc0a3517e1e45b41675ad5d082c

SHA512
c6a9288079b6de9b390d6d2998c4beffc1e68ec8b49cd8f692b560af83bc4f4bf5349f293671d5ec1fed658d26e877f617b24e32328063a1c4f267b3a0ff9bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
d1ac2bf7476d06d6a25aca85b08cabe3

SHA1
0f694210c256820cf9d8de3d659b6e5da2177ad0

SHA256
78329d4397cdd7df3d6b45302b86504c54adfae3cdd902ca18e239fba1bf39fc

SHA512
516858b1609ae3163082767e52a6359a2456db89eef094f2410e1b346ad5912a8a46ac19af25e55232106bc2f5e4861f9f6ed2a2993970e0ecf5cee31df56908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
34bf4287c30cb7f905d9883ee2d69961

SHA1
48f3ec8fd654da73e6765d139a42ed582a23473a

SHA256
0d8d405b7114e268f714a0a5f54245ff53a83f92d92045d71cc0f49be52af6cb

SHA512
acb52b2ff651d4ec5a7568be5ec803495025860dd13e615956844b975a0e0004a5338bff55140336fc5fdea6aa398afef3b3ea2ebe87cb6b0c067fdf38e986c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5aacdb.TMP

Filesize
48B

MD5
073dc6b1d0c83ab0ff93a6769dcd9d96

SHA1
0305b8a82189381a4e6b2a68691626628fd4a5bf

SHA256
a57dfb87f24b845e3efeb344ae952250fc477041901fdd33b6204a3fbcea502f

SHA512
fd6ddb8041ccc9024978fbac1e185b97ce4337bbb499afa04e10f78252864b2d9383c33d9027616aaefa529ee63ba13415335772540a26af5d89bc0cdef21c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a1abf2f8706f78298dd406da568919c8

SHA1
716449d90d1c8202a14d455f652ff794ca32064e

SHA256
9c9ee312a7e82cef83ac626c4fe48e6dbd19d3013c0a94737943b9d75c310839

SHA512
7f552f4110576ea8a1496a7c75a33c2887aaaa2bf45336b2f503285bdd46213c6f2fcc2f007eb7ae18ff789335e6df1d8f68802464876024d5d0e2ba1ddf36a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
ad0a10ba9ffc427b38126b648b04cbd0

SHA1
0cb48806918de0771cfd5e4f65b1ee7450ba7e55

SHA256
b0906baff904f8d4516f602103cab5fcbc6c465e3d7f6eb9d936207350b1b9d2

SHA512
07d746098e049cc04c369d9983160bbf3920341763005881f04aa21415f2b24c15e5e6efc5f8e05db51cf39b25eae6f03736fa4db926c73038c7b92b5e1939cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a4f2b.TMP

Filesize
372B

MD5
c5130368b8f57360664e28b822d7d375

SHA1
a8783f3791f3f0ac6b5e0f2f6604c810870c45ae

SHA256
7e22e484f067633895bba2ee9df72ea39ee5960de3299d3b4a0e06bdd421f66d

SHA512
6797b597315e8ec47c685ebb66cf6a16bc42d1437abd9df034ef87bf5e1fce5fb93c22e40b1df889c292c9671b8fe69b790ac86435a86c033fd1179015bd5fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
432720edd6b4fadfd6d547c8596d1243

SHA1
ccae4935ff218628824375f254b5eb46fbd52cf2

SHA256
7944c6826ad60d5601cb6646046c0d9347d89456721d3e4b01ccbbfd9f7a13c3

SHA512
8ab646fb6bb02ade612c1fe3add06e01184658f99e7c013fc32b749176c450c9aa2e38985f69b65e456d8d6da6d74b69055ba220797a87c0179bdc8e931fc73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d86e7a0eb81cfd65102206b9c7594801

SHA1
0167d8c693f271fa079474f4c1e63f74407eb3a9

SHA256
b433a3a2527d39eb79241a0baf19b47f6b4ea745e23a139f19a540d0607ae2f7

SHA512
60d99f8e067e5097d705ae01ea7a100199f9183e67e8ce96f8baabe2d3bbbc454706006f3b4568ec0bb3c9f5e82471bc5e1fe72384cd776944989403d29abe6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1cf0f144896457783a89fb5e1930785

SHA1
24dcef3c96431f48ca0f65366d05e812e7a9f844

SHA256
ff693b115da69a524524ac17435e265b2d3c026d31bd03570897183874679f80

SHA512
1ff478cb304113971242bdb60b59e9ec80e9c072593ac4218958949a8eb79b760d5890c724e5e7296d1c681eedad844e4bf67a5e4df716198d58dbd836334a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c66ef01c3ec7b18e291ea798a837490d

SHA1
4cbd9e989498063e752599e773666a566fd54eac

SHA256
4891058b91e3f4890f3ad66a79f73d107f8527aaac5b52116c61e59bf1d99d7a

SHA512
36596f29fca70fea5501d356da89fdc334213d50282e848c81abab8e0fee824b3657991fc917a7a25e4f493a93bfa418a47c128674593c6086eb919e0a42a101

Download Submit
C:\Users\Admin\Downloads\95c7d637-93b1-42ce-ac62-f7b8b6717e07.tmp

Filesize
56.9MB

MD5
c9a85c3ec19cfb1a293608bac95c1ec9

SHA1
f73d2016fecd349b0a490b0a52616054f170cd6a

SHA256
cd8461471d5d53607a25a0a5fdabb263d74abfd6fc6adeb1a0dd385a08b70469

SHA512
41b5a57a1207d814ca55e7609fa71149bced791d1075d597687b468cb737517427d222a339153695ebc104a62018585f3362f40fba658bc892e11ec83c80b7fc

Download Submit
C:\Users\Admin\Downloads\Verusloader.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1340-836-0x0000000000400000-0x0000000000795000-memory.dmp

Filesize
3.6MB

Download
memory/5064-810-0x0000000002710000-0x0000000002769000-memory.dmp

Filesize
356KB

Download
memory/5064-815-0x0000000000400000-0x0000000000795000-memory.dmp

Filesize
3.6MB

Download