lumma | hxxps://github[.]com/cranki-s/ragemp-serverdumps/tree/main/GrandRP%20DE

Resubmissions

25-11-2024 01:38

241125-b2lcasxjfm 10

25-11-2024 01:34

241125-bzd57swrek 6

Analysis

max time kernel
360s
max time network
368s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/cranki-s/ragemp-serverdumps/tree/main/GrandRP%20DE

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://covvercilverow.shop/api

https://surroundeocw.shop/api

https://abortinoiwiam.shop/api

https://pumpkinkwquo.shop/api

https://priooozekw.shop/api

https://deallyharvenw.shop/api

https://defenddsouneuw.shop/api

https://racedsuitreow.shop/api

https://roaddrermncomplai.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: crate@3
phishing
A potential corporate email address has been identified in the URL: font-awesome-pro@8af0edd
phishing

Loads dropped DLL 2 IoCs

pid	Process
1860	SkriptGG.exe
4872	SkriptGG.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1860 set thread context of 1704	1860	SkriptGG.exe	143
PID 4872 set thread context of 5044	4872	SkriptGG.exe	147

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkriptGG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkriptGG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2588	msedge.exe
2588	msedge.exe
1392	msedge.exe
1392	msedge.exe
4504	identity_helper.exe
4504	identity_helper.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeBackupPrivilege	1536	svchost.exe
Token: SeRestorePrivilege	1536	svchost.exe
Token: SeSecurityPrivilege	1536	svchost.exe
Token: SeTakeOwnershipPrivilege	1536	svchost.exe
Token: 35	1536	svchost.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 2788	1392	msedge.exe	83
PID 1392 wrote to memory of 2788	1392	msedge.exe	83
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 1028	1392	msedge.exe	84
PID 1392 wrote to memory of 2588	1392	msedge.exe	85
PID 1392 wrote to memory of 2588	1392	msedge.exe	85
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86
PID 1392 wrote to memory of 1796	1392	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/cranki-s/ragemp-serverdumps/tree/main/GrandRP%20DE
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff705046f8,0x7fff70504708,0x7fff70504718
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2228,6142838413224336960,16463428404000408369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a0 0x310
1⤵
PID:4424

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1536

C:\Users\Admin\Desktop\SKRIPT-GG-main\SkriptGG.exe
"C:\Users\Admin\Desktop\SKRIPT-GG-main\SkriptGG.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1860
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1704

C:\Users\Admin\Desktop\SKRIPT-GG-main\SkriptGG.exe
"C:\Users\Admin\Desktop\SKRIPT-GG-main\SkriptGG.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4872
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SkriptGG.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
25KB

MD5
e29b448723134a2db688bf1a3bf70b37

SHA1
3c8eba27ac947808101fa09bfe83723f2ab8d6b0

SHA256
349cc041df29f65fd7ffe2944a8872f66b62653bbfbd1f38ce8e6b7947f99a69

SHA512
4ce801111cb1144cfd903a94fb9630354bf91a5d46bbbe46e820c98949f57d96ec243b655f2edeb252a4ec6a80167be106d71a4b56b402be264c13cc208f3e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
50KB

MD5
4feba2b71fe6a98e8a641ef227c1b0ef

SHA1
c2bf573214eb2da612ed34960795ab6fe062b7c2

SHA256
964e0c41f54cc552aab4637651e20dd8eeca655dd6ef939e108231926abae5ac

SHA512
093c8a661dd8b696f5ef170b21f41db37af60a3c8a35d1f00d0919ab1c2f1475a58ccaf4e08c7177ed567f8e850b7059c998862fbd8b4223e3951564604b6d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
44KB

MD5
41621bcb387621fc710e805369db0307

SHA1
c25e376f08c9757843f920473d233ff043e3ce6c

SHA256
d09a77e2c8bbf87e6d8d0fe1773babacbcb04fb6dd34b27781e2f553cbacaf80

SHA512
2ded860d10cca363ce34b83d880b4ff6654303a4f8f9dcbf97c37efb784cba83ac87f4b8ead43e1a4f4fdd7d628be623d3d2b1042023727f6f3f2ee3b9de729d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
115KB

MD5
22420f2129a105c805225280d3cdd529

SHA1
f321731abc9996464f57dc0073cf49b61ef0fbde

SHA256
9bc70c52ad10c0e4d4bbb7bcc01272f8e4b72c7a49e0e402c2abf99bea8cbb0f

SHA512
63b24ca699e7bb1450807c6fdfcae4bdeca34bf2acc21b608b5d2ce26cd1adb234addb78608aebd8d60cc7079f926da42b8c598aeead8ba201c24363732c9ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
65KB

MD5
3370983f42f443b559bb33bae95d331a

SHA1
a52a8fc3be2fd75c3ff35fe31314a4f755e5de60

SHA256
787dee8c2394fc6e16a284c0a6c315bb2c396c00227859a084ee6444204c18dd

SHA512
d6727b169634be681d55d907772e6ea37fccc76e244c90fe9313061d1e1ef25a039c0a602b47047e2b29adb7439b742f11b53147dd1e3c57b9fd596e3835aa87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
79KB

MD5
07e4a1ad2a5088d1aab5222f42154fe8

SHA1
ef2b00bed7f6b42664cbe2c2e53a6d519a5cc077

SHA256
195ce1bce75afc175b09c703fb9d2738af67a590e2eec501e859251aadee0c9e

SHA512
2eaf152c6d56eeff8892150f2329e22f280e5804b1eb74b3f152cbc307298efeb635d40cbcd504c94374a05112ee009ffeec182ae8237cfcd44c575faa77f411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
95KB

MD5
d0b28e0b1bc780da2ba584494092c78b

SHA1
7b6bf3eb57107d08f9c492e6d710aea21633d103

SHA256
cb6346b82c4d20f6473b0119a3068497ebbf6e9d25e1c457435132ca1fd3f4c8

SHA512
c6b31f9cfa808cea6dab7b930d6d0313c8ab44ad3f22c3707864ed403ae87ed27935b88fe27f147bf646a65ebd745299e2434cd1d71f090583862811b121c2e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
21KB

MD5
7557530190bc710b887d1a26a36a624a

SHA1
d7146d64638535026facc1781a54dfd664d1ff90

SHA256
76b7873326bae9f4882612a160604d427b11abdc4247c6a7c73c5c5d9f0f6ed1

SHA512
4c04514f41a0db4cab2fc676e19bc86d5b3febd52cee63ab111148ae59645308b1d67948462a8b20d0eec253093e712b35053d4d0ecf1a0a2ff524d66ff675a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ec11234695a1200f1db674f44f3bc9a3

SHA1
3bbca347a9930bc7112bc6b42fb4a06d40d7de88

SHA256
d59a98ddce64e8611b8a841c79b1727e8408997ba143dfb122ce2e6bf95b09cf

SHA512
b67f72d6376c0d016b370af87f390c9f1547e6e21c98c1b9f586e62f15c8877a98d017a2225636caf73486fcfa338e5e91b00cda93defc3bbbc241ebe1b15261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b48fba605ebe3dd6995a214c70decc83

SHA1
27be55afa8e295ec4270c1e78229d4f211e7570e

SHA256
ecad3d4a17686619a5753a610e488aca182ff68be6e3a5e6e9c735282cb4c352

SHA512
ed9243cf684d1a1580a368e228a65385fdb71c752c7160c4ac8855506faa390c162e60c90d933c57225b5ccdedc3ee7a4e7d93c9627940e6561d9adbb4766b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cc8c2170ecbf70b9a757eeaebc54176b

SHA1
b05d6b62932cd72f6d8fff49b5500f58dbf8a4de

SHA256
e93bb3c06ffd21bf1a1f75c7491091467fb281ae05342221d3eecec7632ea189

SHA512
01e007e657b355e4b1fe59a744a351a677bffd6db2df01534eb7228e67c62d393622ce1ec38a407eafe6287ccedd94693b22bc19adfc892ed4cfa3ad8621e2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
fe0df01ecf5f213144bc2f3b5f868916

SHA1
e7be1ce1a056cb5790f698ab63e8511ccc5fc9a0

SHA256
4fe0f5095e398740377095fb5c2ac22334af6c8f74e62b6428c3a6cb47a1d496

SHA512
2b852ddc0be893d2c18c27f90acf2b149ee721e18de8b351651c9f1b8c9200392db679d723b937d6ea0f8391dfedeab872029533c3b5609e021ad9444503972b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8195fecd64b285af681812ddd7e2ac66

SHA1
8e5b32ffe9c5837a99686f4ac36c669adbb48813

SHA256
23352ad41158a21eff7f1580c164ec8ed4d15f09ad6a33db0013fe12cbaef70b

SHA512
cd3fbda70902acd739f3df8103a4e5d0b4a7d58feef0317a71f795b030c2898bb68dabb8c37bdeec3d19ea911788596aae06efdd2cc5c543c290c3dceb1d9d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1578a57912283585960e83805d548b81

SHA1
11cbfbdbff12e101f2aa380fc77a2ebe0f51632a

SHA256
387abf721d809d6f0d2290f06067c7d4b5d9b3fd0f54f3072c421326aef15d58

SHA512
2b01acac6d408a2845fa396c11fb59050a13f327521dc66f94edc75b97ef327912bafe1d95dbae209af880ce07ac1f17ae4763fa395f5fcad388d26d0adfce45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f2d29155221aba2c58287197df07cc6c

SHA1
17841d995c8949b1a7dcc89d267e74e341b9d539

SHA256
f1c81b5f800ba3d9e27be2ec8f7bbc698c0817df9063c94465b9041397873387

SHA512
53616f519f8f472a0f501e4d485adf3c08a1a3f34c9f2c14f32654c9c851bfd786dc6bf9c58c5e0fc9022b96f53990a7133d14c44ad5def08bb98d18ce07e983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e81aa321f4e5ac62a0ff2a551402b895

SHA1
3e93c83287d0078f9b6822a85a30179ffc1fa14f

SHA256
3cf74c2406c7bf46511646578a43b59aca91232fc95dac9cc556989f8b9bab35

SHA512
42c6b42c7288490841fa8f35c45ddff9d3f8339af462bcf71d721b76d34fefc51bf0eaecdae33dbe997e4bc1806f0a4975570adfafabf96dc9d55fa54ec554e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1171bfa7bdaa255dd9b018787378c7b5

SHA1
646046f0e3e6a6dbdf7bc74f660c63caf35014cb

SHA256
63a00b526d45bc7a459d7d95ba1200ef07612aabf2e095f60bc62134c75fb597

SHA512
5ca9e063be3ef41db2c300f30e7112936e25f1753c29afe9783381ce4d53d1262423731578b667ec4a1fcff56d5cdde203b57b4c77ef92aba315e92ae6e2d443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fe85738bb1ad92e85e7ba52fb3554167

SHA1
32c6e2d132a65e8eef6ca9a91f99e3c8ab8a345e

SHA256
c4f9897a91d98a50569d9b581fcdd660792d65b5b5fbcb5767a336a036372e4c

SHA512
019f0f17a68fe024a7f81772fd5a57a50824efd2f7aa346b9f180b0e4ac41513d095789795024026dfc9b6027460b3edf02dfb62ff0ffe4ce1baa2550a64debb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8003112d92f221925ff3cc8a45c0680b

SHA1
f817bbb5d70528ad2110d80b58a47bae43b3d74b

SHA256
bde3300d81c6d73c47b7b18891f467e4d31d0a100cae69b7afba19cceb456ca7

SHA512
bafa4da43ec6aeb4cc5292e040db60a23474613b20d85d47fdc92cda61598265ed6bd6e701c23f5fadf1519aa4e0cac456587f2fbfb4681f68a1493b86d97f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
25e11a0ed51a8a0cec4af03ae17723c1

SHA1
a4b1b5aeceb230df3fa97605824039e14dbd8b5a

SHA256
9e35473c67b2a7cb45245cb8804a6e7310f85c6a7169f15d3172c68a1c0e79e4

SHA512
67ccbff3d27e461011ef9ce9bc6d6bfb6f8ba3a73a0cf133d51d1afc25c8d3568164ce0710b4a9f8d4fbf948693cf9132fca165c37433ce42a5023903b50cedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eb6d9db55dd137ee0222c98eec872c81

SHA1
54f0172d463a6a3aadf41dccfe16fb9a1a11ce2b

SHA256
91f2796d64040d74c44dece2ab729c6304a528adcf916d7ab66b87e91b0caaf2

SHA512
51781e90627687354d79f80df1e57ad7bfca0b6541fad865fe59118975726ea156cd301dd7f5896cfd4a18de2ce9779d8fd8f520684493568aef6aaa39bb3d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b9c1ac84659122e0ac2ae991a01a6065

SHA1
27b5ff03b614ba2193bbeff33cd9c1482498c20b

SHA256
134b66981bb023c29cee5e110ad48b2dca38bc58fe3b31cf7524fe55e009fe08

SHA512
e80d84aead645dca0f5c657e6f9ab54309141cbb21eb04f069b526e8bffe887b3bb18ed5eca8a4e5d3fc3cb3eb66f4326846183423200120daf436397762632a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
24c9d21a7d05ea9907a0c2c4a75ee19d

SHA1
6326c8bfdebdddffea3ae118464296442d3941de

SHA256
9a3d08b6fff572ec71a07800f4b362edcab4781dcb050cfdb6f0c04dc8491b20

SHA512
b678afb886d3d94bb0305767dbfaa27c43e44080fd89b34daf8f751b6993029599975b9a7200a7a7fd36088f053e3987d27e23a19866fb15af3e959afc508446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ad0a3350d537363f011b1e85faa16165

SHA1
47fadf90a64c338c138e561bb59308da135a972f

SHA256
958c24497fb02f81eb0a9d3e4f2e0ee2ba033b8cefe3a24b5d3e37e53a13ee41

SHA512
b1d9d93d9ea1e0c5d83fddbda11378b0ec078f6f347af082177b513b04a92504a3bfaa487113e145626b7c0d563f82224e93b5899a299201311b3e3d56417ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ed7c45a46fe233ff1b79382de27dafaaad0caa0f\b0952106-a49d-4339-85f5-53d17707c6ef\index-dir\the-real-index

Filesize
72B

MD5
dd0eeada6d42d3ceb09b62ff1f7cdad4

SHA1
7b39460e25c8658b34b9a0c62ef6cddb3262d925

SHA256
adceb43731c1a9403c7c36abb5e251440cfb31716823d1a0daa97eaef7b90538

SHA512
a846945e4838c939809ab2b4fbc6f3642de983737b9ce856463d76104203b20fb85f6ce69655c719475065d1e129e46287d440bebd8e005bd822dfd4d389a934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ed7c45a46fe233ff1b79382de27dafaaad0caa0f\b0952106-a49d-4339-85f5-53d17707c6ef\index-dir\the-real-index~RFe5bd82c.TMP

Filesize
48B

MD5
6402ece61f020a23400d975657fed516

SHA1
b44d7de51806c29ed25ddc9a9766a81db6f91a6d

SHA256
0173e0ba733049ee159a94aefb20a02f5083b82236c3117503aa6cd0aa9c4af4

SHA512
782970798530b86f307ac1f2a06f38c8dc20e4984017ef78ce8cd11f4d767f8d3559d4df301b3e533e853ea06004e368b488c79ac3d4ef41dccab59e7ada8f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ed7c45a46fe233ff1b79382de27dafaaad0caa0f\index.txt

Filesize
80B

MD5
4ca1795f568991f501c09ef1cdfe99c4

SHA1
7d2d36ce8b6ba044246af9a2c96776751d989145

SHA256
599cd0d20df17cd5f56f83247a0dfa515616c419a77a0628bbfc2a945188333a

SHA512
587ed4a923053122a630c62066a0eae27ec558ac6dce62ca295d44296db826844a54b53efef661b5e3d8f56ecda98cb350583145ac30d72d29e46e630a8390c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ed7c45a46fe233ff1b79382de27dafaaad0caa0f\index.txt~RFe5bd85b.TMP

Filesize
86B

MD5
1f5dfb63a680bc2b7cbeb48c054de900

SHA1
a3410ef0f84583b4b94c4be68b45707039eb8fb8

SHA256
86c4bae54a3f2bc7459fb28d9d6506ba15ca00adca6d33c1e23556013d39a1ad

SHA512
135ce1f3012d9a61e848c5d951513910c20c5d38c9ada225624d818260c2dc65ea8524133919bdebe313b56f20cdf396b92b83914f6422b60c7421d7aafc2f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
17b774db15893ef39f8a62658e3f58bf

SHA1
b3e9626ba253929f8027d0e635adf1db24a4e1b4

SHA256
7ffe2fe9d0a2bbbb9441f4d0b2f4b7ce81c25b52ac19cd3c819857060bb121d2

SHA512
286122d33a31423ccaf4ed7858295e19195fd9dac886efb9fc92ffdbc032bac4ca02837b9aeeabc49b030246153ebd6ec91c239aa6adea80a117288f208ecb32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5bd5cb.TMP

Filesize
48B

MD5
c1815f46ad63073c6045541cffc8ce45

SHA1
2019432722365f7c0b49dceac2eaf7d22f76765e

SHA256
08d57c90c982570378f31229362da326ec7c62cd0657ac862e0442cf82596682

SHA512
103dec5155910a648fc4e8f90d324ff02a0e8239d547380de3aabc117c700299cfb98a6516f81567f6903db6c6c30b75f3943df02fe6b19b90467dc184d27c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
becc4089056141fa92b5c74e9780494c

SHA1
2f34a0dc0f2cc60e12002452f294f6c66da46721

SHA256
b842ce705dc418b0a046819b9ee880856b456f63c547e98f4a14fd87a6b4813a

SHA512
366aea2cedb2edfef73611ec3bb38026c4f2038722c7456723f9f02adc5d892322ad52779df802f1c80221c3ba4d62de6b4de392d583ab91d1151863181bcd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
4bf22cb61c6b81078fccd636a190d4e6

SHA1
6624ab3c5799c67be28f07e06cbe8c69d9572280

SHA256
50eb547c05480dc7e1065dab9ec366a3fff507052bc861e8d76e5d6bf9814e5c

SHA512
42be9b7d64b3919dba8869b25941b77bdfe6ed316d24594d87694972cd979494999a851e73b7ff5075a1a251d5a943f04d69eef47ff7b4ee1f5ce62ed6dae650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
1983f6ed42aaead158c0874bba2b9ddd

SHA1
731959c8160718e61de5ad1c426087a5f2b30c83

SHA256
df9711b56f25ca4ede79ac5747393ef26dcbb610a6ea5e60ff82f06e3c4e2f8e

SHA512
5c50412cb59070a83f301a1512d88986d1d65475adb6e99a2855519e50933e18bf1abcad9a13c2a89bc0ac6ff2c161952f3a1f365d8a54b3cc3698ebd83f1ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
06b7194273b783ba973deb378e535be6

SHA1
70ca0834d1db0f00f3a42cdd4253c2fbac02bbfd

SHA256
e213d4cac10ecd4a5de11b999753f33ae090e6adc88c3561a1d84f32b1623e51

SHA512
45513613f0bff1cf8384b25ca11c15012f272d2fd36e4023c5ee4e07a9ad266e6ee4b77c2377b42969d418d37904bb402dc4e31ff6eaebf413313578d31708ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
eadbfa7287ed5bf886b91d25867ef175

SHA1
cefb7643eebe42c7767629ab87dcb4dc010d1a19

SHA256
c80b99e3f3584f8a4d26572863fd470cc7b498297f4c6ce778953afebb4d10c4

SHA512
663d28df96b613e6288d045d70347be0801bf69335d23b23b350ce502f6da607caff1153725130500cc593586cedfbc4df8009565c01bc0f3f155283dce49ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
cd50112609589032c33d28b8997441f7

SHA1
5ddcf3cc6fb876e35ef3f67403d84ab573bbba3c

SHA256
727095e5d18cad1e84cfdf49c23fcf63a45c8f425c731a5530de5034c5fa7cb1

SHA512
270872c5288e77a3a9454d17a9c4a6abd8aadde434090049eda4ced3565081cc9f1c36bbf49123c4ba0b773fb8b7bd977d29529c4b5cf25e92ad3764d9e38461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
fbe560c0da3a43d38e65784f76c1fc21

SHA1
8d9a7f804e91f38a6e9790dcf0d3862343adcd89

SHA256
16ffddfa32e19b2f3efc09f8675cfb1c7133274a5bb731fbea30e59ec2ab6382

SHA512
6c387312a3515d2b84c30e01dcf1b2a11ed15908ffd789ff5b836371834ae1db0b1925657d7276843172baef15abba2b261f17b78c2c2414160fc1579f901199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
2c859178b1de81a54e86fba82b2e825b

SHA1
ee7b2999e052b2eac5dd99bd069badd8c57a2260

SHA256
e587a9c40cc6adc7338860ea06ba7e7d76aa1200a6d24d4f13ba5f20e741f261

SHA512
686dbe75992aeaff506cb10286a555ccb7c32fc84532ed05a00b971c4410591c5177703dfe8a750bd9c11e965dd4fb5c5fe2f9610a55d4d827aeef1dc2f9af9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0f37a2320ff314fdaa4924f6f7a48eb2

SHA1
970f1576a6f81942e37a47c74cd22fbf564e03f3

SHA256
13d65502bf78f54e36ec7316bf49388ee96b0d50706658e00bb37e8da84f803a

SHA512
7d515e54980c01f139269b575adf8a349ed24438af7fa1dc5aa0ea0100ade5df928abefb9890c89c6265ee3755c04074d5bff344b6556c3b932c66a73a5dd285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1beda55f0dc1c7b4441167008517f3d7

SHA1
37b81cc5eb98fd69f30798535edbf623c5cfaa1d

SHA256
cabe99c35bbfd3b89823c7ebc2477ffba4a8d8199ba340de720bca00bae54cf8

SHA512
4aba8289c9caa6767b328b8e03a6ce6de86e32696a59faabaa652818c0d05a5da62fa98a6bcbed563f6d82504557508b0dc251de0ad16f7fe6592a400ec7082c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
f92b112e58d9d548f22f14401eea038d

SHA1
68f47468f02e3999776c4415114e1c0818eea18b

SHA256
8bde88ff26389c93493841f68539f0e3f941bf4c05f7e3f7f454f363b6e858b4

SHA512
fd549f3aeeb88960dd2e476f545053bb2e3c84052873fe1e0768de764b47d2fc45b133662130f9c380cbaa2bb3a6d02de75e14dd3f804d62e9d1d97ab0c33da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
9bebbea8ab1bfad34b53689c39c00b5b

SHA1
3322fe1aee3f61028c888b520cfe3dbd1766bb15

SHA256
3582c7ad4bc5fdb2d32f208047e468429c02a43b5ca6ca308b057371699c0719

SHA512
9ae23eb4b437ed184c665019ab67ff0f950a00a546e4fefe950c2a9bed1e21083dabc41e9aa8f80fe97d5b05d4d10fc1ec1d4fcab788335bcbf39f4f9f81d9af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
95f231b47a67901f3245ea2acfe7518d

SHA1
25da7c2e8e8b52e39ae1dd8bdec6e663ea7e9654

SHA256
9d8b8f89679cfd991118c7a9756dd23c8102cb0e7a2534931d3d4709126e8603

SHA512
1ab68286299353af2a5e5acfd60caa6be14da908d0078c49bd5ca8924a3535a21dc4ac05515b3a6b91d389b50685f4cbe1574cdad24eb93094d89e81d2674746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f70cb61040f71e3e05c60995b13b088c

SHA1
bf44f89763bcecb904355cd6d74e0a50c185ddd3

SHA256
3aa02fda8ea5a603b8f6517b2c9e4e096cd325fe458468b24ead06516f4c4cac

SHA512
d6c82257113e88bf1a28c64391a89b88b4d243d9ebe6ab5d69afc5fc3de3edc92e291138b3b821b34e47488a935fb290d4a58ee7be34a405c10d719cd257ef8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0116560b09642ee3e5c3d705e08c8a04

SHA1
8d15220e415e9937bf5d57d844772c0a9aa4f5c3

SHA256
fcc77dc5892e3c08d740c6645e4bffb8fcb909d65e7917d151a483a478350a64

SHA512
ad2f7b12512d08b917df2f9c4a70e7c58f1bf3e21e67e22de0939e2c11b14b3c3a84edf46514e01390443cfe583026fb9e79f63739de7e88176b9e17aa405f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
21f86b4749bb9cb05a80bb62c03201ab

SHA1
cfbda126bca9a4d20ed02b47e4d9110518a73af5

SHA256
b44d33998fa153668835770d6933bb58c84e9fd71e33dad54bc905e78b6e0d09

SHA512
95983d7574be449d6c8aaf0fd576fd71ee712be5e1fd43c195c34de1ab32f6469e827e47cb4e8cc4c38b4ca4fe52977341d20198b066c2e1013c375728438110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1a4fffea1ebd3d173153bedff447dff7

SHA1
ce32c1f9adc48ac2a4ba30dceed4f3c1036b8bd1

SHA256
6d64cdc7a1f7f6f7e26fc43ca9855c3f5eaf69aa5dde20e1035f3f710e97c738

SHA512
047b7730f8adbec2f3ef882fc8bceeb50eb234d47b4d459da65e6ada627e499f1503c1451a502272646013da2c8fb80f1f01b0715a5a70c4b317e436986e6e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
d54433d128c13ceff3e59b0fe0c48aaa

SHA1
0b8257fbff9cc1230db404aba5975cc29f56d4ee

SHA256
f391cac9497c19ea8b87770fa071f83223a66575201dc8807833dce4074e717a

SHA512
bdcefd3b0f2f8b7ed0468c71a8099edf0f87e10e54a292dea6bb534638c0bb010f6259aac664278f93acddd8b01c469be6cb37c07c058d3b3803fae831476477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58124b.TMP

Filesize
874B

MD5
4592c6af39d24cb8ed0ad256001840d2

SHA1
0b77046e135fc290a3d5658776398890d40583d4

SHA256
b5e2b463ff5cdfbf8513b8b273b3a68a82ee784acbbb3cd7f9a63ad366d54a11

SHA512
052f290b8ac294d492a3dc92b94a91c79561845298b86ffffdc46db8edb0cce0b3aee3edb5eb24a66ac3f3b8feabf27a2c1313e89f6be72eb04ae328179f899c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2cad82a759e599da796e8cfcf0dff154

SHA1
825fc2b5f2b47575b75a4de508de476e80e4c9a7

SHA256
3c7f3b83c7108a8ec74452bd7939ce2409fd9b73dc1479c10aae2bb60f2ab4f0

SHA512
e1dc0c42c67b1a6fbaaf8aa2ec1d00fdd05f678f54d0e1963dbd83d4358678fddb65179a46d2510b5cb948fb44a3a67aecc3bf7da67f3f0daac8605ad890f7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
021b1a05e2790381d47cb213ec95c7cf

SHA1
7b8eacef1f1921f38ab355f90df304172394b130

SHA256
05546c9717b41e770d983db84e7713d2f9115942bb8181fa115ed405bd8eee21

SHA512
bc8ef5b593d7f37604665ca3af7ef3223972113db0de3ac91e84e52706dca9529f5bca75444d87c026c4d3abd30adcbc7a961b41ec0b2830d7600278e2db7fe4

Download Submit
C:\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
642KB

MD5
9bc424be13dca227268ab018dca9ef0c

SHA1
f6f42e926f511d57ef298613634f3a186ec25ddc

SHA256
59d3999d0989c9c91dae93c26499f5a14b837a0fe56e6fc29f57456f54a1f8a2

SHA512
70a1abb35bd95efc40af6653d5db2e155fab9a8575b7ae5b69ab3fbcd60925c66a675dac6cba57564a430e9b92f1a2ea9e912c4d7f356b82696ed77e92b52715

Download Submit
C:\Users\Admin\Downloads\SKRIPT-GG-main.zip

Filesize
452KB

MD5
f2454b1f7b3432788f53372752e7aa05

SHA1
0ed59dc5224965d7f794786fc0d9258cfe6608da

SHA256
cfc6ef878d7d9dc433f0bea49645948d3ec8236ee06f89149587c9aea3e2235c

SHA512
691b271610b7bbc4433b37428a158ee7bf39de634970bcdc0338dc1610a80552c7022c60ccfeb4500315cc9c1909665a70f048441c50eec9ffa635c3c272ade1

Download Submit
memory/1704-1511-0x0000000000700000-0x0000000000765000-memory.dmp

Filesize
404KB

Download
memory/1704-1515-0x0000000000700000-0x0000000000765000-memory.dmp

Filesize
404KB

Download
memory/1704-1510-0x0000000000700000-0x0000000000765000-memory.dmp

Filesize
404KB

Download
memory/1860-1503-0x00000000002A0000-0x0000000000330000-memory.dmp

Filesize
576KB

Download
memory/5044-1524-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download