lumma | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbTZGR2Zncld0TmV1a0EteFdHZjBCU0dDZkM0UXxBQ3Jtc0tsUTljLWI3SmZyRmhuT01aaWQ1N0hfbk1fbTIydlA2VHJuYS1XNE1ZSkd6cUZwTm1fZ1dDTEM1U2lFRnhyOUJjbU5rUExJMUVXSWZ6U2lZVlpjNlR0TXpCd29Sc2NXRnNENTR1OE0zcVA2cTZiUXZxNA&q=https%3A%2F%2Fapp[.]mediafire[.]com%2Fv3txu5tkw7ln5&v=swg6voEZuZI

Analysis

max time kernel
253s
max time network
257s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
09-01-2025 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTZGR2Zncld0TmV1a0EteFdHZjBCU0dDZkM0UXxBQ3Jtc0tsUTljLWI3SmZyRmhuT01aaWQ1N0hfbk1fbTIydlA2VHJuYS1XNE1ZSkd6cUZwTm1fZ1dDTEM1U2lFRnhyOUJjbU5rUExJMUVXSWZ6U2lZVlpjNlR0TXpCd29Sc2NXRnNENTR1OE0zcVA2cTZiUXZxNA&q=https%3A%2F%2Fapp.mediafire.com%2Fv3txu5tkw7ln5&v=swg6voEZuZI

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://begguinnerz.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 1 IoCs

pid	Process
1316	Heard.com

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
2024	tasklist.exe
3444	tasklist.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\UrgentIreland	inn_ac.exe
File opened for modification	C:\Windows\AcreAirline	inn_ac.exe
File opened for modification	C:\Windows\TtDeck	inn_ac.exe
File opened for modification	C:\Windows\SupervisorSize	inn_ac.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Heard.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	inn_ac.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\acccid_nw25.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
2936	msedge.exe
2936	msedge.exe
1448	identity_helper.exe
1448	identity_helper.exe
3440	msedge.exe
3440	msedge.exe
4636	msedge.exe
4636	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
1316	Heard.com
1316	Heard.com
1316	Heard.com
1316	Heard.com
1316	Heard.com
1316	Heard.com

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2024	tasklist.exe
Token: SeDebugPrivilege	3444	tasklist.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
1316	Heard.com
1316	Heard.com
1316	Heard.com

Suspicious use of SendNotifyMessage 17 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
1316	Heard.com
1316	Heard.com
1316	Heard.com

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 5104	2936	msedge.exe	77
PID 2936 wrote to memory of 5104	2936	msedge.exe	77
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 3404	2936	msedge.exe	78
PID 2936 wrote to memory of 4856	2936	msedge.exe	79
PID 2936 wrote to memory of 4856	2936	msedge.exe	79
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80
PID 2936 wrote to memory of 968	2936	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTZGR2Zncld0TmV1a0EteFdHZjBCU0dDZkM0UXxBQ3Jtc0tsUTljLWI3SmZyRmhuT01aaWQ1N0hfbk1fbTIydlA2VHJuYS1XNE1ZSkd6cUZwTm1fZ1dDTEM1U2lFRnhyOUJjbU5rUExJMUVXSWZ6U2lZVlpjNlR0TXpCd29Sc2NXRnNENTR1OE0zcVA2cTZiUXZxNA&q=https%3A%2F%2Fapp.mediafire.com%2Fv3txu5tkw7ln5&v=swg6voEZuZI
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffab87c3cb8,0x7ffab87c3cc8,0x7ffab87c3cd8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2544 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11603975852548063014,7502794844114435188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7492 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:680

C:\Users\Admin\Downloads\acccid_nw25\johnnn_acid\fast_ins_acid\inn_ac.exe
"C:\Users\Admin\Downloads\acccid_nw25\johnnn_acid\fast_ins_acid\inn_ac.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:816
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c move Citation Citation.cmd & Citation.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2812
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2024
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4620
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3444
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4432
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 170898
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2044
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Repository
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1408
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "zen" Consist
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4832
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 170898\Heard.com + Proposals + Organizational + Extension + Mb + Elite + Parents + San + Wordpress + Citations + Iso + Aboriginal 170898\Heard.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2964
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Willing + ..\But + ..\Situated + ..\Thermal + ..\Shuttle + ..\Conflicts S
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4200
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\170898\Heard.com
    Heard.com S
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1316
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
10f72442f547f0c541b12f4f7aca133f

SHA1
171259aface7266348e899186f7f35ea4ea88d49

SHA256
d1a6b9cefb72097d257542f5b305713007cc0d1eed57bd6d79f5dc602f99492d

SHA512
25a2a2fce558c1dd4dbb95dd5f8a31cfc67b758bb1631a8fe059e372d29bc472e94856ad9a6fbbb4adeb3542afbfc9b9735a107826ba9edf2ba08ce9b2ae40bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
3fb00a8de8b2576616a8f2831410e2e8

SHA1
ce79af2976d4751739e0425350694f6bce878a7a

SHA256
59480cee8e6d3732635879409c5964d0beba437a5464ef7b0df365fd7e992bfb

SHA512
173af5a4e16f9824bb4342a9dc64cf41bf2c08d549be71d987901c2a6166549abab9985ff1d6f98f498d326ab02e72a4b474830be0da84d33480c50aae7c7598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7f736fe9995306625abf901b26ac4d14

SHA1
949508bc03cb1691fd384af86a99b6e5cd450432

SHA256
815cedec4837f2c72032a84a7ce69167af32d41e6f891d987d94f9fa068da8d3

SHA512
d8e1d75cacf442d8a880ab5d60e30042b2b67d5ab4710f6973087512271e62af128db9dcd07deb39cf1e61b1e3740216aa683851c12f32d513d52efe337800fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
62309143975ed9aa9879ffd815382d84

SHA1
0c4b27cfad2e8e2e3bbc7baa4d1f1df7df70b5a5

SHA256
17c0c4fc2938d507e5634c0d21f4d2e29542aa07b6bb95133219fbf778ee53a8

SHA512
8cd6a17a473bb1f4611e0d5148255b663e3f09d1507b5c760e0f648d10a54867dd3eeb35f610caf9b911d915b248dbda4c58e0b0d5ccb0e14a9db0a7c1e76e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b9b33b7c698c65bb132fab362e42a43b

SHA1
69ea8c134b9f9c231046be886b3b8cdf2fb9bdd1

SHA256
ae05d7193550889a7056bc18c65c5f57c19eb77a2797b7266411123c0662180d

SHA512
7f2e5e00c6d6473c60aec8183520c71b322710c3dcc605c2802001838a0aa2061760f0f27d385f8b83b8215acef9525b2599b3cd4b3bfd7557871872f0d1e76e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
293cecb51e90ac1d4c9fa06c39b6fc14

SHA1
7aececb2703361474c5b390613bad6c12974f10e

SHA256
d5ab8525a58c21909f9015b1c9380331c652163ff77ea9e159bb3fc1ab3df585

SHA512
305ac6a6310fe39e8f8ee6754a421aadcf8b809e34abab511eed9235fee38459d2ec2bba71d8ce77b58a56a19b7156a8e562b456c015b643469fef5907b538e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1617a52088c2eb3aca74864152b0d99e

SHA1
7d50cebbc164e6c76911fde67ab6a0643bbd1995

SHA256
d736f521dcee88daad507dd17c94ce3c29e562c8ecf442a7612bf9bb2006a5bc

SHA512
22beaf119118903733b59d5546ca3d51d9f5e25626b2027789a6cec7f0b5bb112fe3dadf246c77ae0ea2139044dca5c2c0f3e9e17223e88e095b383d2717d489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
ee8fea1e9cb8b8933b02a8514af76101

SHA1
e193869b88caabf4a99d82f9eae8152a0c5e8fe4

SHA256
d7ab47ad0fe26fbe43087b34fa8ffab22a6b54a56a66054ef6a4b83debccf653

SHA512
6d9c97aa692bf3cda9460aaf334beeb39e60ac76a5e70be79df28075382f609d510d57caa9185d06bfa6013dac1d209afcdbfb51332b56ae8518e50e93cdb43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
6545e987b706edf5779a876c1666efe5

SHA1
923c947f83e36dcfaff0de2089b0e566234da69d

SHA256
d386a3719dce5f562650ded660962c31f93819095e523700ad0302b9f4f6f9ac

SHA512
ad5aa06882620766c7e5e8545757832eded14bb6b6dc0d65c84498195949c0f0d1dfc947b58e9e5765b003b0823b0d4b39f7b86728f11f8d330421f4a1e0b2d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5109b394c3ae822e7b4f7dbe23d42bfc

SHA1
5c81a6f1cf3fb955457129232be2d9fa9373b31f

SHA256
0b6727fa929826418b9cac18f0b5cabd01829332cb28d4cec2029ccc4ccb4d66

SHA512
92cc5a72d427a3c76ee0cfb4c870134178b82c65d8f6f44c831846695ff344130420b7398e5574d602c84ec584eacf24a51567e5ea4c7fac1d8d103c46994fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4c8553c2ed60938f49f083d37a68069b

SHA1
0fb8a437be72dc80827e08565685ea855795a23a

SHA256
3d232d758ae7cd359ec751461dcd0020bd1d300c449e5ec875b5f82f2cd5cba6

SHA512
76a4c118518eb29a54807a6d22c05d72695d477114ac1d4dfc4f5bba4a0d76c9d401b86e1d202fefc1f107ec0c1370a482b7918a2043f0a8dcdb177eb4c5f716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f652ceb6c32470b31f7ac8f988720cd7

SHA1
d4a390435353d7608708a401832916469b159ec0

SHA256
1dd14e8852705cf9e29146b4894ea6af9bb7f6b411a032a18ebb10170ae6e387

SHA512
19f577aa588bb0e9d657a02f243a0b1e50bc128e66025bfeac046c171bd834cb6ebcb91afc2467b5b487804865ade1f4d4fa84f3f945f56663ede8672b9e0a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
01f549d202d7b90b1ef4eb3e5d543673

SHA1
eae7d7da2e8a0862c39ec24da0dc17ad6d633c1a

SHA256
45d828dfa5b68a7712ec476b3747ee4e067677dc0025f26d61dbbf5e615a9f5d

SHA512
d729be099be901bdd6962c2d1124ad91957c417e306036c3f1f0e7be12e087d18043a69bd03ecb23a897792a986a5b5ba0e63968d77d8b3aa4d566deae444df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5dd74ed847e62068b6251243b38cc708

SHA1
9697870c6d255449e268d18e356b8aa9c1acf6e0

SHA256
845e7b0e0325ec90b3384eb66b9caa65c1c03226efc319e390bc07df3a70c0ac

SHA512
b1bbdc4a2ad986a7212e8b24c6d8ca57992f5752978de99002f1c46b49fa09564ba68f58f8e33d8251662c833da05c5d396e96e895aff793d032d45599131b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df883f86b1f3b26765dd4f608dbb46b5

SHA1
390842aeab1d7ed8f6c832e123be55169c22eae7

SHA256
7249409853735e391231855bf66c8acbde01667371acbff2d21c31bcf0edb0d6

SHA512
cbef871c16edcd1cc53d8c942c39798b910a5291bd9ddd2db02d443f30a830bb7d12856e6b9d75c5886a706bf00fc2602bc83b29eeb44980e0a8a097ea3f26d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4eb88a6cb002760d2008965fe4579697

SHA1
44b576483a22561d5af11281a17785ca6dff00a8

SHA256
6e5f1ead6dcfbe8d19cde93c011a561ec092651b3932d564f6d7fac7e5c7cb24

SHA512
51a728d54fe8c20640cbfbdd2dcbb9f65a9f01f2a1e7d76ba41f89a23babefd17d3001d8435bcc0debbb65c70e319f8411fa235bfc69b414c8ebeaf34bbe4e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1c2b789dcf5fd04f85f2ba7021717f9d

SHA1
f49dddc65920f1c60e906f54fa45f02a6ccae13b

SHA256
d2b79b58ca40626dec83e5330447ff9c489909ae1eea654af31d335b92891cad

SHA512
cae3371e4d8f46b90ebbaf07e33c409347ad9d54a758c9fd5558d332025fddfb8384918ee71210f40d92b0c05bbe2f9b3bb0e0d2663e10d80853d7e920ee7b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59b79e.TMP

Filesize
48B

MD5
65a8762d02bd624b41851287e5c69b16

SHA1
425c4e4a7e364fa613383ff40235e8d441ea0aa6

SHA256
cbf030adaeb0b68fb222e945b5793bdbc7699d90fe7507dc5a8284d044463df4

SHA512
a51f4893d715fcf9f8e3a2fb984cf2c552901ad9cc10165f9701ceb4d2d22c46036e208be5e884cefd15b3fa1d3f119aaf20f549732910399011035a6a243a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d409fa7473780ffb53777038fb70c1bb

SHA1
94bf37cd627e414822dbe96ebe5bf1eb6160918e

SHA256
e2459d91382b30ddef06726e6eab1c92c11036d4d09bd6803f4d10614d823cbb

SHA512
552e510b113aa942a8e3068c82d8a4980e866ace6cb4ce6c9f70fc41a6c63deda118d3d8d55446b269c2917384aa69f88c459d632dba3164484b096ba4cda75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
315b4e8b3fe136490640a5f9281a98d1

SHA1
0a3b25ad4c5696508b87635d40f8b8d72877b52c

SHA256
4c441bec4b1fdd0872acc8332c17ecd6f440ed2fdfe359fbc4d5e38e34744f28

SHA512
acbdd84cf49dbdfea29a5a346bb8c6433a46fe73acb2c10d5de93b27da0ae7419ab7dd4b7045730f4c0ce01f38908c4996f90435170a1af6f3490d1340131678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3862374762f50ae8d34487d9d1611487

SHA1
c5813c2d000a90f26873b74f764b6d1ca35139a6

SHA256
86d63ea2bd79d3a40a8377849320f750198f3a61b76fcc9c2c4f560ef9e4a876

SHA512
3d1bd3742cd3e88e06b5f9e97a2b0e23205a9660085eb5f8731acc3f88437113c5c90e3c2f5f50ff79f166773cbfc8e66e3ea0dc346d2e865db7e908061a6973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\af522ed6-c369-42bc-bd79-ae1b4dd76c39.tmp

Filesize
874B

MD5
a5a5d88c4c2c5e2f99e6f597d23535fd

SHA1
a4430ebc408d8d4e0c4a5ec6796ac3561066f34f

SHA256
662ec0026644d4f0246ad0ce156c7bbbedd75e7747087197e36bae8a0d552bf5

SHA512
33be90f53f513ed8b94b059c8ae576c3f33c23ca26d1fdc91dff0da804af974162a50b2820240681cf063baaccb957056508c7ed44369c19103d119fc3a53321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1943da9d51f990d4a2b418b778355d17

SHA1
1105ca5ebe79132e259cfc1975a2349eca7988a4

SHA256
02df0fad72a80e159279e425d7eb509f94f79f71ee393f15541153551d173721

SHA512
a165dde94fe3dc8ad711a886bf10fe89a99f24f3397c96a117f56f19d2d90ff3b2d7e5fed30a15394b83f53f07e45c08662483e82cd0a937c7506bc5d3dade73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d84f4a0e1a56391fdfcea1f786b76c62

SHA1
735242889a9e88db1721ea2f36e71d63bc424bdf

SHA256
b9b4ad0b1c4e090a67fc329adfd94e37de38228545d932522c9e6809850e6637

SHA512
f27befaa1a890f7d67c55099fcdcdeeb86c837f3f2f58c9e4f0f87d3c4b42a8183ee2b20ff723e4276d4327c7cbc5044447f2fb1b79bf3ac81bbe1cda58b6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37916ecb7bca1abcc15eb2022213f38b

SHA1
393e5bf9cf236e2197a0297470438a1312ce55e8

SHA256
0e095ce8317b81ace708bc6f9de2f59150c61c9ab2fb61f9666c961ea6863183

SHA512
17943ea3f95cb9a9b5e07a57b6f6bb9d50eceb3abeab9c6e2a63987957b2920b901eeda8fe9c6a903d28d21059a06c1d1ef8feb7c9d8a1627b0f8fc2bc7967c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\170898\Heard.com

Filesize
146KB

MD5
669619d66b40ec6433316c3adeecbdaa

SHA1
80ec9a20c29c5f2c18a109ed2f11dc5c41fb450b

SHA256
aa6b76005bf9b8ce41be50af732e11df11429ff2667c79f0c94f101abe56efbc

SHA512
3007037a106e9a6c88e4d2f9c8d74bef47c8c19a6911788f69437636b0f19883ae2519bd47dbfb201ae2ef5022ce1183c1eb9eaab8437a16ee5743d32cdcf066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\170898\Heard.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\170898\S

Filesize
468KB

MD5
e29526011a875b5df841536c5753c6f7

SHA1
cd0a163314691bad0879c5c4089f80753e152a9b

SHA256
98da08475b74376406ef3ef14f37679fe7a570ec352e5452dd92a334c951efd1

SHA512
e0f21e5118bf8a5350c08897ba7d3592685c59af6708a38dac900de9d368efe05b70c071f2f95fb6b66f25f0128b79201f70d09f48674b1a1a950ce8598e3f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Aboriginal

Filesize
73KB

MD5
07314039b19dc13c7a6c82f2a9274051

SHA1
d11ea8b8d1b309b6c37f2f82b21d7dd81212084f

SHA256
c720ccc9b2b3178bf072abb0c1057acc6726da0fa6a2e50a87af879c40e2ed7e

SHA512
617831791d8e83f889f1a7864fc7dfd5d4e28e10b58996297619316cfcb057a06a160c293006839a4a62a52ed6864b47839f8a335175317095992a31fb7e2166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\But

Filesize
96KB

MD5
353cbcc4db2a06ca96989d8db45f5845

SHA1
8fedd5bb69d3b32031e05290de53efe342383491

SHA256
7cee924f41c91b416e718494229926a01fe493d882d0d9994dae053e1a12eafb

SHA512
a3a8e0a6bc2407fd5ad8189a1cff148671e4affa2157d7238df71164e671491b0fc62e3f218a0c1ec0ed10daf2b927e2b7ef6d7826199da08c8484596e002dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Citation

Filesize
17KB

MD5
6627bb2c9f64f623b082646bdaa3771f

SHA1
02d4e9eee858c99c7bc869166db9b70caec40186

SHA256
4ad227feb69b27715eda0555b3963f8d6faecb971f3e4627b55ef9e766710b0d

SHA512
7acebfa6d8b03c2718e3652e2060cb64322f4440701ca88e6284bebf6848c90925d1b0b9d4be6f55b8023c7378166e1de4efc3f4970c3a54e8c1aa508e5f8110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Citations

Filesize
65KB

MD5
bd0c8169fea6a0f0ad4863961cb3e828

SHA1
a283793374a89319f3161f258c590832ddf18770

SHA256
3aebd16034dafb00367c74809de05380fbf0de25c5cbbee7485b69eee55d3e06

SHA512
fa170a2520e91454a777f559086862d24c113bfa529715c35ccc42220be191628d2aa0e1bd255104463698e8ee957c84c2af0a2caec06934b482a1cbf0bc66b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Conflicts

Filesize
23KB

MD5
6f0c63fb9a8005e1b9893326e4c5d644

SHA1
37c8d16b7335f238f2dd0f4d080071b17b7cafad

SHA256
cc27a286bff343903ad429d8443957ac09064d6ec7b27db26827b1a835c7d748

SHA512
738acaaf1947758670dfd0228a544e74cf97dc4aaf7d35fc7829452975bfc37ad12a1ed9a0cd9d44a318e7ffc63935925be4995980b3a00d29184372c3cc7693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Consist

Filesize
2KB

MD5
83312cafd3a0f5112950c5e033d1f877

SHA1
1ead3f8680199ad967a050123d1c848a4c37e3ee

SHA256
74bbb520a6f27437431afbce50d7f3c52711b8860d910588e2bea2c3cb24fbf7

SHA512
009a57214977c088bd1b2e4f24dc2ee2c563376716d134fd7850dc0424ebff9f96db0c032cca3307c50150d0f8492fb055cf0aaa24012c49714d50eb3b90b738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Elite

Filesize
126KB

MD5
53e2756e1204e5c25c38307daa54185d

SHA1
5b99a9c06ce605d93cc5b43b2efd766c4edc89e9

SHA256
7c5d27dddc9407fe64ca0fd3ba884aa9d593fc91bf7b4ec5127acbaa4e1e2ff9

SHA512
65cf4a3695e54cdd621d599f027dbf8b6de1331cc77765ee0fe3fe40de795398049a3e5db10cf79c710272cd1ba8640c87c7750b76f64ce9848adb5b43797d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Extension

Filesize
66KB

MD5
ca328a92d384e1172b0f657e588197cd

SHA1
e0ea7102302f25b4218159bf32ef79e1bb56345f

SHA256
bfd10879455f94674de0d891b993e28c84f547a45200e23ded744b76a7bf1abe

SHA512
b25c494e79d057d32498d25f85b8f85018b9495af7ec2d254d23dbef9d1d1011332455574e24f9d4d4ef2523b8ae660e0c41075a6e794f9632af758c3c959d49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Iso

Filesize
58KB

MD5
8f7a27ca8809b10dc04c9a81b4c82b03

SHA1
5bc8d6a5db258139be81b4cf8a46b542cc9f93b5

SHA256
7a1c064f518ed6d7596ed47faf2b8aa782e763948aec3d84d6006ff97d5703fd

SHA512
9e688577a417e5a4940c09477b6e0695ea13fe032bc23b484ade6050fad8db51ee071ab3ab9c2c63f060855dd91960b2123520067a79ab642a41fed4d22fadd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Mb

Filesize
144KB

MD5
c62cf4ea70d4c9d82852e1ffc94e0437

SHA1
793bc14e085fba0dbc1fce0d8407ac1483f3926e

SHA256
7e5ea196f771120e2df45468ac39df309031b01926730a2b1dc4acbb9f137c8a

SHA512
1fc7bd0af67ef6cc51400a7bff017f74bf5368818f57d51c107a69f833dd6b267919a4e5e4ae5ae849e0437eab80a26c3a629bf0ddbbcee4a7df0d6487ed9e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Organizational

Filesize
77KB

MD5
86dfe448d6f558dc4ac44dbbebefb0ce

SHA1
aaca62907c75daa348ad0cea162b0c4197a1b781

SHA256
eeda28037ede8298dab5eb33fa2a6615439cfdbef809e6a765f3ad322ef7016d

SHA512
0a3d8e00dd5a5ce937e22a77f270ca3e42a870f65204c1a36cf49d3b411247ab0a1b58d2ef7a913987afce0b6e7fcd5be8c463e632806d41aaca1617231f4187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Parents

Filesize
77KB

MD5
ed7bbb47a06dfb797c1c29023c951964

SHA1
f670b7b70ff683d513a0e278bdcb7c3ad4fa70ef

SHA256
31984e14c8a40bbda23c1bb7833f218bacc04eee6fca486ce3c4998e5009576c

SHA512
c020b04283888dc850a98b14b160c4ad454c9e9060689ad59945da5615b04972f8b5e08c921cac9edc8e77e697d0b9f5197b7ff816170b84701c320d441f8ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Proposals

Filesize
67KB

MD5
96a4f605abd67c69596d0f30891bcda2

SHA1
8c3e19dd616ce28feedd05e6d5df2a77b959d1ee

SHA256
c17bac465a6f151832b1df82dd19d944f7612d7718162c78766cd19c3f3da1b1

SHA512
a81ecd134e41b1bc0c7b11f6c8bbdbdef71a286eca4b995cd21c167efbe04ed9050cf2d7e8279609cbb1cb338cd66db879e1cc1d26fef154ac7bb735bd77d1ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Repository

Filesize
478KB

MD5
3fc44943e0e388647474298f5fc4f98c

SHA1
66aa8e5313b1715fce540f1cf985337115d3a60a

SHA256
d6128ec0e64b67be5cb7787e91f2d84330d7c8fff4ecc5bf78c2f2d8f55e094e

SHA512
4cc34dc74a34f2fa8e2ead392a3f7ed5e38fc1f50e37b425e416abac0d945056fed50ef549568afc59104dd1e1133abfd545b3f1a1be8d4b1fe9ceeba714340d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\San

Filesize
109KB

MD5
68b81ca65154f033364440d912d50556

SHA1
0be175fa5e63ece9188b733e9b56d424a87ddd64

SHA256
48771a7faaf737d13e454593703a8bc1304352a49710913b3dd21a70afd18f9d

SHA512
fff833a5d0c7e95b74d0fe1c492a71b5549b0bc8751cbffaa6c855e220edc222d8c1ac6c05f2f5a3696f3f8c5d029394b974a2831b34ccf053140de59bfdcd21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Shuttle

Filesize
69KB

MD5
5b24fa429fb2c46e9b30609ff0ce2a48

SHA1
5728528cf2245e0f189af5a510faeae8b4d41abd

SHA256
b4ce707bab0cac4f91125d6f88052ff734405c58eaa1744e81e088438b8de8e6

SHA512
ccbf1849d8b92e0bf7e2ebe379f5bea765a0a5063c69bd32ebe4dff23e5e0b1a8bf991856417a44c49503b5d9b3d154549334de199404517880e507fac25dd6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Situated

Filesize
99KB

MD5
ebd570f07376bf2f88e64312737b8e1c

SHA1
d8daaf771da1db6a27e1566c49479f52d1aa0257

SHA256
710ee0073474296f0c83c5951c60998e5694beaf438c1055f2961a0d4228435a

SHA512
f7e0974e7e90a2f740856715e077b4b49bb827d407ce8c330dcefa9e752a29a523ea2d843d38fe17a574e33dc6be0ed46f666fa681b6bc52dd608b0960347e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Thermal

Filesize
83KB

MD5
38ffa94e0e6c78baf39af60e3c708117

SHA1
ae52d958bd438dc0e7d2aa4f83d062eacf6e211b

SHA256
c85681f23ae88c9b5f480046920672b4e1cc510f2af1622910b8247ffb2fc462

SHA512
011355e40ffddbcac081bae30916982c405d604241a42e9668fc96ad1b9d7083240f9c7d14e9fade35ea41194a8aef836d8bebfc24682bce77e49bb2ed981605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Willing

Filesize
98KB

MD5
ab8332216c0359a94d5907d2499796dc

SHA1
522c62354690742aa60e1fbd7b110fd6a3eefb92

SHA256
ba8c84e37d3a7b1237f014098393e68aeca58dc527ecaaf994f5a2bb078cc90c

SHA512
0e4eb5abf3a460fa47397592affd5280a5a2173d88a7a703ffe622eb4c60bd9b12615674a39b564cf5abdbd9cda2339183abcb38d4893b5ba06fe7aac7a74cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wordpress

Filesize
60KB

MD5
3f0a63af42ca7cd1017dd29fb2145a9e

SHA1
c9067449a9ee03f063f14419b4e04f3f3ff50af8

SHA256
3128948b5b4145db9cbbc96081f7374a5af5de421145c05bd0038940ab8872c1

SHA512
95b17ce111f774eecb73a4aa17b450de2fcaf02d33f4d182e7fdf811f4831fb0c2f002a5c3f8e5d26db6889589546227fe017c1143399b61d56dc16fc16bf12c

Download Submit
C:\Users\Admin\Downloads\acccid_nw25.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1316-754-0x0000000004120000-0x0000000004177000-memory.dmp

Filesize
348KB

Download
memory/1316-755-0x0000000004120000-0x0000000004177000-memory.dmp

Filesize
348KB

Download
memory/1316-753-0x0000000004120000-0x0000000004177000-memory.dmp

Filesize
348KB

Download
memory/1316-757-0x0000000004120000-0x0000000004177000-memory.dmp

Filesize
348KB

Download
memory/1316-756-0x0000000004120000-0x0000000004177000-memory.dmp

Filesize
348KB

Download