lumma | hxxps://www[.]youtube[.]com/watch?v=TEHjj8bMV7c

Analysis

max time kernel
257s
max time network
264s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=TEHjj8bMV7c

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://jubbenjusk.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2108	4180	WerFault.exe	126
64	3216	WerFault.exe	133
1760	4804	WerFault.exe	136
3196	2908	WerFault.exe	139
4924	1892	WerFault.exe	144
3392	3504	WerFault.exe	148

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
2484	msedge.exe
2484	msedge.exe
2824	identity_helper.exe
2824	identity_helper.exe
1456	msedge.exe
1456	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	1016	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1016	AUDIODG.EXE
Token: SeRestorePrivilege	4236	7zG.exe
Token: 35	4236	7zG.exe
Token: SeSecurityPrivilege	4236	7zG.exe
Token: SeSecurityPrivilege	4236	7zG.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
4236	7zG.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 1276	2484	msedge.exe	83
PID 2484 wrote to memory of 1276	2484	msedge.exe	83
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 4304	2484	msedge.exe	84
PID 2484 wrote to memory of 3424	2484	msedge.exe	85
PID 2484 wrote to memory of 3424	2484	msedge.exe	85
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86
PID 2484 wrote to memory of 3040	2484	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/watch?v=TEHjj8bMV7c
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf63346f8,0x7ffcf6334708,0x7ffcf6334718
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5636660069401131926,9382422895404906847,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2392

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2508

C:\Users\Admin\Downloads\0PENM3\Bootstrapper.exe
"C:\Users\Admin\Downloads\0PENM3\Bootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 1408
  2⤵
  - Program crash
  PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4180 -ip 4180
1⤵
PID:2928

C:\Users\Admin\Desktop\Bootstrapper.exe
"C:\Users\Admin\Desktop\Bootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 1272
  2⤵
  - Program crash
  PID:64

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3216 -ip 3216
1⤵
PID:476

C:\Users\Admin\Desktop\Bootstrapper.exe
"C:\Users\Admin\Desktop\Bootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 1432
  2⤵
  - Program crash
  PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4804 -ip 4804
1⤵
PID:5000

C:\Users\Admin\Desktop\Bootstrapper.exe
"C:\Users\Admin\Desktop\Bootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 1328
  2⤵
  - Program crash
  PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2908 -ip 2908
1⤵
PID:2420

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Bootstrapper\" -ad -an -ai#7zMap17951:82:7zEvent5108
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4236

C:\Users\Admin\Desktop\Bootstrapper.exe
"C:\Users\Admin\Desktop\Bootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1892
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 1424
  2⤵
  - Program crash
  PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1892 -ip 1892
1⤵
PID:1980

C:\Users\Admin\Downloads\0PENM3\Bootstrapper.exe
"C:\Users\Admin\Downloads\0PENM3\Bootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3504
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 1368
  2⤵
  - Program crash
  PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 3504 -ip 3504
1⤵
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8de410d0-b15a-4e83-924e-0b03c9e1d149.tmp

Filesize
11KB

MD5
5477d56e8e820420c7efdc3792278b8b

SHA1
18256ab9a850e84aa52ec1d3f72c39806a7ade16

SHA256
3d88f0f371715d8708c376e9831a8baa4bc8b9443cd30428d96d51233b70d5fd

SHA512
ff39954223a3120c4ca292e0dea3f4e924afbd8c456dddaeba5e2e758f6bd99d89db20c0c62efc9ffdba8f3d125ae9285d13e1c2faf7711577a487211a56eeb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
49KB

MD5
65da8d6932ad74d3b51694b5a28dd0bb

SHA1
aa6e37cdacda153f499c299299a4dacf50c93765

SHA256
309ec80a404d5ba8c9816e0932bff343c8e205fe36819908682289ed7c7ae482

SHA512
bfce7ba0e18dde7d6f833709e565f704701d7a51b14d7c11b06cdce0b057290a334219c9aa4f7ea098c097eb779a2ceca397a9ad1ede0784348f78c81fd55015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
34KB

MD5
796cde84f96aeb0e7938a6449c5df98c

SHA1
bcfe2832173b772cf4ac08aa90a45550dd54f96d

SHA256
d4bd3e815320447860e0564ac090789168e4b742484a19a05824992d6984f38c

SHA512
ecce78771f99bc03e989abb43f2a10b254aa49bc35faa6d49c95304388ac2b054c3b513c7bbb14730fb14d0563712c1fc0cb376f5a298e8ec17160fa69033be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
34KB

MD5
022b55bf2e87557e4598d3efc85b20c5

SHA1
3212e3e3d4b0adb40d3eb18fce62f65082b260e4

SHA256
1ca0d3ee1af6602ff407b8435f010be0cbbdf2447f8b1a13495cbfa1beaebb5c

SHA512
f9fb708bf3e9771b87f5661d8939649f342279583146c47ffa62a8c29d678e957b283d479666191a92559762725f2e1349de40450fc04d2decd79ac5fb0ecbb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
41KB

MD5
350fef14b9432c8888714f9d69ba79fb

SHA1
f02876195e3b3628384124d63cbcb3606a06996d

SHA256
dbb362d29b9b4111e7722bae880e8a79ef8efe96db4cdf7869195f5cd0066fc5

SHA512
8fab4f3151a81a2cf0465aaf245d507da97c230eeb86dd6e9cee798e4d8d953aedb2e7e4cc004fdc8a5f7e8af0ded27aeefb4c626ad61c95f38572e13d49d419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
55KB

MD5
4c6481fae270ad642b4773f52733b9f9

SHA1
cbda3768795cac52cf5ad2b14fb5492b6c8bba34

SHA256
dde8a16197cac6726dc7b1e4a2b6a50c90c3796041806a486ba66f10147aaabe

SHA512
0cee227c0edccf4e6c83ecf77c68a385567157b5a238aa4132f79f72267ad11daa293191d6dc6fbed0e42d52c98c8ab712464247cffd6ec33e8b2f694babcec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
fed85a21498b1ed7a41ea0ca00cddbea

SHA1
b1db064f1e32c26af08584d14ea27e7094ea1d87

SHA256
8f6b81f3db3c835b58e0dc9d69dbb9c892fff470b9c0a3b2054746a7240b8191

SHA512
fe2c0d111945e18d3354beb1ebf0c9fe17174d61fe53ddc60a4e9819d2e33470bccf09cfe425c59ef8c77e679e494cb54f4c001d82d5ba87171f462c9593828d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a4d8689e5af0aa03562c4a29cd95cf55

SHA1
b81d6473628847767f830561346c7b682fa457b5

SHA256
492cf559b446ebb105726ee6064baa195971847ce8c29d19ac7ba7040c800f52

SHA512
c38247d98408b2775b0e2dd7a6c296f156de48941ebaec005e31a7e7c1a4ff67c8d78b389b73c905aa6a2fcc9cf6fe26eb98e8a1cf3778f1286c80289b220d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b056ee70ffac33fc24369a2ed4cd1b1c

SHA1
bed661261869cd164063e88be5337bf5c349c2c2

SHA256
29d972f6a36e5e87b2339c06e443e12a0a8c3c2b95bddd913acdb255a24dbe52

SHA512
2d593c678440e5feb186268c254d7648cae9e4cce8b4e9bf540bf5b55e22031799303c27aef0000662a8c179c03610e52cee04ed27360bfd65720489acdf3e0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a3e615a41731b0b9fa53b5f7125983bd

SHA1
853f6c6b2e4acc53e4b2600da447b92263eba409

SHA256
ea2545d4d210d9b7b492200b2b567fe00b6ea0b3c7d2e5c888d929ea6e7ad164

SHA512
a36caf907a094b6d7d021ea9568fef508250800f984f2f8e3a7ffdc5377bd36a90b923eda41777ee6f01965aac472f030b48231df81714b61df3e40846a94be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6dcc2bb8c42c5aca97790c8be77963c2

SHA1
4e3a21bf09174b20982db7d5533aef9fbf87bb3a

SHA256
ef23dca34b8135c47ed3514e6c7892df457011ee6a9ff67091202757f168f7a7

SHA512
4c53a1e0ee141a079ded91bd9942d020dec396b118244ef3ffc37a0321e9ff47ab8caeef41f3041a1e02bd41c033278c9fbffdde82fe002eca932e28b8271b36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
69077362410c0e25d44a9aae552175dd

SHA1
5a20e7d7dcd5548d31369af4fa18ae29fe9604c0

SHA256
a6269836e31c827d410f027a177efb1bf01051335588060f94c8851bf1a7a143

SHA512
26330cab65315b6c0734e10749b3fb192cfdc023441d268d0a70c096f80e034d0cce3903ba5e71f173a848a68410a770cd6b9ae7599c0eefc4af4cb14beb3fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5a2a49d65f3d5797296793485b6073d

SHA1
d6038cd4652890404cc2cae44cd3015806550925

SHA256
1fdbb8b36b544f8f06cfba309ccaad501276f3aaa9ca76ca68a22078d21e9f4b

SHA512
df85f0760c75232ae51bffd9a31db6bb195a168a0f702bf8a43530f02cc59cc41547d69a72d8a4ae344939c48e6313c6f8763e822fc7c115559ffdda187e2756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9e57790fcc60450f3b1d7864d008b55d

SHA1
4faeb08d7a0815ee14f81665cf056d59e3361e3d

SHA256
34123fe583fc5d75573cba9cba67957da5b98b3db2943f64f51404b676543646

SHA512
c68a58a3eb26f1b1d6a58d007f5ffccd9e7c42f8e0165a491b94a07b2e72e112e1893e5ee36a05290bdd0e4bfc1963e8d96693daa4e3f5ab4a21c758a86d2a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6de3e8609776d40c3b29f8ee09b7fd02

SHA1
55cc09c87d586492bf9b682084c5e08462133666

SHA256
abc50310bcf6e8bc50678cfb605c8704e0d84daf78c734a36ac367886dc130e6

SHA512
37e16e1c667d692ff753b04da384443e5daae4feec6c0dd4f2e4735e11d22c55515016379dc71c01dfa21d17c8960c0ae8e8da061a93d554241a05f172102880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b93e07b827aecd17523b0597017dc4d5

SHA1
e9163a88514d17db1a6f470e9cc57c3df5813e3e

SHA256
e519331de96ee28287484292de45a2d02f4d1c95f47b10968b226602e0cbba69

SHA512
28efe6b67a43adffe71be1046f7cde5e402a44001c677eadf764c8d968088ce2b063ec8b4daac4d779e50f6ffde1a51135a46b30e9d3533ae3374a74af9a3a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8602c2a76c70756f8ee4da0ed69977c3

SHA1
7828c6fa852372b657814d80c62776c1fc1d4ee8

SHA256
bfc22e74f596e19050daf7dc11124caaf69606f8a1b3d8f179f987ce18dc4005

SHA512
91255219a1aa0492eb4935b877a59e836d0bd3d5e05e8933b397e3378135948b9019f421114b9be0ea310127d67b1aff8769e7edf2559fa632a032104ab99467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
71feee4a3d3f2ee5ebd6392ab6c69d5b

SHA1
885fb31f0a2681a520ed93ab1dc0c2d6e2cd153d

SHA256
059a5af751707145a92e83f288bc644d3d227699e8d7e9136e7ca44165735d57

SHA512
cc051ba9acf5d98aa70e0e20847e7ce247bf53ed6690928b21b2ca701cfdabdd7fd684dc2f32dbbe7f7cbef48be6c08b1d35355852438803bd1983b5c3f86dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29535099-3ba8-462b-a325-ce556fb5b722\index-dir\the-real-index

Filesize
2KB

MD5
378fd3e992d27d46cbe97903eafdcddb

SHA1
37bbae0d5b8c6a0dc2d2b8035e11b1dc40d11c87

SHA256
ed94406928fb706a3fc9cff4ab8a06e5a57966c14788a76d8778f6cd929b1347

SHA512
98ed23797a4cef1805d5f453cacd9d4a755a90fed1828a39715f721675d5b458df24246defe349fb39666bb5213dd2fa950f640905a103bb29291b8a5ed03f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29535099-3ba8-462b-a325-ce556fb5b722\index-dir\the-real-index

Filesize
720B

MD5
8f81c5e81e07e4f0b15a90d0b9c8c55d

SHA1
f2ef4b0ed57881762e7b18a7fe3815f8b0af5194

SHA256
2acc3a26741bfc4f9303c9bb7698daed4101a01cf82ba8b7aa64b13be1527339

SHA512
a9baa572b4b5e0def68a18ac67b15c0236e264db6c32da2ed8ad3d2ef8bcbb7302ed6b6c6ddeb03804bdbda4dc37fbfa1b1613faee22e13e3c647c94a40f5b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29535099-3ba8-462b-a325-ce556fb5b722\index-dir\the-real-index

Filesize
2KB

MD5
dd423aa0bd73b879b5948dac02f9edb9

SHA1
d4887af57ba3e41f76d7eef01434ec4abacf18f4

SHA256
0e44d37df744f94bdbce3694efccb87dfdd23274748b02c008d70beaa5a9271b

SHA512
961d576811271da878d3f4c4de7a66da0056052dd05c3959af7ef49a734a4e5cc1a2d58dff047b784d4d37f2699270e7b06333725cfca6284120873e5cc425b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29535099-3ba8-462b-a325-ce556fb5b722\index-dir\the-real-index~RFe57ad18.TMP

Filesize
48B

MD5
01865498571fa8fed215328046afe468

SHA1
383bfb44fe122ea9b780b1ab707b1a5bf605f4ff

SHA256
da69a7f2cf8e9e4e483c71b1a4fd5d91b7e7eeb5eb137e0bfe9942898a201e11

SHA512
23cfbea652690508d04069263c6ab1d564d188888e8e6e08005a87cbaf5dc8768c11116601d352ff5c61640071abab3bb4dc09f96caf4dabc5aa86f26986eec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\664d518d-daf3-4fee-b005-7ce1dd7c6641\index-dir\the-real-index

Filesize
624B

MD5
de4f97464b278a553514a8d239843530

SHA1
90f846389eb96b6bc555865d3a2f63f76152abef

SHA256
c5c38329129109725c9b0a929f82f2c6d33ce379fd65215d8288f0975bb98a0d

SHA512
8376abbd43c81a98bf07287f73cef5865d36df8729e7e497d13191c5593bbfa195a9342fcae134ecc2ff5dbef75a4cfd57cfdf3a2034be15b6677514acd69d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\664d518d-daf3-4fee-b005-7ce1dd7c6641\index-dir\the-real-index~RFe580e63.TMP

Filesize
48B

MD5
040425dfbd3375de449eda9aa51c7620

SHA1
7582354a5659203bc6983516cb61711d7d4fc8a7

SHA256
fbe4edec508ea0511aa8266d74cbb3e063b59b8c402373a619d3a85dcdfc710a

SHA512
17340ae00d9a86030c8eeede29313a3ce784935fe51be493a630e32153c415d945b526708fe1d8271846b7102a7139b7d4b7efe37b7b64599d6fbb747302b260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d4eeacc9-418f-4fa3-9b9f-e9ec5a05b17e\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
8af5ddbfcb009175e84d40630b4cb74e

SHA1
c75732509d9b0b2e25d5191e64f256189193aca9

SHA256
93e97b07595b8b85c37126db9ffbdea6f99574e1cf07aa23754a5fdef5f477be

SHA512
64ebecb32ebc5e53a681edca5c0ddb5fa53ef1477cf0fcf64fd652038b966e0228263de36ce613fb8c44269406423fe29861671c577801150d91f8070414d0d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
b99ab4628a6633bf2e6b646193f92d92

SHA1
aed9e9cf2267507e725cef0485fc13206ed8ec68

SHA256
f4cf19ea1a12ff75d3693f021c7cf91328ae7795d7689b362e9fad3dc4933e99

SHA512
7c809a2ed395d4b7ce9dab8e6819c25ec72002599de4521d3ad0b39028df3f45f80f66eeb51a8dcbbc4dd8531873f19c1b673ad16e778cb6408e7cc88c42489c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
517a9d6bbb7fe37fe4e34de66ea2f400

SHA1
a697eef550372a2d0b0162bbd1c2e3fde33a155b

SHA256
ffb74f3b7f110af90dfc135397b811060fd57fa58ae825c0cf68731157a07745

SHA512
b34fe20b63d2a872b989088ba869fa1f4c2602967d7f06b73c9242fd216f79e88cd72f90880f9d2821f13999ac2ffa8d6cd2854724a8bbd01ebf632110563e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
acf3d5d465dafdff8b2e1512332a1663

SHA1
41f72f00d827eca4575a180f86e2b606ee4dd4ae

SHA256
c286a20d24eee5d0a62cd78dffd4adbb80bbc3871732bab0b9e7b00d534ee0c1

SHA512
b3be0bf11a179e791079cff24a0d965eebdc6dd78c6341eabcd1f634d0f25890cd45d86ea3e2985b97ac38e09019b83376106316ecf39132a008d2cfe71eec02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
031bd302243397ef18883d1946294740

SHA1
c38017785b940136712ae1aa96f44290d2ee5d1d

SHA256
44993c392194f2d61e60a21ff17dc72e85f4c60e7d6ceb1caf4ef25a4977bc0d

SHA512
81de362c78e4d3cec51d896eb36222685a30f077a833d2a83a956668ff715eaf46eb411c928f0bfe87f2219f798603bdce1eb47f24468691b3cd4ad5daa67c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
fb2db363fe2a7695684ad57d7e407969

SHA1
299f6bcf9d750042d203f1bd01c4e8abf50e2331

SHA256
7399f3e6abea1efbf6fdfec09867720b41d5a4d684fc261eff42836a8b1442cc

SHA512
cd91461da77a2bcf0b3894ef2a1a5d94a4c3b7ca9f90b46bcff4c7ce88873319373026050acfbfad10979c088fe3aee41c514674a1fae7ff5684e62e82059f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
f62c79ecf29d6f0621bb44f41b931989

SHA1
ac2643424436385012c9cb2b7c5917c9d31c9928

SHA256
3bf2f10f5990ef4e9f29a2de4aba65a33f0b6ddedb151940d3b5c850fcd26be7

SHA512
a41b538a5403a6fc8ea2bd7c57630a8293bbfc676b5e0b160a29afec3e430f35409fa615a4dbadc0dae02540e07d1d89f37b6ce0cec24c2793c927543dfac98d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
826f08bd7b3b051c95504be9321b93ee

SHA1
dd36af0e135d5338ecfe2914a0e786be4cfe4668

SHA256
abe452e25294e4aeac2a54f618fcb851db669fb3e5aa8dbd8b85e385299da07a

SHA512
a8fd97b3507399550edd34f3e9a772f0156f63ae980c9b2079320428dec7706c7effb0210131db4d4d3aea0353b1aa7e2c6ae97f0ed8fb0bb55e8b3c4a68f880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe579ae8.TMP

Filesize
89B

MD5
81ad444b85227d7dd1d885fe644b6a1e

SHA1
709a28ada85118068a349e50e7ca603bb361f0ce

SHA256
09c3d27a745b464bc5b833b5614e16dc9f43f905b11ff215b80cd88157e32730

SHA512
be71a16350c696888e74c2534f881205c4314fd198e2ec209ff84084bb2c884a0ea9ea39dc70caad1e871663376c9f898d0dbbdb99760f6108b64d6e97de7932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
17KB

MD5
3969fc3a369bd6370cafdd25062b7d36

SHA1
d6625b2bdd3d93fb88226c2ec1ed80be7ae08871

SHA256
e96044968829bf1e602c71fbee82d63972f658cf414f6170c5eeab13e7a38c7f

SHA512
c2e5d68bbfd4f7a839bf9a3880e9a9a50b629a690b22a7fd0c1dc7a0d62501f2a15e8e9d8af8493190a2fd2d4e098f735c31c58e7a08f3438ab39ec97ddcb824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
11KB

MD5
8e8bd89a1a3c7a33cf3b18d31a04f9c2

SHA1
032cb12524afc2bdce16beb0658462e643a6125e

SHA256
90de040a7f18b2cf889b5e6f8af66a7c5932bac87e47059a38da348f6210276e

SHA512
7bdb9befb90462664bcf17b34e3a1f9db7b681e80ac304288d5cc647afcd13d2ca901439da3a9ecc431ade6a0bc0088f478f3cfb2fc9d56fb5900b91742b7c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
162KB

MD5
ee7348eb03e8f10a40ca5abc6a2dbdb2

SHA1
d4ad8a362ebdf80be9b53e16d4fd3ad8ea94b6ff

SHA256
c89b9e5e42ded675d791294400b2040696a8b1fe4dfc2fa7aa78bd6cc7546c6a

SHA512
70145d098f33f0a98e3f9cf0bf8b0ef7795d8133ebcbe387d337f1818c5f42db85df115f28d7faaf841be7166dffb755373d3751136a4eaeb8eb8b27ca940a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
381KB

MD5
dea67c76b76d544c0a58834b78c5cac2

SHA1
bc3661a96e5ebc897ba95062c586e6f6be3c27aa

SHA256
67101b5baa33c948ab3584a80be6e0cb3f3f01a1e4ff62850e80cc12ddff0cbf

SHA512
4e7a59af0dccc1493ccb36b02664b71204ab0951b837bfb20f44871993407954fb57252ef0aa327cbe5559948cf97ca09bb00307bf6fa30f99cc5eb2ce3aa2b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6d2c7320c84b27dd762a7b49ad1dabaf

SHA1
3091d6b24ee120e6c7c7c12b4a77dc6e084ea352

SHA256
c4abe68a254082c1d556a7eb3ebaf4cd1c221ccd11a1c27dc5e9aa09ac61688e

SHA512
d921545d0a96ec599606031e5dd95e4ca9b369eef9d3fac9f47360c995450af62a7de33379ff0701e4b3dbb7231a5df17514aaef9378651dcd30397be21d26ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5801ff.TMP

Filesize
48B

MD5
08e818a12f8fa6b54d972c69bc7ac7a6

SHA1
772513ff6cbc88573e05869fc0b8ac559a047220

SHA256
0fd664d8e4084c0eaacbca7229148e90877bdbc6db0dfe484bad3701e4f67f9f

SHA512
566f29fe77d2b856ee1c08917b074e3fc45153cb86d301700e0d26a201c7bb2827fc443b6758e5bd178958dad0f1e4f90aba83dcddedb3b36ba087e1f2e1cb43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c5af5d20f6f2607528a61bf17717dd46

SHA1
67d1a39ee3a64fb44021e69d48ddc72b8ac88bd2

SHA256
0606b78565656985f2d251af33bed0f4d728edfa59fe8b2009d88cc7220472ee

SHA512
c98a0b036d1b2276ec378f0ac2f8fd28f016b296a95a2548104008490d427e78864362de6c83b811019bc75c97dc5ac6d2b06d972ac8a46656550c8b9943622a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca44ec4a4fe7c66a1793dae528bbd455

SHA1
fea30f73a062b87c400c30a56c864901bfc94be2

SHA256
d45519676733bf1f63ce90bce65664ab3b75147a363583860671f887fe7ae1f3

SHA512
79b2745cd7d767d6c692a630d325f40ddda05be06e3a519075e1cb036c9019e3d45b1de1fa06cb8fdcbd4084edbb702479e8943063cb71aa4dce3173e1dcc7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
026bd39d45f955175f9f8b3baadae080

SHA1
df0d4d019e32252f91c4b0bc6cac1627dfc75da4

SHA256
b79999b41a0bb7a70733f1fab3ed79211ac62713e44a09c7102174e894c002da

SHA512
0716773d9bb6f09507aa4f36603f59203aba61caeb11117397523e9c9dcf84659591fac579bb6a530a4ea3b671d9caa2d166ad640cdba8d8d67fa4fc33fc5993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
78e1b9f9eaf0f405fdd9c680710da4ea

SHA1
c657ae1adc44e614df2ccfd5158547c69852b53c

SHA256
bb25d9184e57a831c2bd881ac9ef860d299f987321b072b4db6a752c22992e29

SHA512
effd5f5469b59a411319efff5e19dcdda2391c5f7f659032c35aaa58c4e024a207cb4f16baf554357abb48bfc6da5dd977514c68e916d2a5e24de399cdfd61ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63e99786b31b9d639c21d0cbda796d49

SHA1
d64c34042f9389c52e229852960182cd39d3b5b0

SHA256
0b156821786330dc26f7c2f456417b8546dc4959d9cc2feefb6c1a8a3677a48b

SHA512
82d247e93ae4f79f391282a01d49159dfe6510d7e5d4ac13e83361d6235b34b932e75bfb7423257a1789ad995a8c0beb9ff876a6006f504e626413d4124adbdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e81e.TMP

Filesize
704B

MD5
9c9947bcc6df85e795ee2d8acdafa667

SHA1
8e355e33d8aebf8478edd2f7ee14f759e8553b9e

SHA256
8a314d10faa49963b735f208160f120f750884f24aaa88a8d9d2d393b14fd5d6

SHA512
6c89afe2f760361cb93e96015458a7635a717c2549a70325a3ca2b02a4f26b013ca93f3f200bade357f371e119cda9a5eb93e1e736525bd9b9788490a4914d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ed7b48cf38d94c37af367dfe2de2043

SHA1
5f1ccef5405bf42f81e265f429ed0afaa03a16a6

SHA256
e899e28b911d05cc207b85896bd1d7e755c277ffa2a1092f428863758d069e79

SHA512
ebfd8b8450dc82911003ff2491c565cddf7d24a08f0c46aee1884d07a9df3cb34a86f7cf0ed987684a318c40d7eb4f486172c4005e8cd4d8ccf175dcf8b08ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ab827f8a9237354f3f47d79d2a9a6731

SHA1
058e7a206a063345cee4f99cac4cc9dabbb201ba

SHA256
8ab948f4ad38688830a00d94c13e4d460c1265c8a4ffbe1bb152d8971541103c

SHA512
007359f9d8eabde861bef2566f6e149916caa44f4466189fc57979a5ac902c0a1675070b28eb8b74ec88d3d0693ef6ebe090359d820080ed5321bc589e852932

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\0PENM3.zip

Filesize
396KB

MD5
0038456440771da55ffdeed94e034f1f

SHA1
2036392a7380c093f7a78cbb41b10a11d0503812

SHA256
7af8c73b2a729dfbcfe1e872c4cc940e379fa975cf6641695b3560b8fb890d4e

SHA512
552032a56aa939d540211bc4decdd859c1211e312617c8b9cf7cfbec7b5870c5a44b24279a915313c0a129e5e00bb4ab5ad26a8790c6eaae72f0911b69023fa1

Download Submit
memory/1892-1212-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/2908-1172-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/3216-1153-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/3504-1223-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/4180-1127-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/4804-1166-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download