lumma | 0f6481dabf7871823f259eb95f3b85c37d1de8a7d1884ac77a97d887cf96f75d

Resubmissions

14-01-2025 13:58

250114-q91jhs1rhp 10

14-01-2025 13:55

250114-q76bzszlay 10

Analysis

max time kernel
184s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2025 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TempSpoofer.exe
Size

393KB
MD5

3c4161be295e9e9d019ce68dae82d60a
SHA1

36447fc6418e209dff1bb8a5e576f4d46e3b3296
SHA256

0f6481dabf7871823f259eb95f3b85c37d1de8a7d1884ac77a97d887cf96f75d
SHA512

cfa2d491a5d28beb8eb908d5af61254ac4c4c88e74c53d5d00ae15ef0731df1654304199996545d1074814c0ea8a032957b28d70774f05347616428e667f70e6
SSDEEP

12288:ndoOphZgRZGJZzu/aeZjl5FeBTCVpgTfR:ndl/QZGTuHhjFe1C3gt

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Downloads MZ/PE file

Executes dropped EXE 9 IoCs

pid	Process
4392	TempSpoofer.exe
1620	TempSpoofer.exe
6332	TempSpoofer.exe
5388	TempSpoofer.exe
5096	TempSpoofer.exe
5200	TempSpoofer.exe
6616	TempSpoofer.exe
3264	TempSpoofer.exe
5368	TempSpoofer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
120	raw.githubusercontent.com
121	raw.githubusercontent.com

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 4244 set thread context of 348	4244	TempSpoofer.exe	86
PID 4392 set thread context of 1620	4392	TempSpoofer.exe	187
PID 6332 set thread context of 5388	6332	TempSpoofer.exe	195
PID 5096 set thread context of 5200	5096	TempSpoofer.exe	199
PID 6616 set thread context of 5368	6616	TempSpoofer.exe	206

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TempSpoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TempSpoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TempSpoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TempSpoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TempSpoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TempSpoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TempSpoofer.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 294577.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
764	chrome.exe
764	chrome.exe
872	msedge.exe
872	msedge.exe
3892	msedge.exe
3892	msedge.exe
5892	identity_helper.exe
5892	identity_helper.exe
5440	msedge.exe
5440	msedge.exe
6504	msedge.exe
6504	msedge.exe
6424	msedge.exe
6424	msedge.exe
6860	chrome.exe
6860	chrome.exe
6860	chrome.exe
6860	chrome.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
764	chrome.exe
764	chrome.exe
764	chrome.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
764	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 348	4244	TempSpoofer.exe	86
PID 4244 wrote to memory of 348	4244	TempSpoofer.exe	86
PID 4244 wrote to memory of 348	4244	TempSpoofer.exe	86
PID 4244 wrote to memory of 348	4244	TempSpoofer.exe	86
PID 4244 wrote to memory of 348	4244	TempSpoofer.exe	86
PID 4244 wrote to memory of 348	4244	TempSpoofer.exe	86
PID 4244 wrote to memory of 348	4244	TempSpoofer.exe	86
PID 4244 wrote to memory of 348	4244	TempSpoofer.exe	86
PID 4244 wrote to memory of 348	4244	TempSpoofer.exe	86
PID 4244 wrote to memory of 348	4244	TempSpoofer.exe	86
PID 764 wrote to memory of 1552	764	chrome.exe	106
PID 764 wrote to memory of 1552	764	chrome.exe	106
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4072	764	chrome.exe	107
PID 764 wrote to memory of 4424	764	chrome.exe	108
PID 764 wrote to memory of 4424	764	chrome.exe	108
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109
PID 764 wrote to memory of 1532	764	chrome.exe	109

C:\Users\Admin\AppData\Local\Temp\TempSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\TempSpoofer.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Users\Admin\AppData\Local\Temp\TempSpoofer.exe
  "C:\Users\Admin\AppData\Local\Temp\TempSpoofer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa078bcc40,0x7ffa078bcc4c,0x7ffa078bcc58
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2088,i,4665967054425087237,15632108883267750756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1808,i,4665967054425087237,15632108883267750756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1868,i,4665967054425087237,15632108883267750756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,4665967054425087237,15632108883267750756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3396,i,4665967054425087237,15632108883267750756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3728,i,4665967054425087237,15632108883267750756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1100,i,4665967054425087237,15632108883267750756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6860

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x98,0x128,0x7ffa041746f8,0x7ffa04174708,0x7ffa04174718
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3700 /prefetch:8
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
  2⤵
  PID:6920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:7068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:7080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6653938525538345340,1239062417722551736,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault3cabcef6h1e87h4567h9482hf2d25e0d233b
1⤵
PID:6220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa041746f8,0x7ffa04174708,0x7ffa04174718
  2⤵
  PID:6252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3979191334829494598,8896366668513328127,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:6492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3979191334829494598,8896366668513328127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault240ea2c0h53f9h4cfeha6b9h0a29d2f93ae8
1⤵
PID:6556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa041746f8,0x7ffa04174708,0x7ffa04174718
  2⤵
  PID:6572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,12512608590572712117,16735544850907366187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:6692

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:6796

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:6824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultf12299e3h8b1bh4e93hb185h3755b9ca925f
1⤵
PID:6436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa041746f8,0x7ffa04174708,0x7ffa04174718
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7278838247664533345,12078665585756050186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:6412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7278838247664533345,12078665585756050186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte85d35f2h82a2h468ehaac8hc30dac3df8e9
1⤵
PID:6768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa041746f8,0x7ffa04174708,0x7ffa04174718
  2⤵
  PID:6828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6628810831703191301,16012534790220865539,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6628810831703191301,16012534790220865539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  PID:6408

C:\Users\Admin\Downloads\TempSpoofer.exe
"C:\Users\Admin\Downloads\TempSpoofer.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4392
- C:\Users\Admin\Downloads\TempSpoofer.exe
  "C:\Users\Admin\Downloads\TempSpoofer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1620

C:\Users\Admin\Downloads\TempSpoofer.exe
"C:\Users\Admin\Downloads\TempSpoofer.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:6332
- C:\Users\Admin\Downloads\TempSpoofer.exe
  "C:\Users\Admin\Downloads\TempSpoofer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5388

C:\Users\Admin\Downloads\TempSpoofer.exe
"C:\Users\Admin\Downloads\TempSpoofer.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5096
- C:\Users\Admin\Downloads\TempSpoofer.exe
  "C:\Users\Admin\Downloads\TempSpoofer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5200

C:\Users\Admin\Downloads\TempSpoofer.exe
"C:\Users\Admin\Downloads\TempSpoofer.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:6616
- C:\Users\Admin\Downloads\TempSpoofer.exe
  "C:\Users\Admin\Downloads\TempSpoofer.exe"
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Users\Admin\Downloads\TempSpoofer.exe
  "C:\Users\Admin\Downloads\TempSpoofer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
ee7244162ab5ac39a950a7b6354296f5

SHA1
fd0a1efa9ec6ac44df56f18d585348237f8ecb29

SHA256
470e7c2b2d12a733f6ecf4efc38a16dbd0156c2c511693cb01df0fba62a6d2b7

SHA512
276cbf620a044fef277c5cf72e7da6e86d8982550a8b859fd6fc4dceb2ee7360cc8521e569904d8f83f54e548f971a23c1ef271fd94ec9f04cbee88483424424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a9d45b8dfd9084f5740bbbbe9a9fefb9

SHA1
574ba8b7343b0c4eba2a8cb351d6290d98772638

SHA256
b2bbab47f6b37b8ff51023fb42f6510acc30499184ccfcfb73c60d16ab0a3517

SHA512
8c1c019b336be5cda795c2672b63168cf4a03be6e059edfa369b0b9008457d6b64536e9294b4a3566ec2b95a8a893623fad43f3b4e30b1cb1012543d31083b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
551aee7db92f796169597e3d898e0f0e

SHA1
59cf42fd739c651ed84f91cd54a26029e6905230

SHA256
5a10645fa7d73af735afa94d6d8f79cb9bc82f9b34e143aa3c76045fb86217fd

SHA512
4e3a45ffc5d9cf4406b90a6c7a71122c7ebafe85d84b07777ba7290f25c77f1eaaa0ef5b3f3fb39dbb972f728df148d4d12ffb495d501a4833a563bf2f49643e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
688e918e89ea7541cec696e2b0996467

SHA1
6e23c35d9e979c3e92d446be95fdfe4053b8e8f6

SHA256
72c2fb5f862077c329d6c02e19c7060c366fa6b0a2d63853b445a0d3957d54db

SHA512
01b369dadb52dafa3a5e4f7bb4eccce338e360d2e622ee66a6a37fac37ab34aa9e5c9d59e442ef41e6abcf753946be7934f418e4e231597ddce93c1b96b549c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
475eb6b2c4601e6e53ac805d6a504d45

SHA1
8dc39dbb61be3a5890e57149bd44198c20eedb45

SHA256
1f2b4ad7bf5158abecd58a23ec28ef7f06cda93f89bf22dd3005a61da710a0eb

SHA512
731599b7dc97956bdc5796782666eca162b4376b1a261e4c5cb5ac2137427d24f6c461e3dbb90298f0da05574696e81bd29dd9e6856a3374b866fcc33e941f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05373812c93a27643d1a96b19b34b4ec

SHA1
7006467a7d50125eb67ca18ed53570981da988bf

SHA256
f6ccac16b468c31755c7286e361e51ca5f19420319c59e27244fb8e0b5ae0adf

SHA512
ccfe92cc823e065bda8c7e62cc2568499f0d93312af3634ad3897a2dc545db8b3973acf6c6dabc2af7401a7912efac8ad14a960ce69bc109666010dbd70f013d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aed4e3b8a7b42d2c8aa9efa03d87255f

SHA1
929ff1c47d1910e0a3e2ea0fd00f5f122be70004

SHA256
7acc2319da5d98ce26695000708aabec0c44f0242298b4562e5c2676dfdaab9e

SHA512
df64bae2b5c14acf3974a37f743b437a57ef0eecf379819f732e1285252b88555b5dd5dfbf072b873217e4f49b658ad3e6d68e7e08084d0b8e7afaee5e6a0fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5bd84090fcfc226dbf2d87de6dc3dfcf

SHA1
316ff314f10648f1f9e376a919a0934b72434260

SHA256
5b31aafa0b2eb173fb0cda28cb7419737a4ad3e2bee151c0d206ff5cc99cbc23

SHA512
d1896f461a0c270d1384ddf32fc0f4c7bd6c8ef1a2a8cfabed56374386babb3c0d6854c5d47593e4734ed3737f78e6a9223433b5cee531ad036713162cf312e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
febec84c7e37920b3f9d94234f122b18

SHA1
119e22e767ba0fa1fdcc9c61c475e1852ad8decf

SHA256
7715db33386719a8a0bc5a054dfcfdc62a9b73d1d49d5a8a40714bd33945f097

SHA512
b1f46728c6a1ed1dc3e6f0655a743490cd8b6f5450f0cd7edd1601b03ecb4c3627f2a065d3ec853b745b8f0cadaafc50ff04e98f595f2df2df3c0cdebe01a19e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f93903c71557261f891bad7ac3fea9a8

SHA1
10c1d432c9bd8ecfac96005aff4affc22649f835

SHA256
686bd0bc7896e2cbba0575a2dee513bc8adc39d34502a668eca8e9fdd0016a19

SHA512
dce2799946f261b26d4fbd3eefd61a05be8955d253960379bb9ad0c9a20d6d57d4cbec81a9b5a8b2b2aae5e5875fabd6c10833eee9e30db5fc09e1ddfb70e1e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4dc1006808ea2078b8a7c6bcb079d97

SHA1
58e447584061479f347dc1e855ee82b1bc4c0af7

SHA256
2f674d2b591d65896a4f2e9bd1c9d1109936f8a28ec59a4a3e2dfc815ff89bc6

SHA512
cdd24d0339cec67a0ef23ea7e2c0583e4c9c5fcdc745ef297fd6c5e072c5bfcb8a345272c81c3d633b9bf07a3149924d06d3f480628b237b979a59d7c3ddcb9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22fc994dc5a6beece6a62e2bc42838e1

SHA1
debe197f8055e19f143210c1729501a979fe9c80

SHA256
cc6e383bcdb4f23e0205f4f2553de5df74ffad1e7462496b4356c340d68b3a7d

SHA512
8e639bde1029d4adc96a378e0dcb31347114ca3f8438466b3c1edcc177ed145971b57bd54f3f1f4648cc605e09184d36482eb50f9dd470bc5434213098428f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a658eea5-542a-462c-b386-bf18cb19d04c.tmp

Filesize
9KB

MD5
2db0f3b4f2355d3ea7162c8f8eb4825c

SHA1
23b73fb66a52625204619bf6578738dfa02a7be0

SHA256
58318a63df25ea19163d4a33d96cfa5ac3116baa25d9db4666446703db496799

SHA512
b446685290518441e61ddebc955b50d7f59607e3b1f12bde4d8132b3e715b600c148a28987028595355e1cb6b48b18924d587b7ea140d2ee03c070c7d654daf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
01ca28990efd57ca9faea9f7560ae6d7

SHA1
00ee5b9cb0675515dd218b5d0bcdfd98d3015952

SHA256
452fa482f2311512a22b418729911d8631404b9b1d7b64659016aeca07cde284

SHA512
51f0192a6361fa8b9d802b8ad0b59b639321d0ae47a6c3dc792ac91d82691da9038fd89ebae5c49e360c24ea0439f00f1b81386be11c10363eec53fcc5cd54da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
98e0442cb2ce33831189a59bebddc674

SHA1
b798e345c01fa323705792a5448f7efd1f41d7db

SHA256
1e16bea3adf771412313c170dc7caf6f003de675346d7da2741d0d909c66ab3b

SHA512
f4e1c61a356bb52699d3ede578e674271b05a7b1f721f07ced37fbda720212fc2a96b251ff2c600e1aa21f5dea528c6dbee1137e164b8268049d291cd59738d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
4a34e7b8d20447396b65b7c1e648c68d

SHA1
b6ef3745aa59bda7ab4bb7b134eb1d73754eee80

SHA256
6f4a125b8a6f0775d8735cf23c5b67f05bf083a0c810e3a0d728b9e4c5933c1d

SHA512
3c8055ca9b2e0d096f7d24d1c65fe89a7fb49b23047c22e08d5fc4a0a7dbbf63bca46c29ccbd02df1a28ae2c11db8dd8c57f6bde82738323833f43e6d7c94252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\80cea365-a593-4f28-ba35-9852acfd52fc.tmp

Filesize
10KB

MD5
408d5ca5f3dd81ca6d297007f1c87333

SHA1
98c27331b20a510b075052f511a65607a116021a

SHA256
cb5d4e41a758483fa4f929712ba4b35eb28390719fc4b822724563472d9becf6

SHA512
ad91fdd9e3b8472c5ee3654fe143eceacbd812985d09bf8e6700b2a04a9421c4177b87dee71039e0d8c98847a613c3854b19763496ed7bcf592f4296db8faecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e3b416dff51ae4c43d04dfe53a1cfb93

SHA1
ca5c9dac3fe3c94ebaea963626bf0682c074f8c1

SHA256
dfc8600408427b9d6c23235af513905c9154530670ce75ded3cde42bc7df9993

SHA512
cd7432270e7e154cf4297139bb40af4239dcba456aaf8b1c8ca8ce8b9228dc7f3f2f9833aa54e583af7f98c2349ad1e6c8bfb71cbe0be4fc3b11c11e6825d02a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
637bb1a02e76d05efb9a2015b602e35c

SHA1
219bc46b8532e8cb57e687c8dca32c6987da37d0

SHA256
cbce373432fa17352ffc8ef27ff241f3b1e606c7e0b03b235a3b3c779c35dc35

SHA512
beddc55a4d300a2de7f26925d8744a9d8a7e35ac6939154618f02a8f8a0a105089f2154f0c822938b19c4bccbae188ad42d774e24a1ce0298156c6a8ab26b7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bf2509d2e739db36dcd5d01a09431815

SHA1
16b863551083f728849881f221dac67dabb73858

SHA256
fe5a40c6673dfb187ea7adbbd7a9137f56a3e40b40690466b9caf0b4b7f8c111

SHA512
be221396de95bae3a1444bc396edeef26589dcdf1eda2e4fce12fa0b0742f4511cdbe67629c128941a80770687ae30a10ac7e5f33036ee885d7245d5a817f645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
95ea72d44fe31ff6870ba94c26571b6f

SHA1
5ed2aeeac2e4a5123af56a4f62a767712202713a

SHA256
9d1856adee4f280b7e4f6483e185ba9819640f5cbacb29a9bcb7d68f17ce84c8

SHA512
a89f69bc3c8cc4e2d88153e54abcd8b4acd41dfae014a7e2a3be54d7c95fbaf8d43b62347a9c6c9ea5e889d5976470620c676fdec6f19b9ddf4d3d9207787b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8508d24c05a4d4c18f9a28be8db88f8d

SHA1
eecb759a681e2b0d8fa679a8ecaa781013b2a687

SHA256
edeab857ae5ca3f840ffa7baa79fe2524e99014f2d82d354a7fb36146399b8d0

SHA512
9cbfc79d16b25296091b6fe42d2e6312b26a21376d4dae0cbe2675d3adeb94273840cbbf0d990237a899e5c7168ce46036bc57b143660233fee214842dbc3b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
970B

MD5
80d7eefcb90e598423f30701a39298ca

SHA1
12a4b432ab45581d201805fa94ddcbb77671a3d9

SHA256
6931b350b4d4e409841a9b1cb14809ef49e0ba60b0049c3ae2023e2d19f5f268

SHA512
47adb92c46e95f4d29cd3746086002365e40dd7d617aa8f9e7f54b24c01203d6624076b83ec90b11f808dc9a21e853ab02150e9c19be755fa26a74dea57857b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
970B

MD5
10e036c709cfdf38d9118ce8e2e8098f

SHA1
5428db46a0c70cc64ff46d3cf840da07446eda04

SHA256
28dd88360f04512d3180cd003b3d6b982181adba50bc19c9b19b54a0781cb30a

SHA512
3b74d933cca567f2d5e46f0af34c01a18d873bb19290d78e6d5132f0aa5ec64a51a9d9799ec368ccec4b08402fa23efd0085654dbfed4fd5b2f564f7ad29100b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d8f729a2db982c7243c1dbd80c6ff22

SHA1
0f8908ec3af10d1ca20e46e9a4ef0d48390b5e8d

SHA256
a51f69d30fe5599df3dd745ff4df0dfc737090c0421b7e571467a30d1d243515

SHA512
83bbdc7220a1b48df627bd515bc3589b6daac1fec6712aff4d1084e7e0f21d4ec3e199ae8c6229b7fbc8675cbed7afab9e719939404e1e453870d8b9f7bcf876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8f16dc6e3ee19b119d6a9cc026128bbb

SHA1
ce11605d1067fe3728b8f0d252c07f1c2057fce9

SHA256
3e6beb6cd0cd15a5dd4c8212320c5e1fba6c8da77f04f3ad5630a0ab7738b8f5

SHA512
c4328e6d33c745131ee3b5c3d484bb48a4b64247ab2c386fe9cc856784d1531a629773e4dc89270494759fdf6603067d4345725d831c9a826b4b13fcaa8f051e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e6b4a54375a536f2e5aca5240ae474f

SHA1
e9769fa1e01d32d205aeb9e6b68f1949fd794a64

SHA256
3b05334b3339ebe46da1f426ea4acbf4b35063c677d1561bac2f4831a44ae090

SHA512
59fac60b96d669c262f66327f060d20f8c5137f967b106d912c88d0411230420e4f7c8b227eeb66d069a455160149aea1aa393e2582dcde32ce8d4c919b18334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d89f242661b1a843c32ffd27f3839ecf

SHA1
b96a9797a826803c53183895f906a42ab7d3bb45

SHA256
92a5baad1e2b81189c93106ecfdea8a4203464b85fe4dd76eb64590a1f5d2e90

SHA512
f9f074d03cc2ec82d08811c90890aeb3c2ad32c0d9c6c4e146f0b62623b6213b8dcbc36e79ba951d9b81174d4c7542975597cc39ce75433013a1f214550c3ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fe5d0a6ce90756d487d0055c4daa549

SHA1
588d5a96b1fddd10fdefa6fa71720d6379b34a17

SHA256
1a457d3ee8b021ba4835c4bf9aa10808aa9b65abe0bed9dbde3e0e01fd595e60

SHA512
8ffb9d72ff753f12a498f206c513d9cc87cdd5dbcbcfd4201dd292de316e3318f10db522bae1e73e2a7ed95fa4b7032531ed0834f3eaddad6919aa45b789447a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588299.TMP

Filesize
1KB

MD5
398c9815a68ed8ff92afa61559aae0e9

SHA1
48b148b1ae83a30036450fff6c781f986f2f2776

SHA256
6c76e7c6f40a122d0f31c793964b0c38e327916356fcac6440f7c555c9beaa4f

SHA512
c6f4f0160e30483ee51cb60cc9da5c9705f4c292cc24cfaaa5d3015f6d9719caa94de8378cc6c9124f05ff456119a57c23b970f22d5d76433a1713b48dd61262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cda90248bd14e559ad4a9ba78dd88c3b

SHA1
55d141337bf14f3f4f3ae6b0d1be87cb266e5955

SHA256
e1380d6469816eb24c95253164f34065210ed6b4bcee998fdb1b45d3d146852d

SHA512
7849ba5797b3a6976826a6636127aeb68d708b57437f185f23e5bdbeedcbf08a3e269bfc7cdcf4b9fc12e7d61205a54cd5ed09779bdc36d67efc81a308b5aab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
14246ee52eac6a329eb00e04a2af859b

SHA1
9744683e64d7dcd26fc9c487cb7cf5bc199f2332

SHA256
b2a36c2013ae8ce2d1fbecde726350bd9a67c4a5a3d85c294cf078570e58b76c

SHA512
0bebba400641b00e825176d2542a40446ad8be5cf55dd95e572cf473f2a2fcb8b0ec52fa4a95a1fa528d9e74321e5f9dadb38b7411310da272dbd2dbdcfa168e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
61b622f2e5e4d216d08e8e378667c84d

SHA1
07265e2f348d4e236eec1f8346ce8a48152ece63

SHA256
7c15ce00095452de99472b9674ca921ae7e4d1db8467bac2bd63732ca10152c0

SHA512
5a981e8fa13d16bcd4eda3d1adc4029203f6d8bfbeaab915d49d093dd37db8b955126610af613bb443051b60d7972f64ea06aac4f7cecd3809b8f067e997e420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d450907912a897a4d4becc4b3392b50a

SHA1
dc57822df9c83aaf77d4a6538a55eeefc6380441

SHA256
1778f6378b1fcdb7f36bfdf01d01ed7410e759038df7159ad63934487d95ee5a

SHA512
00730d762c552eace70fa23569d296e408738cd38127826ce16db1a20f0a80ed85b11c7eb1102088860a012e46d5f82a363ba78f2f0d153ce18694920fbfe502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b2fd1cf502a0bf24f5f583034376fd93

SHA1
9793d5068282d4c44bc18ac2c6b2c3105b6fae6c

SHA256
3f6e9a1941143c0b2770681a49c06f3430cc8945058b58a3370412ec9f831840

SHA512
3d03ce7a5937d76ba01af557fb2ac33755b3b3c943a6e646b1dfb491acf2062e652e286b47960f8801f9cecb009efc8de8776d3db43dac908e64739f2e0f849a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
afea6c8501eebd00670793c873609f24

SHA1
7ab6d3e79f036ac62a5c2e7bdd3eb83512ea9c9c

SHA256
c22e8094ba18adea15db52d13e5627c094679b26fffde1de555216731370e3ca

SHA512
84be3de748b6e12987c482a220dc647f9e0fda88633ff0c04cfa5c5074932751c7b1e4fae6fc7af9af4c796c9426e6669e1333c7f224eeb98c69ced9f4a1418c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5fb29f319c0a9f473202319849ccd52c

SHA1
d8b0a905fc207479658524c14127c21da7986594

SHA256
ccbb2494443a2741a63e4eafb11a08f21df3d4a03ee5852c801083661d8e2722

SHA512
65dbc3ef86d5402808af495bb1a8b971b5a5c406325404dce74a0304db155acf8edc75a9f43a9cf1254ab7b9756f05c1c4620d376b6dd8e527b7512ac5c91c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1bbb1f86ce51c92ec7a9be5be0b67d2

SHA1
ad7b92d5639ff0394d5e9515e7c7fef561602b58

SHA256
cfd8a3ddcb9095c17e41f6d0de74228dd96d879ca504b789e6a8f2c7ec216d2f

SHA512
7c380e3675cb3b0ccc0bc9ccd6d54e8f3514b6d311cf2805f65342ef333d8cf1b8ff1bb7c7da292c00cbf6bb3f69b51abbbd24b3671858bcde73db32d1882b42

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 294577.crdownload

Filesize
393KB

MD5
3c4161be295e9e9d019ce68dae82d60a

SHA1
36447fc6418e209dff1bb8a5e576f4d46e3b3296

SHA256
0f6481dabf7871823f259eb95f3b85c37d1de8a7d1884ac77a97d887cf96f75d

SHA512
cfa2d491a5d28beb8eb908d5af61254ac4c4c88e74c53d5d00ae15ef0731df1654304199996545d1074814c0ea8a032957b28d70774f05347616428e667f70e6

Download Submit
memory/348-4-0x0000000000C70000-0x0000000000CD8000-memory.dmp

Filesize
416KB

Download
memory/348-3-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/348-1-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4244-0-0x0000000000C8A000-0x0000000000C8B000-memory.dmp

Filesize
4KB

Download