lumma | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbWxuNEdSR0JWRTBxY3JuMDdEUXBWNE9KM0VpQXxBQ3Jtc0tuVDdZMF9VR2F4SUZmZE13X0JoOGh6d1UtSVRhb040XzNudnd1cVhsV2M2V0R3d0ZoNUdTOThSbUlOX1RsX2tILWlVYmNfNy05ZEVBdVFTbmRucmkyVV80X2tPWmowbEk4SnBHd2pHdnIxbXVEbHRYUQ&q=https%3A%2F%2Fsites[.]google[.]com%2Fview%2Fexlauncher69%2Fdownload&v=3nYdJ7wgkpY

Analysis

max time kernel
449s
max time network
442s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2025 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbWxuNEdSR0JWRTBxY3JuMDdEUXBWNE9KM0VpQXxBQ3Jtc0tuVDdZMF9VR2F4SUZmZE13X0JoOGh6d1UtSVRhb040XzNudnd1cVhsV2M2V0R3d0ZoNUdTOThSbUlOX1RsX2tILWlVYmNfNy05ZEVBdVFTbmRucmkyVV80X2tPWmowbEk4SnBHd2pHdnIxbXVEbHRYUQ&q=https%3A%2F%2Fsites.google.com%2Fview%2Fexlauncher69%2Fdownload&v=3nYdJ7wgkpY

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://inflameopooi.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 3 IoCs

pid	Process
1640	vs-game-force-sof.exe
2572	vs-game-force-sof.exe
4732	vs-game-force-sof.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
38	sites.google.com
36	sites.google.com
37	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vs-game-force-sof.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vs-game-force-sof.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vs-game-force-sof.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
540	msedge.exe
540	msedge.exe
3732	identity_helper.exe
3732	identity_helper.exe
2596	msedge.exe
2596	msedge.exe
4932	msedge.exe
4932	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
1640	vs-game-force-sof.exe
1640	vs-game-force-sof.exe
4456	7zFM.exe
4456	7zFM.exe
2572	vs-game-force-sof.exe
2572	vs-game-force-sof.exe
4456	7zFM.exe
4456	7zFM.exe
4732	vs-game-force-sof.exe
4732	vs-game-force-sof.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4932	OpenWith.exe
4456	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeRestorePrivilege	4456	7zFM.exe
Token: 35	4456	7zFM.exe
Token: SeSecurityPrivilege	4456	7zFM.exe
Token: SeSecurityPrivilege	4456	7zFM.exe
Token: SeSecurityPrivilege	4456	7zFM.exe
Token: SeDebugPrivilege	2968	taskmgr.exe
Token: SeSystemProfilePrivilege	2968	taskmgr.exe
Token: SeCreateGlobalPrivilege	2968	taskmgr.exe
Token: 33	2968	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2968	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
4456	7zFM.exe
4456	7zFM.exe
4456	7zFM.exe
4456	7zFM.exe
4456	7zFM.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe
4932	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 4472	540	msedge.exe	83
PID 540 wrote to memory of 4472	540	msedge.exe	83
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 5004	540	msedge.exe	84
PID 540 wrote to memory of 2680	540	msedge.exe	85
PID 540 wrote to memory of 2680	540	msedge.exe	85
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86
PID 540 wrote to memory of 2976	540	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbWxuNEdSR0JWRTBxY3JuMDdEUXBWNE9KM0VpQXxBQ3Jtc0tuVDdZMF9VR2F4SUZmZE13X0JoOGh6d1UtSVRhb040XzNudnd1cVhsV2M2V0R3d0ZoNUdTOThSbUlOX1RsX2tILWlVYmNfNy05ZEVBdVFTbmRucmkyVV80X2tPWmowbEk4SnBHd2pHdnIxbXVEbHRYUQ&q=https%3A%2F%2Fsites.google.com%2Fview%2Fexlauncher69%2Fdownload&v=3nYdJ7wgkpY
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff997246f8,0x7fff99724708,0x7fff99724718
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,2186159896023028258,4846715483447186796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1236 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4932

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof.rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4456
- C:\Users\Admin\AppData\Local\Temp\7zO861414A9\vs-game-force-sof.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO861414A9\vs-game-force-sof.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1640
- C:\Users\Admin\AppData\Local\Temp\7zO86175A6A\vs-game-force-sof.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO86175A6A\vs-game-force-sof.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2572

C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof.exe
"C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4732

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
332179d85e67fe4d6fc1d346d977a87f

SHA1
364ee9a199bd22115ecbeb7bbba90de1183d7a1d

SHA256
3d29166b0e6fce80862068ac44c115c90bb931e159fffd925265ea13215d4123

SHA512
6afa9d1d834c53c0ade969e85788b8b87d54c2ea92992a62876318ba5c6857af474440f83b46da8fe6e3d57338db4607916a70d6a6fa74a1c9c136d0b565bbce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
385770af176470066e7dd757623d129b

SHA1
c26de689655443ed3c52a2a081efd4ae565824e6

SHA256
6204a33804f1a0705bd20717c588b7948e557416163549fc9226561392d8a259

SHA512
80fd02f4f73f94be558400c938d9186a9bbc8eb5c6508ed2b0fb7b3e2bc92768383a80b79afab2b3ad677333c70f2dd2a244892b118a7d0acc8b95c99d409e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
90d17cbb6fb9a89f4b37d0be085561c5

SHA1
f30e3918086ea5506a0b727eed8f89a506752289

SHA256
603166745c7706172377925364426d5594c87db53e5b6873612766bceebd8456

SHA512
0d6cc6980080a09c6b76b6812ac0b93d0a9ea4c0b85ff9214307b0aa06d4eaf92d6b7579b6d0230b6bb5622dc4525f576775da3f326f26a68acca79e7d6fd222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a6279d331d2fbe85038b2a55effc0d4b

SHA1
ebfc6a4d34372799b94197ee2efba4809294de8b

SHA256
1b5c9c3627dcb3f6bbea3c7110a57d926dfeccef9693d292e81fd3a6ff2ef12b

SHA512
ea30d378fd21d826ff4ade7bcb668ee64b85f59e0a462e5363c950770d832e2c36d846c4245107a66efea509ec8db7e12118a11a52db43eeee51f90d3719d222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a0e1ca88037de0c4ace04bf2b02b9860

SHA1
ea8b2ec6514e22bc084dbe7b32c7a67197ff8d74

SHA256
cf0bd35e92fa1aa7e55132fb042b5ca0afd56f707afd35a4b011bc4c055a9bf3

SHA512
3d0c1ee560533a651bc7e1df9a7ccf0e05257547ccc5fd0abde245104cac96d0db73486af3c94c877574dc34a756f4736ddf76a0b3967b716c6bfa94d6c805ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2fb259af2e6f2bfa23c050af354539c8

SHA1
d4de43c5fbeec31137a1f3bf9c9a06a8c7754acd

SHA256
8e6858b947599141f1b2b00f5aaa1a1743866b7d9ba35c62d70251a39b381c2b

SHA512
4518ecfac2479c8ec71a6d44101851df34f2f57210a6ec878bb9f1951c64427b8526d68da6f3a6a41f53270f58f248455621af43ef305a2e06e9b4c27a3fc65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eda3081f90546e60e7630ed50aef71c3

SHA1
d4e3c1410c09b7d4f8cf78ea8a3d87a394bef76a

SHA256
9b3f34f378c215c72e9e75ddc7554200783e79db4692b7bc1317f6fd73c6e3f1

SHA512
60e74e5fb63d692761d61a42157358ee1daffb8628706bf3f08a503842f8950a87e1ad39ed650b48ac802e2078b16ede505922746e0a63e5af2d2d14d91c240e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b61956aa6240fc6e56392a1f90524749

SHA1
2246493146f54f3144de858a96904d248ba96f54

SHA256
ea970d0faed464c86ecac5193d5a5bd4f2dd7ca41e2ca87791ba7e4484f69767

SHA512
6480385317f8986c51919fdb6cc40482268c292cacb67daf8bbbf751c1825f4f35d4e28a023bebb4fe13352ced294d8adddf3380bbf8664f3d9461dd497f1a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fab31aa418bf8c31531b7dd73fa3bb62

SHA1
339f7666789db5d40682ca1630736ea54db1ee90

SHA256
4f62d52ceb98a85099d98e1cbef01c9a9c6dfe5c0d2d9d69fe771131f60c507a

SHA512
b6514ebe8f8e2ffacfb16bcc3b4667cabc270227a4a1eaf85bf2e6cf57015edf2a805111aeb95cd35637d0895993cb48c888401b57f0ae671b43f101f879270c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ccff7400c5fde4b96dece079e5426b1

SHA1
8518f7fba4d1690c7b88f3d9e31cdd8e0d3f3c49

SHA256
e8cfc10a6cc35b749954cd2c7ac0693fd6b5c95628e2746ecc5bc51c66a6fad0

SHA512
4fff15aaa468b8e1e50a559ac79ad5dbda5832deb4692ffc98d1370327f6d4248fb1f6d96ba1c8f7f0f61dbdfd4b53abacd949313fb49a825d5049f5353e4d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f0123a0c8776624fa02eeafd93840ee

SHA1
f0f019cace3e098fd86e821f166331af0faf061f

SHA256
c338184cabf8186ca753bc6c62df2e976a987da147185e84e6658fc078643c9f

SHA512
a395674c731448c42546923fe2cfd49efaf6f99b0215f3315006640c90188f717ae5fdbe19572e5b623b6b18da0d654a940947229c692dab171131cc315b8ac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70d5a1b16d6b7243a61b4838c9b6b2e4

SHA1
566daffd07009a1d8981ddd0aea86dd5aa93fe1c

SHA256
f204e6860dd28ffebac656c806d46065425efd129426eafdb28eb04c525b1527

SHA512
7a6e91f97ec1c80b4857ebe87ff73107527b5f08cbf14c37c1fd44552c35502b89ae91c9a862f8692825761df051ff5d6c9671af515ef9d225ba423e0c15f26e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e2ecca02654886fce0e7c75b0f6cbd83

SHA1
305a114981c35ec286635d03a26266e42c085319

SHA256
ecdf2cd2e524de93d7316421bd5e21b1cae26e5dcb85b36962aa2cf7aba80c97

SHA512
2e70fbe7c4d982ec87b60382345d1c09ad0173238147f0c5cd9caf387d4dbc5e194d028a14106f9a6b31160d43528082345171ac79b7c6ee5ac4e556d0bb4288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
b73c176850f16dfc39e7ac41d99deb7f

SHA1
10391f5573a9ddd9c660c28ec8b8e61659e87596

SHA256
c26af5e1969322ceb1bfbe5e074ecc78841bc74d8e6d50fdfea46f7e23bcef0b

SHA512
d41e5cc09d7ba59a7142247bb550f425f3cfdfeeb4e5ae9b692daded31150307c49d2b831b95fadb34712c308f78228b6aaecd1d3d3ed92706f18dbd6fbc794b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
792366ef5d68300829eeb53591afe610

SHA1
dab6b4532265b511aeed95227b17cd92fdf696a4

SHA256
6079a53eeb0343bb3f1bcac05c98907c78fead963bc7c22fa2237747939823ec

SHA512
eb77b61485e55c5f11a124c9d0669bed3d8e0657ba7369be73fa629d7e0e3f63506e31763d17e09532ed62a547969421460930e5fd8c67e6cef17cc8fe874ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5829f9.TMP

Filesize
204B

MD5
1ad162b5edf53276bfa78f99edef1666

SHA1
a528290bc7d08f25fa524d8ddeb69d6d99befa19

SHA256
07c6f8bf977b0df3681fcb99be22b7e30a00a2f25eea666d84324a22e6dedb28

SHA512
56019db0191d8071314f856bbd17579abafd35e156c348e9d175169186566fec26080f511b80769ea06018eeba72dd73585049d735c33719bda9d59680ef0e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0c9abe5539803fcdea369df57bc67b1f

SHA1
a49da93cdfdb678a14f2830caed9d31fe18ae6c6

SHA256
c56c84973fc7363ea438a88336333c82a7ecc8eccaee139a719407d11d85156f

SHA512
e3f4771dea62a963987de80a14545d8573128d5c58212ee9d75002f0ca269dbc823f5a985692909f320d27081ffcdb81e566dc645558eed7820370323e151da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9233ec05230e05e436d93baea42e2a5b

SHA1
0210b390ba8e3cac1d884b38cec5c33562bc9dc6

SHA256
c91414e259fbc43e618b5d0cb49827a3d83091624392931c15b7f8f4a26f0a64

SHA512
fdb29a918e38f2c7d6f2db1a5ae541a8578cf81d7c3b6b5c982b041b68fd3001e5727c75d643de08d16810a98f8dd0355e30d98adfb8768a506f44bec4895b13

Download Submit
C:\Users\Admin\Downloads\777bd10e-5ed4-47b3-a2f0-fe36779cde2d.tmp

Filesize
8.4MB

MD5
6fe73c8cc8c7b5d5817022c53779d547

SHA1
16a8c5c1bca86b64a7e90823f19af40bfcf1590d

SHA256
dfaca0b7dffb83c75470cd4e018fdfce420f6c2880c84c652ef56b8d9fcf249b

SHA512
32828ab2fd1f60e6cf1825c5bc710bb3962b684f69d2d47915ff40356a9ee595620ac96a175e9002eb70d153efb019c4d213fbb6a23cdb39d53c2071d22faa18

Download Submit
memory/1640-618-0x0000000000400000-0x00000000007AA000-memory.dmp

Filesize
3.7MB

Download
memory/1640-628-0x0000000002630000-0x0000000002680000-memory.dmp

Filesize
320KB

Download
memory/1640-632-0x0000000000400000-0x00000000007AA000-memory.dmp

Filesize
3.7MB

Download
memory/2572-636-0x0000000000400000-0x00000000007AA000-memory.dmp

Filesize
3.7MB

Download
memory/2572-641-0x0000000000400000-0x00000000007AA000-memory.dmp

Filesize
3.7MB

Download
memory/2968-649-0x000002545E960000-0x000002545E961000-memory.dmp

Filesize
4KB

Download
memory/2968-650-0x000002545E960000-0x000002545E961000-memory.dmp

Filesize
4KB

Download
memory/2968-651-0x000002545E960000-0x000002545E961000-memory.dmp

Filesize
4KB

Download
memory/2968-655-0x000002545E960000-0x000002545E961000-memory.dmp

Filesize
4KB

Download
memory/2968-656-0x000002545E960000-0x000002545E961000-memory.dmp

Filesize
4KB

Download
memory/2968-661-0x000002545E960000-0x000002545E961000-memory.dmp

Filesize
4KB

Download
memory/2968-659-0x000002545E960000-0x000002545E961000-memory.dmp

Filesize
4KB

Download
memory/2968-660-0x000002545E960000-0x000002545E961000-memory.dmp

Filesize
4KB

Download
memory/2968-658-0x000002545E960000-0x000002545E961000-memory.dmp

Filesize
4KB

Download
memory/2968-657-0x000002545E960000-0x000002545E961000-memory.dmp

Filesize
4KB

Download
memory/4732-648-0x0000000000400000-0x00000000007AA000-memory.dmp

Filesize
3.7MB

Download