latrodectus | hxxps://github[.]com/NordVPN-Crack-key

Resubmissions

15/03/2025, 15:46

250315-s7vllaxsey 10

15/03/2025, 15:34

250315-sztpbswzhs 6

Analysis

max time kernel
276s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2025, 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/NordVPN-Crack-key

Score

10^/10

latrodectus lumma discovery loader spyware stealer

Malware Config

Extracted

Family

lumma

https://hingehjan.shop/api

https://featureccus.shop/api

https://wmrodularmall.top/api

https://jowinjoinery.icu/api

https://legenassedk.top/api

https://htardwarehu.icu/api

https://2cjlaspcorne.icu/api

https://bugildbett.top/api

https://6latchclan.shop/api

Extracted

Family

latrodectus

Version

1.4

https://remustarofilac.com/test/

https://horetimodual.com/test/

Attributes

group
Ferrary
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Signatures

Latrodectus family
latrodectus
Latrodectus loader
Latrodectus is a loader written in C++.
loader latrodectus
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Downloads MZ/PE file 1 IoCs

flow	pid	Process
362	380	svchost.exe

Executes dropped EXE 2 IoCs

pid	Process
3624	Setup.exe
8	Setup.exe

Loads dropped DLL 20 IoCs

pid	Process
3624	Setup.exe
3624	Setup.exe
3624	Setup.exe
3624	Setup.exe
3624	Setup.exe
3624	Setup.exe
3624	Setup.exe
3624	Setup.exe
8	Setup.exe
8	Setup.exe
8	Setup.exe
8	Setup.exe
8	Setup.exe
8	Setup.exe
8	Setup.exe
8	Setup.exe
4256	msedge.exe
3708	rundll32.exe
5688	rundll32.exe
2248	rundll32.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
135	href.li
132	href.li
133	href.li
134	href.li

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3624 set thread context of 3568	3624	Setup.exe	150
PID 8 set thread context of 5276	8	Setup.exe	153

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-la.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-ru.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-sq.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-da.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-nb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-sl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-as.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-en-gb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-hy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-nn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-sv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-uk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1652860194\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1210213301\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1210213301\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-cu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-or.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-te.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_492801051\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-be.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-de-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-gl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_492801051\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-cy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-fr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-hu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-pa.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-pt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_492801051\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-en-us.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-kn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-mn-cyrl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-nl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-und-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-af.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-ga.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1652860194\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1652860194\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-sk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-ml.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-bg.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-de-ch-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-es.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-gu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-mul-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-cs.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1652860194\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1210213301\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-ka.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-mr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1611619828\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1210213301\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_68162091\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-de-1996.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-eu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-hr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1652860194\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1611619828\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4256_68162091\well_known_domains.dll	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865272086409235"	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920955164-3782810283-1225622749-1000\{1101630A-F634-4AC2-B10C-66BB7DFD65E4}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
3624	Setup.exe
3624	Setup.exe
3624	Setup.exe
3568	more.com
3568	more.com
3568	more.com
3568	more.com
8	Setup.exe
8	Setup.exe
8	Setup.exe
5276	more.com
5276	more.com
5276	more.com
5276	more.com
380	svchost.exe
380	svchost.exe
380	svchost.exe
380	svchost.exe
380	svchost.exe
380	svchost.exe
380	svchost.exe
380	svchost.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1252	7zFM.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
3624	Setup.exe
8	Setup.exe
3568	more.com
5276	more.com

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: 33	3604	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3604	AUDIODG.EXE
Token: SeRestorePrivilege	1252	7zFM.exe
Token: 35	1252	7zFM.exe
Token: SeSecurityPrivilege	1252	7zFM.exe
Token: SeRestorePrivilege	1384	7zFM.exe
Token: 35	1384	7zFM.exe
Token: SeSecurityPrivilege	1384	7zFM.exe
Token: SeImpersonatePrivilege	380	svchost.exe
Token: SeImpersonatePrivilege	380	svchost.exe
Token: SeDebugPrivilege	5268	taskmgr.exe
Token: SeSystemProfilePrivilege	5268	taskmgr.exe
Token: SeCreateGlobalPrivilege	5268	taskmgr.exe
Token: 33	5268	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5268	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
1252	7zFM.exe
1252	7zFM.exe
1384	7zFM.exe
1384	7zFM.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe
5268	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5876	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 228	4256	msedge.exe	84
PID 4256 wrote to memory of 228	4256	msedge.exe	84
PID 4256 wrote to memory of 4452	4256	msedge.exe	85
PID 4256 wrote to memory of 4452	4256	msedge.exe	85
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 5448	4256	msedge.exe	86
PID 4256 wrote to memory of 2940	4256	msedge.exe	87
PID 4256 wrote to memory of 2940	4256	msedge.exe	87
PID 4256 wrote to memory of 2940	4256	msedge.exe	87
PID 4256 wrote to memory of 2940	4256	msedge.exe	87
PID 4256 wrote to memory of 2940	4256	msedge.exe	87
PID 4256 wrote to memory of 2940	4256	msedge.exe	87
PID 4256 wrote to memory of 2940	4256	msedge.exe	87
PID 4256 wrote to memory of 2940	4256	msedge.exe	87
PID 4256 wrote to memory of 2940	4256	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/NordVPN-Crack-key
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffdf0f9f208,0x7ffdf0f9f214,0x7ffdf0f9f220
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1860,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2324,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:2
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2524,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4796,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5072,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5632,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5632,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5844,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5592,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=3416,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=3544,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6428,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=3576,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6360,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3848,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=3832 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4148,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=5124,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=5208,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5196,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6276,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6636,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7080,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3484,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7376 /prefetch:8
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7280,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7460,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7504 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6568,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:8
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7852,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7556 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7860,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7536 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8008,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7476 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7864,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7872,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7324,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7944 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5524,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5860,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1304,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7596 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7752,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7772 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7004,i,3872714572149116867,6552268543799092801,262144 --variations-seed-version --mojo-platform-channel-handle=7568 /prefetch:8
  2⤵
  PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4340

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:364

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\♦•Rèady•Fîlè•PassW0rd•Is•♦101515•.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5876

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\♦•Rèady•Fîlè•PassW0rd•Is•♦101515•.7z"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1384

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3624
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:3568
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4216

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:8
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:5276
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe
    3⤵
    - Downloads MZ/PE file
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:380
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32 "C:\Users\Admin\AppData\Local\Temp\1DDOP7XC5T38Z96RH1B6FUZVNF7T.dll",Editor
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3708
    - - C:\Windows\system32\rundll32.exe
        
        rundll32 "C:\Users\Admin\AppData\Local\Temp\1DDOP7XC5T38Z96RH1B6FUZVNF7T.dll",Editor
        5⤵
        Loads dropped DLL
        
        PID:5688
      - C:\Windows\system32\rundll32.exe
        
        rundll32.exe "C:\Users\Admin\AppData\Roaming\Custom_update\Update_94e37919.dll", Editor
        6⤵
        Loads dropped DLL
        
        PID:2248

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1210213301\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1611619828\manifest.json

Filesize
118B

MD5
56decbaf515f574521f86e481e880496

SHA1
cf86b7e930bccc9168458b7202ff89b50a41a8e3

SHA256
4aa32c5d74a694c56869211d6ff4a3d61334b9b61659dab631eb6c285416c608

SHA512
669804a28a9e1adde2e259c2a0442f2d8c054908fb1c382db27d6f08353f1d8e3ba495ac18ad4746aac4d19eeac67594f3b2b0789a607ceae70c445d07ba3196

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1652860194\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4256_1652860194\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4256_434449165\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4256_492801051\manifest.json

Filesize
52B

MD5
8c32b9f390fcc4f061885661dbe797bd

SHA1
c681595df03f9f74ec600e70069c879daf2ca923

SHA256
1431c36e66b4fc53ca74e9b10ea0213245631ad7543fef183a8dd2720a5b4ab4

SHA512
e8bbde18d5de7fe2a8162951d3fe75460efbee71afffb4c0c22f2088dee146fb6bfcccae18d4955608e60a7df716eeb47c0687f45344b45130b368eeaf316418

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4256_68162091\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4256_744285212\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
c37f9d2c357647fca20f2eaa89c18edd

SHA1
cfd1035ed2d057c317b48546f467209cbbe15f2e

SHA256
2ea3a0b7e6145fd110653b1a77cb827ad7e4a145c29378344bd3d28f595b2072

SHA512
3563f4aca9e47f35de8cb38e42a3c0448bb3ec4c9183fa392abc28fee4ca08bf16da028ffbf31cf0c0f8301ed810238961e745590e5c71621bc5a2a889dd12f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
07aef025bce6760ad5302823b60452f2

SHA1
11804d3792b9a571765039f0d0e14522a7f46263

SHA256
2a58b9ffaaea8b59f31802c72bb7db04869b646b23ba0d726c81f4454459ddb7

SHA512
c0b0cf8c42a77b78cc18509e969cb9e3f5868f1565269982e30168d2b2735b6cf3c27d20a00070738309a88c40bb54371372d03c1b7599c4fa52f39662ba06e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
352B

MD5
8b3ce038676ed20839999dd68f57b9d7

SHA1
e13a2e54e3e577f5d8df135448f2445ca142f5d2

SHA256
56bc52b4c1625a3b4e7d7b86a2c678b7fbf59a5506f60c3ec6b9554035e2c67f

SHA512
7cca43cf9be1fbde18bf422fededcc18afd7387007abc963b309527ee3629338055e0dec1a2c038e33106dcc906ac9c911b9c6036ef48df9f4f8722b563b3f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Filesize
268B

MD5
c638f289aae2e9b970b72a60d88048b1

SHA1
7a76108525775bc327d9ece7c49e8d7f4c6b7f1a

SHA256
ebde9e6ab03d99acb822947b5f615418ad882936a57843f5eb26613e6dd739da

SHA512
2405049b2ac031cb802c40a72c51b2bc19a595cec3197f5e48fb8a53e902ba910d754ae006b018dd587dff7231b278a5fa2829151dc1d5e34412c18c233742bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
5ea417c110a992fffcc6b6ce5993c0da

SHA1
80fec693d1f95b859824608b2bce6fb6ef35213a

SHA256
60b090d75587144b3a642cdd1434d8f3243e62e27652073b53a7ceb0c8d7f505

SHA512
f647ede41397a5aac785510bc0bf125db366b55f3cc7ccb8b4bd822d77db141605c0baff3b44e8651235022ad18f81e3481fb02378f826878b73bbe2ec8897c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58ee72.TMP

Filesize
3KB

MD5
94a1f319a228cbdfce0792bbcfcd9b44

SHA1
5e6716654cca419976ec4852f36c7ef4d2fb3c5e

SHA256
95a663cd7c33b7268807179d889b4accee304a553e5e33fb57a4e6f2a4a0af59

SHA512
6484b89eddf37d2ed2ef196b9ed19196754e5b10c89c11726c87409a105c00827e62d19c13a772f5110adb385883a974799012472f2e3b3114f0b9f92d520b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
338254971871a491dad2f1c0dd55ba68

SHA1
b5f601d53ea44e3de51d2203e41c7900a5a952a8

SHA256
11124d8e5392cf3ae61bde5c65f87155d8f6394abb4b0566f70ede33f014f4cf

SHA512
c5a5ada299b8cee70c3063c49b7f1d6defc0b27a391843305d42128da691d0ea2bf31dd84a63e58655baa951c5bdb7ddab0fb2eb2ccd3b39251f7e3f49853048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d6b105c2f141edc5f2885131b76a5361

SHA1
718752c490f99bd33fbd9e79d1456b88cedc32a9

SHA256
cc604e1447addecec7a3b17e80ab2d49b63dcb9a64bffae6ca6716cca4538ba7

SHA512
07194c9c2f0d58c8ffbbd13655d1a1a2a8d145aed01eeba1426de6ada856f3ed2392273a6f5de37ad56e89c234a9e57f8e7e3848a6e654c086932850fb3de3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
885450d5908a3ef7e319bfac06158b64

SHA1
3899ec3dbf73cab1a56558f0e342cebf48096a97

SHA256
71d77fceba6e6bc4bbba8d2d5e35797780379d7d5f590bf1408bfa24c53dbc04

SHA512
67dd3187072cc53432cc72adac2aa553984767a613d2c1d9ce8317e4d33a19d16e7dfd053d82ed3247b2f0ca08f0a6d0cf90dde3d7398bea015c8eb3894208be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
ec0c25e58dc790d1cf48b44705a4d356

SHA1
5af1d929c25c1adee290a0dbe3da243a2f980278

SHA256
5439c3de84e4d4f4587d8b639746c6510465e0209283bf5e799bcba449f2cd5c

SHA512
0d8c68265a9adb9c48b685d95493db68c62e41570a2eeaca494106e382635d2b46b24eeb6bb88c43ab931f4a2757ba5f806f7bac46db180ef2ad2d88d46c6fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
f1da760e2aaccc1529dbbacd8fefb1f4

SHA1
99df1f66f01da95a6b22801fbeb91225c138370e

SHA256
259933cfd5dc6f86240a6558efda7e374303729769568c134ce926c066013fa7

SHA512
e76003ca68e886641f2484a7af43e66648e8096151064a7a51ebc218a48084254c31ddd199d1a92be122ae34d148be88307a7efaa3006b617b5f6a50c11a8abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
ba19e864e2f4698b5565e58bcf488926

SHA1
86ba261e6e6c03849c56225d3a9fbc5ccf6cf95a

SHA256
b29609fe580be125a0580e9054ce0d883b55b5b011e21cb9a294544cb14d16db

SHA512
5d26cde39e1495ea9f417d5402b7b16f63dc25455d5b397012f46b55054d1fe9e89974d00b6d45e8af09c18cf7fde845e8ab0bec10389085dc362f3e4e7b33ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
8185685125952609b296d28909f6aabb

SHA1
74755b25bc22cebd94644eb92297be96833fbfc3

SHA256
bb0b9befd191b146516815d82e1e69256de1c997a378114db34562ca024dfd76

SHA512
cd60020708edc6bbe250a51e9ad41153b7c90bcb7e9ae825f1b7d0c0c326abbc56a60eb43923c895bd243946b2d40cd70697c66e3e3b5b783a5455cd20801183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4b544b14-1843-4673-a1cd-26e23142833b\index-dir\the-real-index

Filesize
1KB

MD5
d3b8fd07c8197a19b9cfb38e23162b56

SHA1
670cfbfc701c0f9b8503ccecf6154e13223e7442

SHA256
b7e86b83c9bd137f1dba3ce18d225dd69352f988034efaf223f11f459fc88b53

SHA512
37b224afba90ea827ed92a6505b5cfdff67d5a016846cec59dcf4edfc5c2200298ce87de8567f70422a8b70204dcea5054a232c90d0fb049ad46739fa86a3db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4b544b14-1843-4673-a1cd-26e23142833b\index-dir\the-real-index

Filesize
2KB

MD5
85d4040538999ce7ed7659787644d3c4

SHA1
482d90aaa770731d10b5949dc2d2c8ac7ccfddcf

SHA256
7c8f31a6166a7ab9161cf0d9b2e4b51eef8ec99e2ac431704b471582af37ea20

SHA512
e1b9dd48705a70f10ba7db7d6ba2233f21a91cfe9af3b417be5ed90d7cc0aefed39714ad27fd8c3b5da546aa01e4d65e56ae53bb70367d432f2a4ef70676aaa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4b544b14-1843-4673-a1cd-26e23142833b\index-dir\the-real-index

Filesize
1KB

MD5
3fe1bc4417dfcad5419a513ef39563ef

SHA1
4ef27ba8c3b6727941f637124525ea3c6e8bf497

SHA256
e007f0b447e47a699c59d5e80cc86bfd8f488be0031b1e1fb11279fdf14f04fe

SHA512
4a7b16d97a9339d57145b8368862a8a7066bd9bd54262533a36349127c71648f0e561276ca5bab5435dcc931f796a4f5c8709bdf6bb77e9251333e9583736c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5a386b68-8558-4f98-9bcc-00977f37bcfd\index-dir\the-real-index

Filesize
72B

MD5
0c4b68fcff99bce01858d6be85b381b7

SHA1
953ebec0a3736866dfc10d01bd4ebae7ec9cc749

SHA256
4d059accd8a34ed49b9e8fa8117ce087415e64ad4de4c263cfff5b669a9d1f13

SHA512
99a81c7e20505bc0ab50e0e4e18d7e8e143e817d6df3aecf99fad29f7b3ea5410cedd928103d5774e75ebaf6303ca67fbdbc876d67e8bdb6765e43a9cc534a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5a386b68-8558-4f98-9bcc-00977f37bcfd\index-dir\the-real-index

Filesize
72B

MD5
3ab1a78893d5cef5fee8a060ca424fef

SHA1
8fc18f539e024bbfad1929a0d86f8cb651f852ec

SHA256
5e1e7643464f2d4242d2f02183ddc58d41baecf2163f94d6ab56924dfb7a1d5c

SHA512
4d756a071b3153252f77ef22aaabed44898090b452de889a02dd00f135a20fb3925c48be111f461fdbc742628e83cd5dfbd7c8b25308bbaf6735fcf4c760e25c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
a40a67064be69002b22becbb232120ab

SHA1
5b85b9a5c2e02874401f72d27d5232174c6771ac

SHA256
52c59ec9c5bcfa27aaf929cae549b10b427b3ca55e95ab2d4dcd85228146c999

SHA512
17ddd9bbc4d43f13fd5e61ed13782b6e73e500b9cc113e215f53ba9dda7085ca84f8d2bd0ecf17d43921a8a22d1b2e9ba1aa4033b5bcb6bd0000d764e1eb4b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
60ec56ea7d490f69bead9d807d354f2d

SHA1
297c494ad7afd2bf2c61de62421e35137bd08f0a

SHA256
5a03d46e15e7380938891b316549d5ff503ccbb867593eecef70965af46415f7

SHA512
15f1521be7bf448c788a70c894764f3634145eccc888f4758877833b331dd48db817917220967926721d1ada827d2333f43b0bc6931bd725643dac253cdc429c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58dabb.TMP

Filesize
72B

MD5
1afa43d1191abbffa560593d6f869914

SHA1
03fd35ef10b9d6f24ccbd4e50cf45017c9e13c40

SHA256
2e3a3726d4eb629e2d49c254f667c63fede161465d6f36e7cef9ef7093e1f21e

SHA512
9cc3af0d82c75f050bdd253118ce0e6ce0ccada27d0b8465fa3d9b82aac802347b1e138a5bda1a350ac37444f7a947b1392269ff99fe20de0850d60a74ae5cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
78604cab0f5f17ff3e7eb364cf822581

SHA1
8008660abdb25076025b094deefdba7273e04f2d

SHA256
ac5a778d9d714e417c6a1bc39bff4a945812fa48cbaf3a72b7ae7d4c4539b803

SHA512
db7ecf768b802b7885f18823879ac43422e03350e0b64f2e120cfdbf51505f5d089ae7927e91a05a3f71085e302ecdad31f0767970ee8b6278878e1eb66872ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.9\data.txt

Filesize
112KB

MD5
fd8717bad7cd0f60163e7c2b05210aaa

SHA1
1dd620b2a4b49d16a63d3b73495bbb0388cbdbc9

SHA256
d5facea6ed705ea08962d52a30ebf38f6d42aea50a7af21b103d0388b7dae34a

SHA512
7b3d3867977b04efce86c5cce45ae0125d25344fa85347a83977faaa9ecd205774a976be63d6af48b953b4ca355405aa090d6db482073f77d71607c948acb5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
464B

MD5
4669a83e3d6023a129a4c9325243d498

SHA1
355fc8154220eb3fe6937d0aa02e9ecd8c53c07c

SHA256
ac2f611bdce5109a76896f8ffc3d637b2051ca92dc975da44d413b2c86ce7164

SHA512
c42564ac975cc8cf3ac529e89d1fc5450fa3615a82d4fd4c201d4ab6460762e6b095755fb82bb42ef9d40c50a5d9fd495d35f8daa062c06c157fd1c9b7c55b72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
6c365389221be58233c97fb0682c64b7

SHA1
2b0ff6b5174ef095a4e49d3644825550f4762b58

SHA256
b8e4c98ab068ab211d700f70cda9a6186bb4b511c35926ded2b96cd790f23551

SHA512
8de1f862c52e181853165fe92b54dcfc195c8eb3b6e1e83f366be8bfd9b8dc11ba46200046606db19122d1b4f3ebe5de41d1bdc00d85d1028bfbc367bf15c99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
20f9c7350aaaa27091d87eb200779dae

SHA1
d50ed2f406d36b66d2b4a129a6a6a620baa4e379

SHA256
e4324be625cea85e48ae0e439efd5daa61980f5eb3911514cfe3f777d5e0399e

SHA512
729a01cf38a8859f2f72efacf4046d649f41fe663c32964b808578f3f0e77cdb84ddd5c8cb226824f889998ed1b5c7a9d0d0b2c8b78db332bb789080979bab36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
6f1356056feab46e3448623b4e961c5a

SHA1
120022607d62cadc3c4a1e8f836df603b7444d40

SHA256
8f1a50f9db13500c6e8863b761ddfb643ed425ff4c7329b7110d768058d75750

SHA512
bd0d2599a2ae94c6456f5501ce225b87e238234a7ec5aacf50aa57904abb7b02a271fb183c62eec30d8d937431d24cfe0de52545caff4c47930000e80f2d41ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
71195a639c6d831bd5348e79a0785981

SHA1
856fd2d60230522e89ce42c9f99d7693c68dcb72

SHA256
48e849b4bd2ab764f4a9a43c659a8be03bf7174f6e185da9d0b5f352e36d4324

SHA512
73d06607b9c2cbf71969cd2112a67d76a832c805d441d29142d3a5c1d8a88946f9a004a0bf2899f0e2e98be658726f013400c302b109793b6c730106515a9dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4bba4fa514bfae4533c192a17b12360f

SHA1
6eded4e8ab1a8f298cd2ccb6138a56420f91f7b8

SHA256
fc2c899bacba6540a6126cf9662a79e0d1d3b9806568d2287d84235efc3f42d5

SHA512
608003e46c009b63d9ff3c9fc54dd16e64fb9cf02dcac31aac748e2a03332f98a519a4c58432dddb261a7d4ed61461013179d589716bcacbaa3bd6cf6e8969c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
be0fdaf067a787ba59e81c9b90949fef

SHA1
c7f8004c71708eae9c7ffc9e0bc94ac0b90394dd

SHA256
6b88b30cdcd70428b55b2451cd4895d32542024c1f7e6b297a6425cc0f91ab12

SHA512
cbaa6c66ac3f7d90933cdb333478f1d0c5a5e1d815a8df6340776bcfed8f9cc538ddfbcf433102a26ed01df8bcf60d4e23b66e2dda8d8c47bc4aa6c71295fb44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4fbd11ea92751b851aea2e223b500560

SHA1
def25f568f2e17712f742b2f4c449593a775b570

SHA256
4fc12e641efbcc23dc4062b3607f5a5ae3b9720eb6679f2d2e12631e0b56e20e

SHA512
b7b1625f537b6e46f81021a2daaace7c1811a3fafe3de3a273c49fe1145d82961846cfe0e10789ff5770159bb437d12ee3d08434ff1f130a81c1c6175f6ca585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57dd60.TMP

Filesize
392B

MD5
b6bd93ec3ef75c35bef77c19244cc26a

SHA1
8b2861f0289dcfba4e1951b2bdbfbaba7f9f2cfe

SHA256
b1b12c5086e9a012cd21c996b045260893bb22f0bb4d8bd96e2f6e4c8a4c9b36

SHA512
36453774d573cd567618a2278d8d7ebfb0fba4f05995eeb107de2768e019d4a61b50b519cbf70742da7cb830e02eed1dd5a80190041e13189a5d892ce14ad32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.15.1\typosquatting_list.pb

Filesize
631KB

MD5
ad013f0723d332e26a9101a81483661e

SHA1
a3db6536228681288dbf39d4a94d2d8f11e77d3f

SHA256
96fb259d4c8d3ed7d7c657b6aecc8ccd2b0730b11244a83499c0d8dab91087d5

SHA512
b2c700ac36657d288cbe0bdbbe7856299d6af24e00fce8f9d78434ac2f10fc82f9399b03cd5995817721a0d252976f99424062e5b79d0281d8163aa5af330f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c6562feb-6f4a-407a-816f-51f527d19ffe.tmp

Filesize
392B

MD5
b096001599360b3f0e073c6804c18435

SHA1
2401737eca91a38f3983023447cc2d0f4f853746

SHA256
f83a59885b8632a41baad4f5c8430b61c60735d01babbc2aaf1250efbc40422b

SHA512
6032bbcbe5feb97b3e5ad043eba2ea3d21121bfb0ac34cf26290fe7ecb994fc4fb7301de05296bb60ecae160253f5bf3510fcbdc9ac1cc7c666fb799a05ac084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
b6c938ad4e1c90c8e73e4f368151f506

SHA1
51d1c19fd3686062a96d378ba55d938503c1092e

SHA256
c438b5f9282c43a9f611ebb192cf4c1c6b57552f53390faf06b7590dbe9f4866

SHA512
d2bc48ce55675d64b95b59f4540962171ac2909a9fcc9f81e5bc9d9fd8469b666cfd5c95ecd31ce6974c985f62ad88548b6461013fec727cc3893db78ba5e5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\d7f54c2a

Filesize
1.1MB

MD5
be919f9f823e06155f3d563ca9dd32f6

SHA1
5ef3ac12cdd464df9e6e3664cb7a98196f1ad6df

SHA256
82bd9c591ed54cfd93f450221a7486ca37295b02a5044d93ff87ce2b0b0fd16f

SHA512
acf0deaead10ef75d752e1021d6d7ce88d3c6aa71882289ae0d0b185b63ba54e09c16a865234c96f3e73875f55efec34f57124a11780878bd48c80199bb27c8b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Comn.dll

Filesize
349KB

MD5
f76f5a566cbb5f561d26e7aca841c723

SHA1
4838fd2dd9dbfcdaf2b1f11091f15a17f93c29be

SHA256
0576fc3b0c9381c47a8a9443abdd195eebb34ece0adc5c6d17624ca0e914e8e3

SHA512
9f574f09a4c54b8e786846297fcfad7af647eb134d8e960b078a83e982ccae2956aa6c4c1014c01c7774461e31314904cb6dfc325c7a90c3e31130838beb24c0

Download Submit
C:\Users\Admin\Downloads\QtCore4.dll

Filesize
2.3MB

MD5
03985b7b207e63b6bb894ea6ea78d92b

SHA1
0e6fc44b1f3c724e6050152d9e240a548314a6ff

SHA256
793153a9262e4c280a71ea595fe49208a89766d6d344766af0abf8c32648f3e0

SHA512
a2e9749c7d7c9745eb16b6976c6c208b3ce2ee524e958cf7c41d0d31a7fb761c4f66ad8320301c652ef4ea8128111ad9687e64f3944d40b933153d99ab8c272b

Download Submit
C:\Users\Admin\Downloads\QtGui4.dll

Filesize
8.2MB

MD5
7762990562f96b0650da3c55e3329efa

SHA1
feac520d4484a377ff4e183bfef4f6a843e3a977

SHA256
8c11f38ceb7b2a8ba3b7d6a34a1d50ede35bf328838cf1d8483ebc85313b5ed0

SHA512
4921c40ac1b4202185a8a712fd8375cb9653df411a0124c7b3225c423bae0de37713107e7068d7b3fb7150af3e1d754565694dec76ef5853c020088af61a634a

Download Submit
C:\Users\Admin\Downloads\QtNetwork4.dll

Filesize
825KB

MD5
a3c0c0b1442cdc0a2f49c2b2ae39d245

SHA1
6aff3d64e06955fb9ad4b19c394dcfdc212b423a

SHA256
901fc44992636086f2bc958aa3bdbe2d9ac3e169fc11e0f9d92d235cc906a35a

SHA512
b4bb0196ab8a960206b7f1d082eb7d94a408345a2887694d17186f3a2581e9263ddd43d099f2493ee8789ab5ebabac911ba54c069e517cfc479461b1a7bb4f20

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
341KB

MD5
7700f61beca60db53658c52a05b01941

SHA1
983f920ffec60b308c02cc07e0abf465c8ba965a

SHA256
7e6b2664f4417f5a8f981ced5f2eef867cb72bca990fe3864d76d878ff62cf52

SHA512
33e68f2b2440079a75523f69d55ebeb175f1448731d28ba1a120729df3e1612231903c5a9872ab673d629e865f60550bec52d7004417f0305e412724dc8011d4

Download Submit
C:\Users\Admin\Downloads\libcrypto-1_1.dll

Filesize
2.2MB

MD5
832205883448ab8c689d8a434d92f80b

SHA1
890c403a288c65683edbe9917b972ceb6eb7eba7

SHA256
558addae67d50612acd60a02fb29d41be61999d299348df9a225e419cc9395ed

SHA512
0c1b8b3776c14b78f9b7ac09627ca7762f62c63da489204f376519752b029951798c1ed24aed07cc660c5e54936c06560fda921e33a76e80ebab10ef97177973

Download Submit
C:\Users\Admin\Downloads\libssl-1_1.dll

Filesize
641KB

MD5
cdbf8cd36924ffb81b19487746f7f18e

SHA1
781190c5a979359054ce56ceef714a8f5384cfbb

SHA256
0813c77df688b39f26bad0be2b3e4afde13e97d9a1ebcbdb3b1f4184218d1a57

SHA512
ca43450e853b3c74808ad199abe329ac2a2d7ae2e84c17fb467374c22ec9620fb102c75889e279e2d28f0ebd14d8bafafe700241ba4141fd64b4801802a3d474

Download Submit
C:\Users\Admin\Downloads\mam.dmg

Filesize
931KB

MD5
ee7926dda58f07906747bc936724aea7

SHA1
5133bbb7df2e07443d7c6521e878366ae115e28c

SHA256
fb617ba0ec74d3e258caa81f90160cad38b6127108adcd1a1ea08d1c95a2d1e6

SHA512
4ce28ba95b0de21f3baedb66a63b44bdfc540350855752d94c84ccb63f138035b0352725c9c744aa64d19dcdbf794afe69712b7ca49e67476378a60829aecd7c

Download Submit
C:\Users\Admin\Downloads\msvcp80.dll

Filesize
536KB

MD5
272a9e637adcaf30b34ea184f4852836

SHA1
6de8a52a565f813f8ac7362e0c8ba334b680f8f8

SHA256
35b15b78c31111db4fa11d9c9cad3a6f22c92daa5e6f069dc455e72073266cc4

SHA512
f1f04a84d25a74bb1cf6285ef705f092a08e93d39df569f6badc45b8722d496bbbef02b4e19f76a0332e3842945506c2c12ad61fe34f339bb91f49b8d112cd52

Download Submit
C:\Users\Admin\Downloads\msvcr80.dll

Filesize
612KB

MD5
43143abb001d4211fab627c136124a44

SHA1
edb99760ae04bfe68aaacf34eb0287a3c10ec885

SHA256
cb8928ff2faf2921b1eddc267dce1bb64e6fee4d15b68cd32588e0f3be116b03

SHA512
ced96ca5d1e2573dbf21875cf98a8fcb86b5bcdca4c041680a9cb87374378e04835f02ab569d5243608c68feb2e9b30ffe39feb598f5081261a57d1ce97556a6

Download Submit
C:\Users\Admin\Downloads\wellbeloved.dbf

Filesize
25KB

MD5
6151d95a66c763f2ae00c6e8928a4826

SHA1
858f4c3e3f848c4832b8776b1166170623404982

SHA256
fa216c845e5dd3d89bf6cd128f617ea7a51d092ac5ca1bc26c964b83fcf06592

SHA512
fbf1cb4cca5fb534ea3a64bb261cd729f211dc7b16ccc67c5804d41634be56e159f48885d2f9ca227641e921e6e8e71b643e631e6a5e80f7dddde8ddac40f66c

Download Submit
C:\Users\Admin\Downloads\♦•Rèady•Fîlè•PassW0rd•Is•♦101515•.7z

Filesize
8.0MB

MD5
753a97b227c8b79933b6cc8a0fd33e44

SHA1
54c63f334264edd6fc68bb861c196ad47952d58d

SHA256
3aefc1a92cf07f3ed307ebe21ff45ff2a4833c636b7bb62e45ff016f29d0960c

SHA512
a11167e136b08007b5647b5ee9467ea673e40d281cc71c83229e838068c193a26d3b940839b9d5f29d66353705144e9e5791d1d73b65dc412057f8a35e092972

Download Submit
C:\Users\Admin\Downloads\♦•Rèady•Fîlè•PassW0rd•Is•♦101515•.zip

Filesize
8.0MB

MD5
f2dd33de24f4e98dda3bb3da6991199a

SHA1
de79c4d92d9b54b5fc8bb3e32235844412a9a237

SHA256
7e3b5496e7e4feb113d2e4979492a1f5899891f786a0cd4e04ecac6fcc5347cd

SHA512
228e8ba236d4e49828ffaa7b93d79d35239bb483ebbc325275aa33ffc998fca53e12924641f3c616c61ed98edb4543750cc2e90921bc19b8b2460862fe9c5b2f

Download Submit
memory/8-1632-0x00007FFE0E830000-0x00007FFE0EA25000-memory.dmp

Filesize
2.0MB

Download
memory/8-1631-0x0000000074E00000-0x0000000074F7B000-memory.dmp

Filesize
1.5MB

Download
memory/8-1628-0x0000000002110000-0x00000000021AE000-memory.dmp

Filesize
632KB

Download
memory/8-1644-0x0000000074E00000-0x0000000074F7B000-memory.dmp

Filesize
1.5MB

Download
memory/8-1630-0x00000000021B0000-0x00000000023ED000-memory.dmp

Filesize
2.2MB

Download
memory/380-1689-0x00000000001A0000-0x000000000021E000-memory.dmp

Filesize
504KB

Download
memory/380-1690-0x00000000004B0000-0x00000000004BE000-memory.dmp

Filesize
56KB

Download
memory/380-1669-0x00007FFE0E830000-0x00007FFE0EA25000-memory.dmp

Filesize
2.0MB

Download
memory/3568-1620-0x00007FFE0E830000-0x00007FFE0EA25000-memory.dmp

Filesize
2.0MB

Download
memory/3568-1643-0x0000000074E00000-0x0000000074F7B000-memory.dmp

Filesize
1.5MB

Download
memory/3624-1600-0x0000000002320000-0x000000000255D000-memory.dmp

Filesize
2.2MB

Download
memory/3624-1596-0x0000000002180000-0x000000000221E000-memory.dmp

Filesize
632KB

Download
memory/3624-1617-0x0000000074E00000-0x0000000074F7B000-memory.dmp

Filesize
1.5MB

Download
memory/3624-1603-0x0000000074E00000-0x0000000074F7B000-memory.dmp

Filesize
1.5MB

Download
memory/3624-1604-0x00007FFE0E830000-0x00007FFE0EA25000-memory.dmp

Filesize
2.0MB

Download
memory/4216-1664-0x00000000004B0000-0x00000000004BE000-memory.dmp

Filesize
56KB

Download
memory/4216-1663-0x0000000001000000-0x000000000107E000-memory.dmp

Filesize
504KB

Download
memory/4216-1651-0x00007FFE0E830000-0x00007FFE0EA25000-memory.dmp

Filesize
2.0MB

Download
memory/4216-1650-0x0000000001000000-0x000000000107E000-memory.dmp

Filesize
504KB

Download
memory/5268-1714-0x000002B27E0C0000-0x000002B27E0C1000-memory.dmp

Filesize
4KB

Download
memory/5268-1725-0x000002B27E0C0000-0x000002B27E0C1000-memory.dmp

Filesize
4KB

Download
memory/5268-1723-0x000002B27E0C0000-0x000002B27E0C1000-memory.dmp

Filesize
4KB

Download
memory/5268-1724-0x000002B27E0C0000-0x000002B27E0C1000-memory.dmp

Filesize
4KB

Download
memory/5268-1720-0x000002B27E0C0000-0x000002B27E0C1000-memory.dmp

Filesize
4KB

Download
memory/5268-1721-0x000002B27E0C0000-0x000002B27E0C1000-memory.dmp

Filesize
4KB

Download
memory/5268-1726-0x000002B27E0C0000-0x000002B27E0C1000-memory.dmp

Filesize
4KB

Download
memory/5268-1722-0x000002B27E0C0000-0x000002B27E0C1000-memory.dmp

Filesize
4KB

Download
memory/5268-1715-0x000002B27E0C0000-0x000002B27E0C1000-memory.dmp

Filesize
4KB

Download
memory/5268-1716-0x000002B27E0C0000-0x000002B27E0C1000-memory.dmp

Filesize
4KB

Download
memory/5276-1649-0x00007FFE0E830000-0x00007FFE0EA25000-memory.dmp

Filesize
2.0MB

Download
memory/5688-1699-0x00007FFDEE720000-0x00007FFDEE8F3000-memory.dmp

Filesize
1.8MB

Download
memory/5688-1692-0x0000000180000000-0x0000000181CB2000-memory.dmp

Filesize
28.7MB

Download