Overview
overview
7Static
static
3luminati-p...up.exe
windows7-x64
4luminati-p...up.exe
windows10-2004-x64
6$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3LICENSES.c...m.html
windows7-x64
3LICENSES.c...m.html
windows10-2004-x64
4Proxy Manager.exe
windows10-2004-x64
6d3dcompiler_47.dll
windows10-2004-x64
3ffmpeg.dll
windows10-2004-x64
3libEGL.dll
windows10-2004-x64
3libGLESv2.dll
windows10-2004-x64
3resources/...-CN.js
windows7-x64
3resources/...-CN.js
windows10-2004-x64
3resources/...gen.sh
ubuntu-18.04-amd64
3resources/...gen.sh
debian-9-armhf
3resources/...gen.sh
debian-9-mips
resources/...gen.sh
debian-9-mipsel
3resources/...dex.js
ubuntu-18.04-amd64
6resources/...dex.js
debian-9-armhf
6resources/...dex.js
debian-9-mips
3resources/...dex.js
debian-9-mipsel
3resources/...ade.sh
ubuntu-18.04-amd64
4resources/...ade.sh
debian-9-armhf
4resources/...ade.sh
debian-9-mips
1resources/...ade.sh
debian-9-mipsel
3resources/...all.sh
ubuntu-18.04-amd64
7resources/...all.sh
debian-9-armhf
7resources/...all.sh
debian-9-mips
7Analysis
-
max time kernel
150s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
28/03/2025, 12:35
Static task
static1
Behavioral task
behavioral1
Sample
luminati-proxy-manager-v1.519.10-setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
luminati-proxy-manager-v1.519.10-setup.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral9
Sample
LICENSES.chromium.html
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
LICENSES.chromium.html
Resource
win10v2004-20250314-en
Behavioral task
behavioral11
Sample
Proxy Manager.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral12
Sample
d3dcompiler_47.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral13
Sample
ffmpeg.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral14
Sample
libEGL.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral15
Sample
libGLESv2.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral16
Sample
resources/app/README-zh-CN.js
Resource
win7-20241010-en
Behavioral task
behavioral17
Sample
resources/app/README-zh-CN.js
Resource
win10v2004-20250314-en
Behavioral task
behavioral18
Sample
resources/app/bin/cert_gen.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral19
Sample
resources/app/bin/cert_gen.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral20
Sample
resources/app/bin/cert_gen.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral21
Sample
resources/app/bin/cert_gen.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral22
Sample
resources/app/bin/index.js
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral23
Sample
resources/app/bin/index.js
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral24
Sample
resources/app/bin/index.js
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral25
Sample
resources/app/bin/index.js
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral26
Sample
resources/app/bin/lpm_downgrade.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral27
Sample
resources/app/bin/lpm_downgrade.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral28
Sample
resources/app/bin/lpm_downgrade.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral29
Sample
resources/app/bin/lpm_downgrade.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral30
Sample
resources/app/bin/lpm_install.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral31
Sample
resources/app/bin/lpm_install.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral32
Sample
resources/app/bin/lpm_install.sh
Resource
debian9-mipsbe-20240611-en
General
-
Target
Proxy Manager.exe
-
Size
152.4MB
-
MD5
79c381e5c588aaecc5a27376d2d793c5
-
SHA1
35a507343bbf844b396040b582e2043a32c940f3
-
SHA256
e27c19cf29a0137d87a197816f911b860d9bf4b619d5a3d94933f748a0a215b8
-
SHA512
b3bd0aa138c030dc0a23a5f7bac96801564ce39feb95b0902270c58bb0ef255d098f61524481b033e2a08ecc8d568d4bf14fdf79a1ac76eecce51daf44bd3384
-
SSDEEP
3145728:5AlI0l58YCVP1sItzMSliLdO2tIY4fHKDxJUA0IzYNBl3:cslNliLdO2tIY4fHKDxJUV+YNBR
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 73 raw.githubusercontent.com 75 raw.githubusercontent.com -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation Proxy Manager.exe -
Enumerates processes with tasklist 1 TTPs 1 IoCs
pid Process 3108 tasklist.exe -
Drops file in Program Files directory 12 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_278077751\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_278077751\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_1807188301\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_1807188301\protocols.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_952204283\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_952204283\nav_config.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_952204283\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_1807188301\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_483707409\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_483707409\office_endpoints_list.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_483707409\smart_switch_list.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4524_483707409\manifest.fingerprint msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Proxy Manager.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Proxy Manager.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Proxy Manager.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Proxy Manager.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tasklist.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fastlist.exe -
Checks processor information in registry 2 TTPs 9 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz Proxy Manager.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString Proxy Manager.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Proxy Manager.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Proxy Manager.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Proxy Manager.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 Proxy Manager.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Proxy Manager.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876391925805288" msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{0FDD5A6C-526A-4118-BF08-692598F05278} msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4672 fastlist.exe 4672 fastlist.exe 5176 Proxy Manager.exe 5176 Proxy Manager.exe 5460 msedge.exe 5460 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeDebugPrivilege 3108 tasklist.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe Token: SeCreatePagefilePrivilege 2848 Proxy Manager.exe Token: SeShutdownPrivilege 2848 Proxy Manager.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4524 msedge.exe 4524 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 1268 2848 Proxy Manager.exe 92 PID 2848 wrote to memory of 3108 2848 Proxy Manager.exe 93 PID 2848 wrote to memory of 3108 2848 Proxy Manager.exe 93 PID 2848 wrote to memory of 3108 2848 Proxy Manager.exe 93 PID 2848 wrote to memory of 2924 2848 Proxy Manager.exe 94 PID 2848 wrote to memory of 2924 2848 Proxy Manager.exe 94 PID 2848 wrote to memory of 2924 2848 Proxy Manager.exe 94 PID 2848 wrote to memory of 4672 2848 Proxy Manager.exe 96 PID 2848 wrote to memory of 4672 2848 Proxy Manager.exe 96 PID 2848 wrote to memory of 4672 2848 Proxy Manager.exe 96 PID 2848 wrote to memory of 1104 2848 Proxy Manager.exe 98 PID 2848 wrote to memory of 1104 2848 Proxy Manager.exe 98 PID 2848 wrote to memory of 1104 2848 Proxy Manager.exe 98 PID 1104 wrote to memory of 1564 1104 cmd.exe 100 PID 1104 wrote to memory of 1564 1104 cmd.exe 100 PID 1564 wrote to memory of 4524 1564 msedge.exe 102 PID 1564 wrote to memory of 4524 1564 msedge.exe 102 PID 4524 wrote to memory of 1116 4524 msedge.exe 103 PID 4524 wrote to memory of 1116 4524 msedge.exe 103 PID 4524 wrote to memory of 1152 4524 msedge.exe 104 PID 4524 wrote to memory of 1152 4524 msedge.exe 104 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105 PID 4524 wrote to memory of 4308 4524 msedge.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\@luminati-io/luminati-proxy" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1896,i,14409683847728937106,3712288227110545247,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1888 /prefetch:22⤵
- System Location Discovery: System Language Discovery
PID:1268
-
-
C:\Windows\SysWOW64\tasklist.exetasklist /nh /fo csv2⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3108
-
-
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\@luminati-io/luminati-proxy" --field-trial-handle=2124,i,14409683847728937106,3712288227110545247,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:32⤵
- System Location Discovery: System Language Discovery
PID:2924
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app\node_modules\ps-list\fastlist.exeC:\Users\Admin\AppData\Local\Temp\resources\app\node_modules\ps-list\fastlist.exe2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4672
-
-
C:\Windows\SysWOW64\cmd.execmd /s /c start "" /b "http://127.0.0.1:22999"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://127.0.0.1:22999/3⤵
- Suspicious use of WriteProcessMemory
PID:1564 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://127.0.0.1:22999/4⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4524 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ffbb454f208,0x7ffbb454f214,0x7ffbb454f2205⤵PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1752,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:35⤵PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2176,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:25⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2536,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=2764 /prefetch:85⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3348,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:15⤵PID:984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3588,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:15⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4248,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:15⤵PID:1796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4284,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:25⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3548,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:85⤵PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5332,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:85⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5352,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:85⤵PID:828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5372,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:85⤵PID:3604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5324,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:85⤵PID:5256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5324,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:85⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:85⤵PID:5476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:85⤵PID:5584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6040,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:85⤵PID:5792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6488,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:85⤵PID:5800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6520,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:85⤵PID:5864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6648,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:85⤵PID:5192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6808,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:85⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6684,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:85⤵PID:5388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=560 /prefetch:85⤵PID:5696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:85⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4920,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:85⤵PID:5716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1056,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:85⤵PID:2624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5696,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:85⤵PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4936,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3704 /prefetch:85⤵PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4984,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:85⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5484,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3724 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:5460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:85⤵PID:3748
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\@luminati-io/luminati-proxy" --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3112,i,14409683847728937106,3712288227110545247,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3096 /prefetch:82⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:4456
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
89B
MD57239b0e4a8e7762add2f48f6a76d51ef
SHA16d387fee0514151c0a256b9a4750678717759501
SHA25655ea7ee7b1d8d9370cf78df0ff89bc536e9e0b4f1246dc96f5ceb5551ea666b3
SHA512e21c48c39fb49b29459cad402d62bd5d9fcf3db873fb533f1a8efb08ef2db41724a419b23bda77b13845247a480bac52c8458c992967c4cf7bd3f2076d21e890
-
Filesize
41B
MD5d96024eb5433892e4ec68afedee60185
SHA1ae3854eb21d8f72ffa8c11bceed8578e19ce13ae
SHA25681c790b4140a9643726de5c7b3c9f86e5300379659d76956dd82171ea5988cc0
SHA5129d5cec1cba31005a5ef6826162299d9317d3882aa918096b4e03be4030a98b353485ddf3229b9e60e07beeab1ed59eeeecb4038de00ab4bb38d41e76d42ef7b5
-
Filesize
157B
MD5c537de9e7790f7d5c0a542b15c4c6613
SHA1815ff81315a825e0a085b80e987934b1d002effc
SHA256cae2c8a66b285a2e5035a6e4a55a7f9245e1f15887fdd60de33b6dc481b482ab
SHA51258c0edf597e30f47c728e85518df0e6cab39b200c31329fb2d3d9d62d8a5ddad0bc927696849be4cabd599250d165e6af8cf0fe205d1f64ba91c283f86153a62
-
Filesize
138B
MD5b83630eab8c097482ecbb319d0dacf84
SHA1b15405078ff4504c6bd364556d0389b59c609ea6
SHA25635d1896a04e45bf8f441ffcdf1874b6d8c10c5bb832b0c1bce8efbf68b8aa3ef
SHA512251d0fb6224b105f576f10bf15f13655ec420511706583e6e72414f484daa273187c71e54af2ff4002dc0b06e611373ef5935abd42c5cb9583266c6cd046e05d
-
Filesize
284B
MD509f08720f581e59b7fe8b9a42c55e372
SHA1d29b9638b35bc555ccdbedaef422339f1bd7a50d
SHA256cae1b56d08d9b75bc048038f8a2d50279b74fe4fffb4cd192017fd4e39b19223
SHA512e37a4ff042d623e9a3c4b176a513d81d20f07802f44abd5c3ef7074a68ed2c024ecc8bb29a4100d0c4213e71d192b8be1bef82b6d0431da1ad3f3b0761f03060
-
Filesize
178B
MD52ff6964abdb43f037c6074025f7fbaab
SHA12fbff18117f485dd1e730e06d5499874a720c90b
SHA256e771070f6fc7aa15dbf8e8e2df76fa8b295195e7e30ff22e24372f2f9c17148f
SHA512b6a439af88d441aedf7a55c5dce012d6a479eca82712dd0aff6586fa1ccc61d036bc39d00eb53f5dbf3703876051250ce23e61b95e10eb8d386b924e0d64c0b6
-
Filesize
30KB
MD58d89fa602051df7578a844ec31853570
SHA180161334f0f2334bd5dfc5e3b49d8f7cc1c3800c
SHA2567e41763fff0f13d2231f02fa0e33d9407498c2b4256a6ff30e659689e91b15b2
SHA512e7b228a182443a3b6b834bc08dac1dbbe024b86b29ac1ef0a93c9464d077ae6aac92993a4a28d3179c35d187f12cb258cee004e06934100db8948afe929b723d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json
Filesize3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD5fed4ab68611c6ce720965bcb5dfbf546
SHA1af33fc71721625645993be6fcba5c5852e210864
SHA256c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4
SHA512f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee
-
Filesize
280B
MD54013ebc7b496bf70ecf9f6824832d4ae
SHA1cfdcdac5d8c939976c11525cf5e79c6a491c272a
SHA256fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a
SHA51296822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5083f16cd1462c794024aa10073d649cb
SHA145fac747e3c36ffccabc64abc8cd532398d4a6d6
SHA256183a4c388a0b9f80483dae977fc8cede6483a55352ff3e93b9603e30ffd02de4
SHA5125a7ca38211b422f413ef7d2f2738724158ca172a68076e70d22946db863b55922f5b1d1b11b477f524627f3d654da5c3a95f8b85ea1d1e14c18845d5ebb161e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58ab10.TMP
Filesize3KB
MD52cab53dd6c64395e0dddcbdc96a17eae
SHA1081776bf5ba83b3e814d5e0318fa4c356612bcb3
SHA256732224b1018e06a9262912cb105d682d9232f4b015fa17e9115b08a496273a03
SHA512d78b9f73ca03f8a45807b877d32227117aadd9f88952b3a5f0e82b596f32e6d06b77fddb8e04981d78ab263b52ab509c7b8c910efed9661d6833c4edab76cf50
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
Filesize9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
2KB
MD5c0990db129907367a9ff885491776bf1
SHA187e7492898a131ad29f8ed62070c02d727281206
SHA2567443b91ce293979289b811afa3c989e999dae9edb90e68ba8cc95aba966eebf9
SHA512e7e05326ea17cea9d019aa269de84f50fec644872275335e60225ad147e7b1e84ce3a8c60ef13f4593b8897a94cba69aa0dafd58fd03b756de7e3635f5a7483f
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD52a69bf1853e38284cd05df03968b1fe3
SHA1c05bd091d592567f2594f607fe34d99381bb7bf2
SHA2561ca05141cbad95215ee45084df6a409172ad1ec69d64f006b8fbc52608fb08ef
SHA51230701ec95bc1cb67a3034b29b4ac71e66bb7cb4ea95c1d51df7227cc05e2e6aceb6c9d84b6245d82500b13bbf5e63938a59a68272771b44be4887138a1a6c29f
-
Filesize
14KB
MD59c27dd05e2ed13427b0b405a659ed454
SHA1ec5ce042675b343a7bb3a6109ad6c9d44757ff2f
SHA256a54858725a1437911a7aecb0cd89fd1dd3b6d3713cb9285fc13724527dab7195
SHA5129da8449d7967fc0309f91dfbf1f991cc3731c81c534312cb49707ff083fa948acd9821639d9f1bb1d1a9c6c3751dffbfdf89090a8dc5016f05c19a5ccc8c15c9
-
Filesize
36KB
MD5b3e126df7ef7fd84872fd02426143c90
SHA1fb65ab5fdfce02651c5a90253ce814ec0cf84a06
SHA256acfe60a9e3ab65b25478cbaf384cb6584ad8bf9570abe3bed104cee8da3cb0a4
SHA512a321f28eed113f6709089284dc754bd69db65d1bf128767cd2f6e56a7ded87749d195ba61d145db546ad11bd880eac5e4de99cfb1db7e68c37a597c07c990115
-
Filesize
4KB
MD50a5c4d6eb51512eb30c3908ccbf13e93
SHA1a05a13cd1197096db6ba64b0231901bbb83a0c2e
SHA2563b4bc17cbaecfe752aa238e524b5280099947f8ab62d4088f1554d7b70100d05
SHA51258c41ca659bd98fbaa66f4f5fd309849c14ddf64596c23440e660de0fe93ed26db06ec88a28a8fc07c25c1553d73c7fd59c6f4b2330df1ddd1ada4f85f91da53
-
Filesize
23KB
MD57ab3a37d35a67630ae48dde1475199af
SHA1d474ee4d6f826c04f1502a37b3977fd00e8e7cf1
SHA256b3193e3cca8b7150baee1367dcdbaa3ba0d13b058e620c2a2e38c6fa729ed05a
SHA512495abb0d801f35a15705d42ca1d86225bda7136c172ef9ae6b3f21b3fcd5eeafe8249cedd7174f9b90434746954bba14e77b88357264e8b5d137748b571ddde9
-
Filesize
880B
MD52e4c5664f00242c97229b2f87ad042d4
SHA1d86932d351cf6ce46a97539782e7bf0e08daa830
SHA256006fa9278343a1110c154ced1da8d64d6c1f3b7f3fcd5ea4b45f47691025e527
SHA5128864c48d718ebae5279bc115fddf1435d7c80c969e9e9df24b3c1f6d4df996a1bcaea66d81a11f42769836f7c1eec4c6d8c0c8949a17b62a99034930fc074f40
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe592b6b.TMP
Filesize469B
MD577a6e1db35bf01bab8b1e5dfe89934d4
SHA13e2b40d11aade53ed40da04bb413e09b9a44e72d
SHA2569e60d5c97797b302c067e5cc175273657776a93dce0c134fa606e8f46d83f2f0
SHA51210ccb844d7e503809a79368c3869c9a40baf961a1e54c4e0ba3d00458374a1a2f1b56f1e245570fe1cb17d1dd4393a6fd49dae3a0a3d7f64238cb86567e5b458
-
Filesize
22KB
MD556a63f182b2938fbe3e59fbf9681dc08
SHA1b76578ca24fb20b8bd5dafad4296e5a46735a5e1
SHA25636edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593
SHA512b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe592d21.TMP
Filesize3KB
MD5c7569efb2fa9fe93c0ea2f0896f54036
SHA1e231c700b778b624f6065b035e5803fdd8b4db4b
SHA2562422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f
SHA512c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json
Filesize3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
6KB
MD59bf87795c8b4c67e5f5cac69b049afc9
SHA1897509fdc9d51fdaf15055eaea802edbc4acddf5
SHA25624b6f89788d3ae2a0dbe3dbd571bc1faa776ef378142b88d65f15dbdde7386eb
SHA512259f94107cc76b8e0672bdbcd5c3e95654544909ba2d310a136d4d14d6ff82ace9cb850dfbf81466e833c8b01b44e8d36e26cdea29c1ad1d87bb47e1ac41b45a
-
Filesize
7KB
MD5ef6955fd111054266f75caab565a8cf1
SHA1aba89162e66e9598ca5a778215438320138b77b2
SHA25665596942d4e9feb32ccde4123ab44b2c2c360930a1b4c61ddb62d51bb2ee7e86
SHA5120af286df58dd9470761b1be7aa4b12f5b67d129426d928f36608b7e9c7e592d8d42e3bcef4fa1dc197fef05aa00ed601b0360a5b61ac135a785cb7d8acffd0f0
-
Filesize
39KB
MD5ab2cdf093eff336040fa1b2ab3939664
SHA1c9d6733bc2dc3e89eb1fc561c36528cffb0e0ebf
SHA2565a7170c05a275e0240beca6041ffe7d00372a389c7478d658d55ebc645bdf1e6
SHA5125f72971d6291bdaf23c2bb7469246e05d328172297db987c5699c55af9a555efd4904eab349a97e2bdcab13c9b60209b8ea62f90c98c4c5c9ac13c5f984b1e04
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json
Filesize2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD52871ce1ecdafb2ba5537c6fad99cf4cc
SHA1502605ff2c52c480cf662e8e96ad7abe7fb8d7bb
SHA256674bb35ee5ea94af2e695ac23aff3d65106da2e8c5bcc60c77c4e813c43e0fd8
SHA512cad152d3c8a0d327483df407c6d25248efde72f60e3c8d21b35d9e5c98337a63f5dd0b38952ebe88c5d968635046d210ce6bc64daddae41ba7b8249840f31f42
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
48B
MD5510ecc6fc370fa56bd3e4a3335971e63
SHA1f4dc445e18dc10d3729e6efdcd91b8d666913ea6
SHA256ce22e9d12ca1120e49a34448e0e72aab8f2d57e31bddda651238ee0dcfd82a63
SHA512835f0b53537cb4e135ccee33656b3ba9a8e752244d432d930ddc448628095908ef2130f929ea955f43625333708fafe0258399928b0ce4df438086495fcb7505
-
Filesize
57B
MD558127c59cb9e1da127904c341d15372b
SHA162445484661d8036ce9788baeaba31d204e9a5fc
SHA256be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA5128d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a
-
Filesize
41B
MD5a59e572c3f27ddfff18225a10e886cd0
SHA17be1742620090424515d34a9a8bf2e2b5f2ddc68
SHA256b583e3a395f6bc29019a01994cadf43da0c25a617d7817b9d25d4c0a564ae861
SHA5128fa19e144489232b77510f0999ddbcca5601cb43f81780eab6de3d856f86ff198c47b47c90364055c776fc2829776874ae65d9def19205d600d9777f572220e4
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84