lumma | hxxps://www[.]mediafire[.]com/folder/nwx2eunpfvo9o/Setup

Analysis

max time kernel
170s
max time network
173s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
31/12/2024, 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/nwx2eunpfvo9o/Setup

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1320 set thread context of 580	1320	Meta.exe	135

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Meta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Meta.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2499603254-3415597248-1508446358-1000\{49A75CA3-E298-43BE-91B8-A2B7DCC05933}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Meta.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
5232	msedge.exe
5232	msedge.exe
3496	msedge.exe
3496	msedge.exe
2928	identity_helper.exe
2928	identity_helper.exe
4728	msedge.exe
4728	msedge.exe
2580	msedge.exe
2580	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4260	7zG.exe
Token: 35	4260	7zG.exe
Token: SeSecurityPrivilege	4260	7zG.exe
Token: SeSecurityPrivilege	4260	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5232 wrote to memory of 5348	5232	msedge.exe	77
PID 5232 wrote to memory of 5348	5232	msedge.exe	77
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 2536	5232	msedge.exe	78
PID 5232 wrote to memory of 1888	5232	msedge.exe	79
PID 5232 wrote to memory of 1888	5232	msedge.exe	79
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80
PID 5232 wrote to memory of 1676	5232	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/folder/nwx2eunpfvo9o/Setup
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9eb293cb8,0x7ff9eb293cc8,0x7ff9eb293cd8
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8644 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8008 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1181789750507554089,9788402293447228198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1164

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2068

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Meta\" -ad -an -ai#7zMap3060:66:7zEvent23911
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4260

C:\Users\Admin\AppData\Local\Temp\Temp1_Meta.zip\Meta.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Meta.zip\Meta.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1320
- C:\Users\Admin\AppData\Local\Temp\Temp1_Meta.zip\Meta.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_Meta.zip\Meta.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
74KB

MD5
f052045a3f244ec7a8d07e42e01e6da9

SHA1
615982311f53a7a20946c0b4ddeb59f6c6835b1e

SHA256
6b94ee2630302aae04e49f505fa3240ae483132e0ca0d599d227a3e61d106b59

SHA512
73e844b38e3f7347c871c09d95ddb24b0f17b5a0228d00fff45ec57ec0960fae6c8518f851afc19a59ea5a81c35f08b642f5806322670ac1184992f94bea4140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
d14de71ccf72088268de7a2f0d6afe4d

SHA1
864e76e433e85e9b88d0eb554b9187101c23ac8f

SHA256
5428ca1a1fef37114042ea843cc4248e80a53a1332875abf944f3ece7a15c2da

SHA512
e7275eeda70153d77446ceaaf62adf9bad3e60c7759fcf0675819d7eddccedba484795c13a10870d3bcc4b756fe7b55b8922d76326110abbfbd1af03e879ac2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
0bd7108ac09ea7bd1933f77ce48df228

SHA1
943d18b01f9859496e84be046faa852916a96c70

SHA256
b30a46c4aa84896cc22604ad7523ece32ff3e1bb2401864c0c38434c05b8f5b6

SHA512
9590731181102acf5e83067d947c45a7beb2f24432d89f782f4567a79d1f29753edf7bfb847c60b15510b813e43ebcdfa8e82e54320f03f29e03a70f3a2ad332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f38b7ba4c57da86594fa8c97bd3bdfe4

SHA1
ac16c3b01ecc12072abad8b433e9be21cad3b056

SHA256
abb3ada425d82406aa2b34d7eb6f4ff6c4a4a8889344e319253adfa943fc9c43

SHA512
4ce158b63bdf9d4cf11850eec1fad897e4dfa5dae3bc5547b1ec323a320eb5445e6686cb3245056512361c0e04811411a4f43987b6021863111e497d5a7d917a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3673c6c22f815f777646f4fdf69b2f6c

SHA1
2b5351428b1ee58fe86b3ac8001119a817b1b220

SHA256
e001c22645f3d40778c2e46c6d7b9097f20d069459fa47c1ba460699b5571a00

SHA512
e4b708d0b3ba0eab0df5fe02dbfcd23e309cdb023a624b3a5cf892151a812d5beeeef37f283c13cd4081e0d34462010cc3a2de84aacfd6882d7588cf92b30a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
b62bbf73380a02a87eaf219c21956f77

SHA1
8cfcd8fbf6c7823bd91ab496809e4261abcac5c1

SHA256
219a5a30c051b65c58f299706e6c760e44d6dbb60dd2841491edd1fb2b1cfacf

SHA512
94c11fc832cca0f3914257e76ff730063b4cc73b8f30ed9c5851cc23678baa6254f88d048a543216d7c676be4cc08fe6d87aa868ac76fa9c2829aac71905de76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
4a3ba9f0e9c293e52ad52260fd0dea90

SHA1
dfad869361699a44c2a5a858bd55783e3703d38d

SHA256
7fb6b79d8c606de2fde787f05dda2c8e31cf80e626ade44241996cbcb0a2db16

SHA512
731762c7c619e243be7966c5d3bd2a7d0f487b217843fdafbc80390e41bf723e386392c4aa173a39197252099e302bae1fe354e3f42b4f2cf88aa178413d99bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
392526e90ee8d5be448d7491ddfedd10

SHA1
65819e9c7cd78fe4488912487dfe5506685abcce

SHA256
6284b83ccfd7cdbc1171a8da76c4c28493799e89b86172e9eb2e31a7a4032467

SHA512
c6c36b3935391f893ba0f409b370c4e2e8f387d7429c1cb03f4728bb3e7119363f12e0a33c1ee4420f9ae626c25aa84c434415deecfef5537180ee615545a65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da5dc1b561c6a2fa5668d6faf981c855

SHA1
3fb390435f4cf22be7252d07b644e4c8eac6abf3

SHA256
ef744a02bfac837549ef0dfbddaa99c05e29578b11eb6710a7574ce6e8ef8ada

SHA512
d69f224c41c7ac80ab7b8240468142bf4022eb2cde93af7d71479756dde1a1082502695902f6c4d782bc58db21d3d6e1bc25fac8a51acaf50ea9942b86e627c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f43c3933743707c2dcbd24908ecd9304

SHA1
2faadfa7d8c2f3a5ce9f885248e50f6f0e6b9ee8

SHA256
48ca4188cab5f8258592d3dc493532633b3fb2afc5e6fdb00e47dfb763a1893d

SHA512
93bbe9067d8a5342b6984f6b8dc4dcbd053032c6566c4dfa45cb6c30510318f40c9761015e59344d2370396435760480d4ffaa6cb051c5f5942a33495014675b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
591d789c6db816a6b8e0ad4ee3dfa6a7

SHA1
56d7b38ed105f6de48c459c398d99a3ea1ede615

SHA256
6b7b73d522d71abe9d9d8e6200d83946c668d9167e647dbd1cef990126f38a59

SHA512
bc7aacf53553e36b5808bd9c074a26085c8434ddc983181d123c69ddaedba843f9464d314c778658f2c08504d64421b2b1e57dbca1af5ef33524401f98e5df90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2a08912edeb9d2241eb5334e5e292f8c

SHA1
f2bb0bcf89011df646409ce8e0107a6b29e8707d

SHA256
ea201564e0ea22ea2e866184e38da25597249015126e2a47d863d2c81c24024e

SHA512
01f984ea9ebc17cdc979bacf2c1f02c57a2256fff433944b89a9aea4364f9b7e3aaa426a3529b7c4ee370cdc7be369485b7e2b9fe43546e3abf4b145ef4f585e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
957f3e96866380fb0811c1fcce51d551

SHA1
cf45be5cfe4b7b018b66b85d3eb4b91b3a5ec6e8

SHA256
aa9ae3346cf3dba27508f4c9a0c61df5e10652ae33dcd8883823b0789243b784

SHA512
cf288ba95da1e68c54c1db07f2bae2a407105b3e3dc05b590adaaa44721372d0368b2fbedebf024673d6a7874b624dfa0a62499354a53624dfcd444ccb3717ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3c9ffede4bd8838c4b3dbecfb18eacf1

SHA1
c03e6b4b819d4efe773678d4789d81dda0ad9d48

SHA256
6ab1192d58934f3ca120f05d281964dca72cd7ba88fcef2c54c1ffa593ebce09

SHA512
778e43e7b3b440ebe3a3f9d082f10c018f23ec058e0ccc5cb7c8d60f9fdc73da85da93047f248761c627477b960531a210d8d82491363954138830c276158869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2db7fb1c96c152ebdd2b87922f34b973

SHA1
7034197c88206b52d2467287805522fd4f2613c7

SHA256
9f380bd2758f8c4c590959ae3cbb001579c2eefdfb454a7200587a33f7ce93d2

SHA512
7e5b13e75c74a5c513072ed97cd50128dd98c3694e19da40b40f704f09986deedf016297dce19763cdbf8bc94425c7e3d727c761cf272010ac92bbdc8b23741a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f39683da1a7f4f20185e7d081e36e822

SHA1
93203fff01bda3ca08ea4b1580c455eaacccc4c4

SHA256
c6a3296b957701f77f5db75c63571ed56efbb06f63db630d37942d18a0ea9770

SHA512
d76d133220725f35393713166c4cdc4b6a576996f6223241e57c341d1d6fb8fc2f778955e5eacbda0e5b598ed1f021c6bdc08141facdc36591007935c34fa78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da14.TMP

Filesize
1KB

MD5
72d8f0c7b33b3701b711730866e80c3b

SHA1
993e930564f5fd9cfe99c2487c9a5c8b53690754

SHA256
163de4c6778a39e2fa68ada20eda20445cf90f75c9dcd704d17461fc6ccd34bb

SHA512
7372961c9e786e53dd500d4619ad5d92fa2f363d42e3964513a3172edca250dc571f6f460946cd35a4f1cdc39d6ac86d88cf6fbe9b6c45423bf0bfdc7d99c5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e14e9c73176ced1e362d1c1297edae29

SHA1
05f94a34139cd7c0d05051a67117d3cde68e654b

SHA256
27b27b65e5fbd0be7543a3d47a08043fcbd9088cf3f307ddcdb5379709b9e094

SHA512
48382a09b1d6044b99d8fb37b46e28289e6df90d36ca6f56af236f10b9dd01c81f23f0b3d2df1eb218def01587a05c1b3e8cec76e2aa9ecce3954b107450f5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fc548bc631184f00643ca2195561a2e2

SHA1
17bb96ff876e876b85d80b5ed22cf9a88fe97b4a

SHA256
62ec425f4448b45a9dec7ddea71535e07e555974407f6fe88aa5efde5f17a2ee

SHA512
d6bdd755316874e5a77a31dcfc7ee6813bc92d00e88d5952bd1ae4f783381f6ed702342a96320bda62bbe89fe87ee5f7d217d9a986660a079f1c3c28ee7e375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1bdf87613ae4ee932cd582077128d65b

SHA1
b4045ca3038458c6b3a1c48558b0f48e5e8f1406

SHA256
321b806f8baba2250987889fe6c59d2d4c7c2ab466becbd20d4aa6ca1e86cc28

SHA512
1134a86f39fc0b1e3ab35f5c6c714ad034121e7c7cf29ff67c1a61c30e86d556f526a76d0977f7ea906ac254d8097ab3eda5b3d882d64e17ed2b6fcc42586d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ceebb50b-919f-4ea0-b2ee-fa6d7ab3550b.tmp

Filesize
11KB

MD5
8a2d3dc5e17b8dacae60fef6a0f1a524

SHA1
d793cebb5cce34ead8b63a2aeff87901bea295e5

SHA256
29bf8ceedad4954be54c7870676c8c9f3a0cd135afa8218a079d760b73c72286

SHA512
3c0dfc70ec6d5333bc62eba940992a2f80cb09d36da40a62829a7347bc115027359e46c1af5f5c41c6de98d67a146558668b0eb39ff9d01b632026e37231ba35

Download Submit
C:\Users\Admin\Downloads\Meta.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/580-1021-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/580-1022-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download